taler
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Taler] Synchronization and backup


From: O.stl
Subject: Re: [Taler] Synchronization and backup
Date: Tue, 20 Feb 2018 12:22:51 -0500

Hi guys, 

So I will try to go the proposals you are submitting from the perspective of a team who are implementing the exchange, and we have to fulfill few requirements for our users.

We see taler as a digital money solution, thus is aimed to replace the hard cash that people carry in their wallets. The average user is neither a power-user and is certainly not running a tor relay nor will ever do. We conceive our solution so anyone can pay and receive payments seamlessly as if he was paying with cash, and this means that these users will click on the smallest number of buttons possible. They will assume that they use a wallet that requires the least amount of maintenance and as equally serecure as their wallet (or bank account).

I agree with Florian in the sense that usability has to be considered as a priority. Digital cash is targeting people who do not have (or little) access to banks, and/or who want to replace cash with something equally easy to use and secure, being anything between 7 to 77 years old. 

There is no need to add security debt when improving UX. If you are competing with hard cash, you are competing with the security and utility of a seamless technology that does not require extra security measures to be usable. I am emphasizing this point because cash is simple, and a similar technology must be as simple as cash. From a technical perspective, it would be much simpler to secure a simple system, than a complex one with a many attack vectors, and I guess it is common sense.

> This is where we fundamentally disagree. Sync is user-friendly and useful in plenty of other products. Let's hear other people's opinions and ask what non-technical people > would expect.

It is useful for syncing docs or messages, but hardly cash.

If you are spending money from your hard wallet you do not need to sync your transaction with the bank, nor with any other other external service. It only exists in your hard wallet. The value is intrinsic to the coin spent and is unique to it. Unless you want to add more attack vectors and copy the usability of dropbox (why?), IMHO I do not see the need to operate a sync between several devices and accounts. 

I would rather suggest to limit the number of devices synced. Digital money is by definition portable money, thus people would probable rely on their mobile wallets to do the spending thing. It would be enough to determine a single device or account that can actually confirm all transactions, other devices being secondary and not detrimental to the transactions, but rather "observing" accounts. Thus even if you spend from your *another* device you would need a confirmation from your **principal** device (probably with a master key).

If your coins are held by a bank that you trust, the sync will be much easier of course, but let's picture a way where people are responsible for their private keys.

For the backup, like for backing up your hard cash wallet, you would need to do it in a simple manner (thus once is a secure place like a vault or under a pillow), or rely on a third party to do it for you because it is their job. Even in the bitcoin community it is also an issue, as there will be a need for custody services which would guarantee to users that their money is backed up and secure on their infrastructure, like you would give your gold money to the bank assuming they will keep it safer than what you would do by yourself.

If we add more ways to get hacked, someone will exploit these many ways. If we replicate the way that people use their hard cash wallet, i.e. keep your wallet safe from pickpockets, there will be less barriers to entry as adoption would have a near-zero marginal utility. Normal users to whom this software is destined know that they better keep their cash safe, and know already how to to not lose it. 

It is cool to be able to sync wallets like Signal syncs with the desktop, but there is no need to do that for money. You would probably want to sync your contacts (receivers and senders) if you want to use your desktop to do transactions instead of your phone, but you would still need your phone for confirmation. Your main wallet would have to be your phone (or any device if you can choose) but a single device is better in my opinion, like your hard cash is contained only in your wallet (or bank account if the key is hosted by your third party custody provider). 

I hope this humble opinion is of any help.  



Sent from ProtonMail, Swiss-based encrypted email.


-------- Original Message --------
On 16 February 2018 3:15 PM, Florian Dold <address@hidden> wrote:

On Feb 16, 2018 06:11, "Jeff Burdges" <address@hidden> wrote:
On Fri, 2018-02-16 at 04:58 +0100, Florian Dold wrote:
> Are you saying we should not include a multi-device synchronization
> functionality at all?

Yes, there are way too many nasty failure modes without any clear unique
benefits realized by normal users.  Afaik sync cannot be made user
friendly.


This is where we fundamentally disagree. Sync is user-friendly and useful in plenty of other products. Let's hear other people's opinions and ask what non-technical people would expect.

My prediction is, if we implement only backups and no proper multi-device sync, somebody else will do it on top of our wallets, there will be two incompatible backup/sync systems and it will suck.

Right now we have the opportunity to design backup/sync right from the start, and we should take it.

- Florian



reply via email to

[Prev in Thread] Current Thread [Next in Thread]