Re: [Taler] How about a Non-anonymous Taler?

[Jeff Burdges]

Taler has receipts so users can prove their purchases when it benefits them to 
do so.

> On 31 Jan 2021, at 14:17, MS <ms@taler.net> wrote:
> Even if you *ask* the customer which way they would take
> upon withdrawing coins (?):
> 
> 1) Would you pay less fees but give your data away?
> 2) Would you pay more/traditional fees but keep privacy?

It’s obvious users cannot answer this question sensibly, so software must never 
ask this question.  

As a rule, user cannot afford the cost of doing their own threat modeling: Do 
you ever look at porn including gay components?  Do you ever change plains in 
Dubai?  What are the risks this combination gets you killed?  Who can think 
through all possible such questions?  Instead, we need designers and developers 
to provide the strongest security and privacy assurances whey can reasonably 
manage, with exceptions only when really required to serve the users.  As an 
example of an exception, Tor node operators are generally not soo private 
because the Tor project must watch the relay pool to guesstimate if anyone is 
running deanonymization attacks, so although tor has a config option to be a 
relay node operator the semantics of this option do fit with providing their 
security and privacy assurances. 

It’s also obvious that user A giving away her data harms user B.  We expect 
this harm exceeds the value of user A’s data because so many user Bs exist.


I’ll give you a different example, the W3C DID and Verifiable Claims WG have 
been developing a certificate scheme, which enables users to prove they have a 
degree, have a job, etc.  Should users ever be allowed to prove their 
employment or degree status so easily?  No, the W3C’s work is obviously 
unethical:  

We know employers prefer hiring employees who already have a job elsewhere, and 
some prefer hiring from specific universities, so it’ll simplify life for user 
A when applying for a job if she can prove she already has a job, and has a 
degree from say a university, so many employers would simply restrict their 
application procedures to easily provable clearly strong criteria.  It’s 
obvious this creates negative social outcomes due to discrimination against 
good people who take a year off from work to travel the world, work on their 
own project, or self taught people.

There was a recent example where a U.S. employer only really liked degrees from 
Oxford, Cambridge, or Bucharest:  
https://twitter.com/jeffburdges/status/1355775414392729607  I’d consider ENS 
and X to be far better schools than Oxford or Cambridge, but the employer never 
considered them.  And good luck explaining what a fachschule is to a 
certificate verification algorithm that looks for specific universities.

Best,
Jeff