I read about Taler a few years back, and I'm excited to see that it is still under development.
In my opinion, for those of us who aren't anti-government, Taler represents an ethical future of digital spending:
It is interoperable, so unlike our current Visa situation, the free market should be able to bid down payment fees to a fair rate. It's insane to me that Visa and Mastercard have basically positioned themselves as exclusive middlemen on the vast majority of digital transactions, in an age when so much commerce necessarily is digital.
It offers privacy that Visa / PayPal / etc cannot.
It makes income traceable in a way that bitcoin does not, to facilitate lawful taxation.
It is inherently scalable in a way that bitcoin arguably is not (bitcoin has offchain scaling mechanisms, sure, but if you're being honest it's a stretch)
It's not introducing a new currency or coin that will be endlessly speculated on, unlike most every crypto solution out there (even stablecoins rely on eth or others for transaction fees)
Taler proposes an extraordinarily unethical panopticon, where unaccountable entities (both commercial and governmental) without any due process can surveil every transaction you make.
Engage in the "wrong" kind of commerce and after the political winds change-- maybe you get rounded up and executed. Regardless of your political alignment, one can't really look at the governance of many nations and say with confidence that you can trust that they won't change in a way which profoundly disrespects your human rights.
Taler misleads people into thinking that its private by claiming that only merchants are surveilled. But every time you pay you both were previously a recipient and you are paying to someone else who relieves. Monitoring reception is equivalent to monitoring everyone, and taler's surveillance is realtime and always active.
> It makes income traceable in a way that bitcoin does not, to facilitate lawful taxation.
Taxation is based on self-reporting, whistle-blowing, and serious criminal penalties for evasion, not on invasive realtime state surveillance into the private transactions of individuals.
Facilitating "lawful taxation" by pervasive surveillance of everyone who receives a payment is like preventing sexual assault by requiring a camera in every bedroom streaming in realtime back to government.
> Taler proposes an extraordinarily unethical panopticon, where unaccountable entities (both commercial and governmental) without any due process can surveil every transaction you make.
No, actually, you are describing the current state of affairs with mainstream online payment systems like PayPal and Venmo
Taler uses blind signatures which means that your exchange has no knowledge of where you are spending your tokens. In essence, when you make a payment the merchant knows you have an IOU to the exchange, the exchange knows it's a valid IOU, but since it was issued with a blind signature the exchange is not aware that it's an IOU that was issued to you. This gives you privacy that parallels the use of real world cash.
Chaumian digital cash is fine, but that isn't what taler actually implements.
Instead, it requires the recipient to identify themselves and the amounts for every payments. This is a continuous realtime surveillance which does not exist for cash.
Used perfectly it might be potentially more private than paypal, but no one is under any illusion that paypal is particularly private.
On a scale of ethical behavior providing strong privacy is superior to providing limited privacy but both are vastly superior to falsely claiming something has strong privacy when it is limited.
Taler takes matters a step further a falsely claim that its continuous realtime mass surveillance is required to facilitate lawful taxation. This claim is false-- an outright lie in fact. Not only is it technically not required, it's not legally required either and taxation has existed for countless generations when this kind of electronic surveillance was unimaginable.
> falsely claiming something has strong privacy when it is limited
Taler provides strong privacy for buyers, not for merchants. It's important to note that Taler is not a peer-to-peer system for transferring money (there are claims for interest in implementing such a system in the future, but it does not exist), so the receiver is always a merchant
Personally I don't mind that businesses are surveilled when I purchase at them, because businesses are not people and do not have the right to avoid surveillance. I would be very concerned if such surveillance could extend to me, but as discussed Taler provides buyers privacy and blindly signed tokens cannot be traced to me.
At the end of the day, balance sheets always balance, every transaction has two sides, and privacy for only one side of every transaction is impossible.
In that case, please enlighten me how to pierce the veil. For the sake of argument, you can play the role of an exchange arbiter - you have full visibility into every transaction.
On a given day you're signing a few billion in IOUs into existence from users, while paying out a few billion in IOUs from merchants. Since you are providing blind signatures, you essentially have two ledgers: one is transactions of the form (user, token_value, signed_at) and a second is transactions of the form (merchant, token_value, redeemed_at).
How do you suggest the exchange matches user to merchant from this data?
Token value perhaps, under very low volume (think single digit users). But imagine millions or billions of dollars a day in transaction volume, looking at a $5 payment at a cafe and then trying to figure out which of the people whose been assigned a $5 token to in the past month might have shopped there - it would be absolutely futile.
Taler wallets just sit there until you use them, much like cash. Realistically, there would be too many degrees of freedom to create a matching from merchant to user, even if we additionally assumed a ton of metadata about user/merchant location and such.
Yes it is. You just write down "got 5 bucks from customer" and submit it to the tax office. Now one side is anonymous (customers) and the other not (merchant)
If you go to your ATM and get 5 bucks, and then go to the cafe to pay a coffee with it and it's registered in their system, this is the exact same scenario, you realize that?
Well, If all you have is “A spent $5” and “B received $5” you are still missing a lot of info to identify that A and B are part of the same transaction (there are thousands of $5 trades every day)
But that's not even how Taler works: you withdraw an arbitrary amount of Taler (say $50), this is what is recorded on the consumer side, but then you have anonymous tokens (exactly like coins and bills) that you can spend without connecting to anything: only the supplier need to have a connection to a certification entity (which ensure no double spending).
That's the coolest thing about Taler: there is a thing called “the refresh protocol”[1] which allows you to obtain change after a transaction: that is, for instance you pay with a $7 token for your $5 transaction, and you get a $2 change token!
So, basically, if a merchant requests payment of $5 and the buyer only has a $4 and a $3 token then the buyer exchanges her $3 token for three $1 tokens with the exchange (without involvement of the merchant) and then pay the merchant with a $4 and a $1 token?
I would take this even a step further. To state the obvious, the hard part of building a private currency system is building the private currency system. Once you've done that, it's relatively easy to deliberately relax the privacy guarantees of the system in straightforward ways if that is something you want to do. (Whether this is advisable is totally orthogonal. I'm speaking strictly at a technical level.) Think about this like having a perfect invisibility device. Once you have such a technology, it's relatively easy to make yourself deliberately more visible: e.g., throw a can of paint over your invisible body.*
But Taler doesn't start out by building what I consider to be a very strong privacy base and then allowing for optional relaxations. Instead it makes a series of design decisions that begin with the idea that privacy will be limited in certain ways, and then bakes those design choices all the way down to the foundations of the protocol. This means the designers have chosen the deployment parameters, rather than the people and democracies who might actually want to make the decisions. This rubs me the wrong way.
* This has in the past been interpreted by people as me saying "I think backdoors are great", which is funny and also not true.
The main problem is that certain guarantees about behavior are fundamentally incompatible with certain attributes of transactions; you can have meaningful assertions that hold only if all transactions meet some criteria and there is no optionality, because the intentional abuse will simply choose the set of options that circumvent whatever conditions you want to enforce.
Using your own example, if your "world" supports a perfect invisibility device, then your world can't provide any guarantees that under certain conditions specific things will be seen - you can't have your cake and eat it too, if you want or need such guarantees, then you need to design a world where a perfect invisibility device is impossible.
Stability of any financial system needs an ability to protect against malicious, resourceful actors. Just as a proof-of-work coin needs to protect against double-spending and miner collusion, a Taler-like system needs to protect against malicious exchanges (so, the requirements foor auditability) and against malicious fraudulent merchants (so, the requirements to ensure that there's no option that a malicious merchant might use to cash out anonymously after receiving a payment).
Perhaps there is some way to satisfy all needs, but I personally doubt that, there are too many fundamentally opposite requirements (anonymity vs AML; circumventing gov't control vs ability to take legal action; irreversibility vs reversibility of fraud, etc) - and a system has to choose! If 99% of your transactions use a reversible mode and 1% are irreversible and untraceable, well, you can't have fraud protection for hacked wallets since those will use the irreversible and untraceable option; if you want feature A, you have to ensure that feature B is impossible.
A system does not have to choose. The society that deploys it has to choose which systems they will use, how those systems will be configured and so on. That society also needs to decide whether they will (or even can) ban alternative systems.
The technology itself should not force the designers' favored technical balance onto society. An ideal technology should allow the broadest possible range of configurations, and let users and society make the remaining decisions wherever it's technically possible.
(Many real-world systems are not ideal, and cannot technically admit the broadest possible range of solutions. But we know that centralized e-cash systems can make different choices than Taler.)
My argument is that a broad range of constraints is inherently impossible to satisfy within a single fungible, fully interoperable money system - I agree that "ideal technology should allow the broadest possible range of configurations", however, even with such an ideal technology designed by $perfect_deity the "environments" with certain incompatible configurations need to be kept distinct and separate enough so they de facto form separate payment systems; and the users and society can choose to use system A for purpose X and system B (perhaps sharing all of the technology except a configuration flag) for purpose Y, but the society can't have a single system for both these purpuses, because if they are substantially different, then money can't be allowed to flow freely between the systems as that option would break one or the other use case.
The society can freely choose between different systems and properties/configurations of systems; but certain emergent properties of a payment system that a society might want to choose require that some other options are closed off, that the configuration is set to ensure that no transactions in that system can use that option.
For example, if some uses need an strictly anonymous system and others need an strictly unanonymous system, then these systems can interact only through some gateway that enforces breaking anonymity in the latter; if some uses need a reversible system and others need an irreversible system, then interaction needs to happen through some gateway that will reverse a transaction even if the other leg can't be reversed, taking on financial risk to cover the costs of such a scenario. And, crucially, it seems plausible that in many cases such gateways on the boundary between different configurations are socially impractical to operate as they would have to take on risks they can't protect from, and there would be financial motivation to target them to abuse that configuration difference.
For example, we're seeing a bunch of barriers between physical cash USD and USD in bank accounts; and we're seeing a bunch of barriers between USD payments via cheques and USD Fedwire transfers. They are almost interchangeable, but the boundary between different "configurations" requires treating them as distinct and anyone offering a service for unrestricted exchange of one of those into the other is in for a world of hurt.
We are having two different discussions here. I am having a technical discussion about how we should design privacy-preserving payment systems. I think we should design them to be as powerful as possible, since it is vastly harder to "strengthen" a weak system than it is to "selectively weaken" a powerful system if society decides to do that. Using this approach means that society gets the largest range of technology to choose from.
You are having a discussion about what solutions society should adopt, and whether multiple systems should be allowed. I think that's interesting but a very different conversation.
The only place where these two discussions interact is when technology developers proactively decide to make some kind of specific privacy/security compromise that they think is the right one. This means that societies who want privacy don't get it. It means that societies who want a different tradeoff don't get it. And the most likely outcome is nobody ever adopts the new system, and we get PayPal.
What I hear in your posts is an assertion that "technology developers proactively deciding to make some kind of specific privacy/security compromise that they think is the right one" is undesirable.
My point is that "technology developers proactively deciding to make some kind of specific privacy/security compromise that they think is the right one" is unavoidable, since any attampts to "avoid" of that choice by leaving options open simply means proactively deciding to make a different compromise that also means that societies who want a different tradeoff (e.g. that the technology must ensure that those options are impossible) don't get the tradeoff they want. Opening one door closes others, in this space one does not simply "add options" without implicitly trading off others.
IMHO the larger thread here is having a technical discussion about how we should design payment systems, of which privacy preservation is one factor that's not axiomatic. Your presumption that the systems must be privacy-preserving and as powerful (on the front of privacy-preservation) as possible seems exactly like a case of a technology developer proactively deciding to make some kind of specific privacy/security compromise that they think is the right one. And not really a compromise, but a point at one extreme on that tradeoff scale, which means that societies who want effective anti-fraud measures, anti-tax-evasion measures and ability to recover funds with legal means without the cooperation of wallet-holder don't get it; and IMHO it's quite clear that societies generally do want a tradeoff like that, as evidenced by all the laws societies have chosen to pass. The societies in general are not willing to trade off these factors to gain privacy preservation, and privacy-perserving payment systems get made only because developers proactively decide to make specific tradeoffs that they personally think are the right ones.
Leaving aside differences in values and the "ought" part, I also fundamentally disagree with the factual points you make in the first paragraph. I disagree that it's vastly harder to turn a security-preserving system into a privacy-preserving one than to turn a privacy-preserving system into a security-preserving one. IMHO many decades and much, much, much more effort has gone into building security-preserving systems than privacy-preserving systems, and we still haven't succeeded at the former, as evidenced by all the loopholes in electronic transfers and cash controls that still leave enormous space for money laundering. Cash is probably the counterexample of a technology that's somewhat "powerful" w.r.t privacy preservation and has proven to be very, very hard to "selectively weaken" effectively.
I'd say that to "selectively weaken" a powerful privacy-preserving system is definitely not easier, I'd say that it's pretty much impossible - since if a society would choose an ability to track specific transactions (e.g. money laundering or drug trades) then a selective weakening does not achieve that goal, and even 99% weakening does not achieve that goal. If there are multiple channels available, then achieving that requires that all channels are privacy-breakable, since otherwise the malicious transactions would all get funneled through the privacy preserving channel. The society can (and should!) apply privacy-breaking selectively, but if the technology can't ensure that these specific transactions are privacy-breakable despite some fraudster trying to preven tthat, then the society doesn't get the tradeoff it wants, that goal requires that 100% of the loopholes are closed - which IMHO is harder than ensuring that some transactions are privacy preserving; especially since you can have privacy preservation even if many transactions are non-private - as if you have multiple channels available, then you can choose to use only the privacy-preserving channels.
The second disagreement is with the statement "Using this approach means that society gets the largest range of technology to choose from." My point is that societies may reasonably want choices which require that other choices are impossible - providing extra choices is not necessarily a net benefit, as the mere availability of option A denies the society some choices. For example, if a society chooses that a certain class of payments should be taboo (for whatever reason), then providing an extra choice of an uncensorable channel does not mean a larger variety of choices - it means denying the society one choice - the choice they wanted, to ensure that taboo-payments don't get made - just to provide another choice that they did not want as much.
Perhaps that's the proper framing of this dichotomy? Maximum-choice-of-policy-outcomes is incompatible with maximum-choice-of-technology-options, there's a tradeoff.
Rather than writing thousands of words about what society should do, my point is much simpler. To give an analogy: a private payment technology can be a powerful system like a general purpose web browser, or it can be like a more hobbled system that can only browse pre-configured web pages and image formats chosen by the developers. Both options are viable, however: the problem comes up when your use case (or your country’s use case) calls for a “browser” with a very specific set of restricted functionality that is greater than the functionality offered by the hobbled system that’s available.
In this case you have a choice. You can ban all browsers entirely. You can use the hobbled browser that doesn’t meet your needs because that’s what’s available. You can try to add new functionality to the hobbled browser, which can be a hard path to follow. Or you can hope that instead of a hobbled browser, there is a more powerful full-featured browser that you can strip down to have the specific set of features you want. In the best case this is easy: just a matter of changing a configuration file. In the worst case maybe you have to snip away some code. To continue this silly analogy: it’s vastly easier to remove PDF support from Chromium than to write a brand new PDF renderer into software that chose not to have one.
Obviously I’m going to have to ask you to take my word that in this case a powerful privacy-preserving payment system stands in for a full-featured browser, and it’s relatively easier to “strip (privacy) features away” from a strong privacy system then to make a weak system more private. I’ve spent a good chunk of my life thinking about this exact problem so I feel confident making this case.
The remaining point you raise is essentially the following: the mere existence of privacy-preserving payment systems deprives societies of choice. This holds in the same way that the existence of, say, Chromium or Firefox makes it impossible for some country to plausibly mandate a browser that can only visit selected web sites or use file formats chosen by the government.
The best thing I can say about this argument is: tough luck. Better (centralized) privacy-preserving payment technologies exist. You can’t make them go away, any more than you can hope that Chromium or Firefox will stop existing. If the success of your preferred system depends on the non-existence of other technology, and that technology is already out there, then you need a better plan.
All these systems impose a notion of society though, so your distinction holds little water.
I've no idea if the "on-chain governance" crowd like Cosmos, Polkadot, etc. could politically introduce tools that supported taxation. Any "miner consensus" design like ZCash, Bitcoin, etc. could never introduce such politically contentious upgrades.
ZCash's developers have thus de facto spoken definitively against taxation, by defining the voting set to oppose taxation.
Taler exchanges do whatever governments permit/encurage banks to do. You might dislike our political system, but clearly Taler adopted a notion of society much closer to the conventional one.
As I noted above, Taler could swap their crypto for balance hiding tool or with techniques that support balance hiding blockchains. ZCash cannot disentangle itself from its anti-tax roots.
> ZCash cannot disentangle itself from its anti-tax roots.
Sure it can. Anyone can fork the Zcash code, and with some changes can adapt it to a centralized ledger. Or you can use a Chaumian system. Once you do this, you will have a system that faces exactly the same adoption hurdles as Taler.
Isn't this basically what's happening nowadays, except on the level of competing digital currencies instead of on the level of competing configurations?
Bitcoin, Z-Cash, Stellar, GNU Taler and many more, all of those offer different characteristics which societies can pick and choose from. Central Banks don't necessarily like the particular choices that have been made by existing systems and drill down a level further to design a system with exactly the combination of cryptographic blocks that provide the desired mix of characteristics.
I don't think it's wrong that a particular solution like GNU Taler specializes in a particular set of combinations, it will do a better and more maintainable job at this (already pretty massive) project than trying to cover every arbitrary combination of characteristics. Same as libsodium provides a better crypto API than OpenSSL while not running into Heartbleed-scale bugs, because it actually dares to make opinionated choices.
The flexible layer for e-cash should be on the level of crypto primitives, and the actual implementation is the configurable layer that you're asking for.
Web browsers and operating systems are neat and general-purpose, but for a mission-critical currency it would be nice not to have to deal with the endless security fixes that an almighty everything-framework will unleash unto us.
I'm a big fan of libsodium/NaCl for the use case of "encrypting things simply". However, I also recognize that it can't do certain things: for example, the original NaCl didn't support "public key encryption from an anonymous sender who doesn't have a static secret key", and libsodium had to add that feature via a new "crypto_box_seal" function. I've seen multiple people re-implement that feature from scratch into NaCl, before libsodium added it and became the standard. They did this because many protocols require a way to do this, and the original NaCl designers were aware of this but had a very opinionated design philosophy. So we get forks.
This kind of thing is just barely tractable when you're talking about something as "simple" as a non-interactive encryption protocol. It becomes exponentially harder when you get into the world of interactive crypto protocols with ZK proofs and privacy guarantees (where a bug means losing millions of dollars.) It becomes even harder when specific anti-privacy features have been baked into the underlying protocols on purpose, because it requires so much expertise to remove them, and the consequences of a mistake are catastrophic to the whole system. You're often better off just starting from scratch, since the technology of centralized e-cash is reasonably well understood (and the Taler authors probably aren't going to support your fork, because they politically disagree with your choices.)
I have been following Taler for several years and it's great that it exists. But I don't see a pathway to adoption for it, partly because it's so "politically" opinionated around a specific set of features that the authors think are the right ones, and partly because it's hard to launch a centralized private currency without buy-in from a lot of people who agree with your political decisions. Taler can only launch if it finds sponsors who agree with all its choices, and it has not found them yet. Whereas Zcash and Monero launched because, while they're also opinionated, they're decentralized currencies and don't face the same coordination problems.
Yes, there exist harder technical challenge in designing systems with more privacy, and ECC has an incredible engineering team doing SNARK work, but.. You're drawing a false equivalence between actual deployment potential in real systems, and the pure technological potential of ECC's code.
At a technical level, both ZCash and Taler operate upon two databases, one for UTXOs and one for nullifers, and either could change their cryptography. If you compare design decisions more carefully then you'll find ZCash baked their politics much more deeply than Taler.
Taler provides inexpensive anonymous payments for small everyday purchases. This is not controversial. ZCash employs non-scalable blockchain designs that cannot realistically support many small purchases, and even requires merchants track the chain, making it primarily an investment instrument. It's true one ECC dev has contributed to the scaling discussion, and ECC's code base spawned zexe and arkworks, which advanced zk rollups, but.. ZCash does not fund obviously much scalability work. In short, Taler appears focused upon real privacy needs of everyday people, while ZCash appears focused upon investors' privacy desires, including for for tax evasion.
ZCash could engineer some taxation support system, although not sure about the complexity. Taler could trivially simplify their refresh protocol, which then makes all transactions become plausibly refreshes, and makes taxation hard.
ZCash expressly supports hiding large balances, presumably from taxation. Taler could adopt a system that hides balances with range proofs, if they valued hiding large balances.
ZCash like Bitcoin was designed to combat flawed government monetary policy, which weds them tightly to this goal. If desired, Taler could operate upon finality proofs produced by blockchains, thus giving supporting the same anti-governmental monetary political goals as ZCash, etc.
Again, if we compare the political positions based into the designs of Taler and ZCash, then we find ZCash's positions to be more extreme, and to be baked more deeply into the design.
This shouldn't be viewed as a Zcash decision vs. Taler. I think this should be more viewed as full centralized Chaumian e-cash (with more flexible privacy choices) vs. Taler. If you're telling me that Taler's "value transparency" decisions are driven by technological scaling limitations that can't addressed any other way, then that's an interesting discussion to have. But it's not a discussion about Zcash.
The claim "can surveil every transaction you make" does not seem justified.
The way I see the process, the flow of Talers is strictly asymmetric and one way, with a clear distinction between users(consumers) and merchants:
1. From exchange to user (deposits).
2. From user to merchant (payments for orders).
3. From merchant to exchange (withdrawals).
The monitorable steps are 1. and 3., which allow tracking the total amount that you can spend and the total amount that the merchant has received. The actual transactions (step #2) are not surveilable, the system does not track who paid what to whom.
The statement "every time you pay you both were previously a recipient" is not correct, since as a non-merchant user you can't be a recipient of payments, you can't have any income in Taler, you can only spend what you yourself deposited in the system through an exchange. And vice versa, as a merchant, you can't make any payments, you can only withdraw your Taler income for real money at the exchange - it's exactly just as with a merchant account for receiving credit card payments, which is strictly separate from any credit card payments that the company might want to make themselves.
This contradicts one of the claimed principles of Taler, "Protect the privacy of buyers". Can you please explain how the example you gave would be possible with Taler, in a way that wouldn't be with crypto currency?
In theory Bitcoin could provide a reasonable amount of privacy by leaving identities unlinked, in practice it doesn't. (Etherum's 'accounts' are extremely privacy toxic way beyond Bitcoin)
Of course, if one wants to trust other entities one can already easily use chaumian cash w/ Bitcoin.
That works similar to Taler except no integrated spyware.
This approach can even be implemented with multiparty security relatively easily, so that the funds are protected by a majority threshold rather than just requiring a single point of failure.
Comparing Taler to Bitcoin is not appropriate since Bitcoin could be the very monetary unit that is used as the denomination of payment amounts on the Taler network. In other words, Taler is a protocol that is deployed on top of Bitcoin, and does not compete with Bitcoin itself.
Bitcoin is (intended to be) a form of money — just like USD, EUR, gold, silver. The Taler network needs a unit of account (numeraire) to denominate amounts in, and this is what money is used for. Tail itself cannot function without a monetary unit since it’s a payment system (a way to move money).
You are correct - I should have been more explicit, but I was using comparing Taler as a system to move arbitrary money against the Bitcoin network[0], which is a system to move a specific money (Bitcoin the coins), or the various blockchain networks, which do similar for other tokens (including securitized fiat, as in stablecoins)
[0] "the Bitcoin network", meaning the use of blockchain transactions to facilitate payments, or off-chain schemes to do the same with on-chain settlement (as in lightning network)
It sounds like Taler is not competing with Bitcoin.
Bitcoin is just as much about improving money in general as it is about preserving and transferring wealth.
Before WWI, a large part of the world was all on the gold standard. I think a Bitcoin standard would be similar to that but with improvements to consensus.
Perhaps Taler is more competing with Lightning networks or decentralized exchanges?
Taler isn't competing with bitcoin per se, but it's competing with a particular vision of the bitcoin network (or any blockchain) as "the future of digital payments". Lots of people are into bitcoin as a digital asset, as some kind of inflation-protecting security, etc. For these purposes, Taler is completely orthogonal and not a competitor at all.
How is bitcoin an improvement on money? Why is a standard on a physical or digital asset desirable, especially when the asset is rare. Wouldn't this unnecessarily restrict monetary policy?
Bitcoin(and by extension the rest of the cryptocurrency space) is an enabler for speculation - in the specific case of BTC, on the price action of the asset as more is mined, and on the cost of mining itself. Speculation's action - which is always crude when looking up close - has the effect of building a market where there once was nothing, and as BTC has grown crowded speculative activity has proceeded towards projects promising(if not necessarily delivering) additional features and social value.
One of the major limitations of a pure debits-and-credits system like Taler is that it has limited speculative interest. It can't be gamed for returns on investment, so it can't initiate the boom-and-bust cycle.
How Bitcoin levels of speculation desirable for a currency?
If my national currency was going up like bitcoin spending would decrease a lot. Why you'd you buy a car today when you can buy it in a month and spend 20% less? The economy would stop functioning.
And when the value of currency falls people want to spend it as fast as possible.
That's because Bitcoin taxed the same way as other forex, at least to my knowledge. If you buy goods with Bitcoin you should presumably pay sales tax, not capital gains tax.
You would pay both - sales tax is collected by the seller. The gain on the Bitcoin is the value of the transaction, less your basis for the Bitcoin involved. That gain can be long term or short term and is taxed accordingly.
Suppose I change a bunch of USD for EUR at an airport. Six months later, the Euro has appreciated significantly vs the US Dollar. I go on another trip, and buy some stuff with the Euros I changed several months ago. Do I technically owe capital gains tax?
But if you changed the appreciated Euros back into dollars, you’d at least theoretically owe tax on a foreign exchange gain.
For pocket money, no one is going to bother with it.
But I’ve been in situations involving hundreds of thousands of dollars held for long periods in foreign currencies, where the tax consequences were real. There’s a line on the 1040 to account for foreign exchange gain/loss.
I am the GNU Taler co-maintainer and working paper co-author. The development is community-driven. But as you see from the paper, the community is talking with central banks about deploying it. There is no contradiction.
Great name. The word “Taler” derives from the “Joachimsthaler Guldengroschen” currency (Guilder groschen of St. Joachin's Valley), or “Thaler” for short. The coin was introduced in 1518 in the Holy Roman Empire and many currencies in Europe became named after the Thaler. The Dutch brought their “leeuwendaler” (lit. lion daler) coin to New Netherlands (now New York), lending its name to the US Dollar. I presume Taler was used for this project to match modern German orthography and to avoid confusion with the English ‘th’ ‹θ› sound.
Yes, but it's better. On one hand it's centralized and vendors are regulated, BUT it implements anonymous payment for buyers using a type of blind signature in cryptography (originally envisioned by David Chaum's digital cash), it allows you to pay for things without being tracked and analyzed. In my opinion it's the best compromise between PayPal and cryptocurrencies, I hope one day I can buy things via GNU/Taler.
Taler supports full tracking of who received how much. That is sufficient for the government's job of taxing income.
If - on the other hand - the government would also like to mass surveil all its citizens, then that is a use case that Taler explicitly and intentionally does not support.
So it looks like Taler is designed as a consumer to merchant payment system, and not person to person. I suppose that person to person could work with banks serving as intermediaries.
With anonymity for consumer how would transactions like exchanges and returns work?
> That is sufficient for the government's job of taxing income.
But not of fighting money laundering. If all income is anonymous, it'd be relatively easy to set up a fake digital-only product and buy yourself lots of it.
To spend coins on yourself you must have received them first under some identity, so it does not ease money laundering.
It could eventually ease money laundering between countries where laws are different. For example, sell drugs from Netherland, receive Taller coins, buy virtual things from your company in France to move it there. But in fact you can already do that, buy a coffee shop in Amsterdam, and transfer your income after taxes to your bank account in France. Great your are a drug baron living from France now.
What it will prevent is for a country to block their citizen from buying something illegal from another where it is legal, as it is done with card payment and drugs bought online.
Isn't the point of money laundering to obfuscate the identity of the original recipient of funds? Don't get me wrong, I'm not sure Taler would make things harder for regulators and law enforcement. KYC requirements apply even if the payment method itself is anonymous. But I'd think that given the opportunity, governments would like to have better oversight of financial transactions.
The point of money laundering is to conceal the source of funds. The way you conceal the source of funds is by creating fake receipts. Without receipts, a bunch of Thaler showing up for no reason is no different than a bunch of dollars showing up for no reason. You may be suspected of being a criminal.
Depositing money in the system is not anonymous - it can't track whether you bought your own fake product or something else, but you would already have to have "clean" money to convert it to Taler at an exchange.
Realtime mass surveillance of every party who receives money is isomorphic to realtime mass surveillance of everyone.
Every person who sends funds received them previously and is sending them to someone who is receiving them.
Taler's surveilling is continuous, unaccountable, and operates without any due process what so ever: No court is required to authorize surveilling your records, nor can you even detect it to fight the intrusion.
The claim that the mass surveillance is required to enable taxation is outright untrue and inconsistent with longstanding practice. Taxation, including sales taxes, existed for a long time before low privacy electronic payment networks existed.
That's just wrong. If me and 10 other people buy things for 5 bucks from a vendor with taler, there is no way to trace it to us as I understand, and no way to distinguish which of us paid which 5 bucks. How is that isomorphic to full surveillance? It's more privacy than both traditional payment Systems and most cryptocurrencies
> Realtime mass surveillance of every party who receives money is isomorphic to realtime mass surveillance of everyone.
I don't believe it is.
For instance, imagine a closed system of three people: Alice, Bob, and Carol. Initially we start off with seeding both Alice and Bob $100 via Taler. We can see that because it is public. Then, we see that Carol receives $5. That is also public. Who gave Carol the $5?
If surveillance of money received is isometric to full surveillance, you should be able to answer this question, but clearly there is insufficient information, so clearly they are not isometric. There may be special cases where sufficiently large transactions can only have come from a small pool of wealthy transactors, but I bet this would be essentially meaningless in practice, and is absolutely not the same as equating the system to full surveillance of every participant.
As a payment system must comply with local laws in order to operate legally, GNU Taler must be designed to comply with these requirements. GNU Taler must provide an audit trail for investigators operating under the law. Furthermore, we consider levying of taxes as beneficial to society, and fair taxation requires income transparency. Thus, GNU Taler must enable authorities to track income
Which makes a lot of sense.
Privacy of buyers is protected from the merchant, that doesn't imply that the payment is untraceable (or that complete secrecy is necessary).
As far as I understand it, this is meant as an open and standardized payment protocol that provides payment interoperability between different banks, but that protects the privacy of the sender (but not the recipient, due to tax reasons).
It doesn't have anything to do with crypto currencies like Bitcoin.
This feels like it wouldn't square with Know-Your-Customer requirements. Although: those only kick in legally above certain transaction and spend levels, so simply rejecting anonymous payments at those levels (or structured payments below those) would make it legally viable.
It does make me feel good to see a GNU project like this out there - at the core of the free world IMO, the bits of glue which get our society running, it should really be all open-source and open licenses.
> This feels like it wouldn't square with Know-Your-Customer requirements
My understanding is that exchanges would do their due diligence before exchanging your fiat for tokens, and separately shops may do due diligance if necessary before accepting your tokens; the exchange does not know that you performed a transaction at this shop, and the shop does not know with whom you exchange[0], but both those relationships have separately done due diligence.
In particular I don't believe there could be a such thing as a "darknet shop" or "darknet exchange" using Taler. If any one entity is not following regulations, it should be possible to track them down and subject them to the law. If a merchant isn't following regulations, then they can't redeem their tokens to fiat at the exchange. If the exchange isn't following regulations, then the auditor/government shuts them down.
[0] is not correct, since the shop validates your money against that specific exchange. But since there are going to be a few regulated exchanges, it doesn’t let the shops track you meaningfully.
Plus shops will usually have more information: email/address etc.
Because the recipients can't be anonymous, basically by definition. So money moving in an apparently ordered way to a receiver would draw attention to the recipient, who would then have to explain why they were accepting the payments.
If they're converting to physical goods, they also have to be sending them somewhere - which is much harder to anonymize.
This looks exciting. Did anyone manage to work through the demo, though? I first installed the Taler Wallet for Android via F-Droid, and it can scan the QR code for withdrawing from the demo bank, but the actual withdrawal fails with some generic message that "withdrawals are currently not possible". Then I tried the browser extension in Firefox 84. It detects that it should be doing something, but never actually completes a withdrawal either.
There are those of us with extensive experience in payments with plenty of stories that would touch exactly on this, so yes, but these stories are not public information.
Very nice concept, but I guess that if you try to create an exchange or accept payments with that: governments, tax offices and FATF institutions will come after you.
TLDR with my understanding of the concept:
At the opposite of crypto, the concept is that anyone can create an "exchange" acting as a bank, and all transactions are public in an encrypted form.
So you can check the transactions if you know the key of your transaction. But it is not crypto in the sense that you have to trust one authority (the exchange) as a bank. It is the one that will hold user credits in the end.
The very fun thing is to create a "bank" like that for you and your friends. It is like an IOU bank.
Have you read the paper or website? Taler explicitly envisions exchanges as regulated and audited entities.
The central bank should audit exchanges, and it even provides mechanisms to make this simpler. One leg of the exchange runs on traditional finance rails (ACH) as well.
It isn’t anyone can be a bank, it is “regulated audited entities should be able to exchange a ACH transfer for digital tokens”.
You a speaking about the Swiss white paper, but when I look at Taler website, doc and tech: it allows things to be "regulated", but there is nothing forcing that.
Whoever can spin up his "own bank" like that.
And whoever else can connect with this first bank.
And you can use Kudos, of whatever digital virtual currency that you want.
And most of what is interesting about this project is especially that. Not that traditional regulated entities could use it to spin up something new to basically do what they are already doing.
Regulations can never be forced into a technology, they can merely be adopted. PCI-DSS exists as a regulation in different jurisdictions, but there is nothing forcing it either - its the contract your processor signs with their bank, and other many agreements similarly.
An exchange exists to convert Fiat to Tokens. A merchant can only accept tokens signed from an exchange. The Fiat<>Kudo transfer happens on an exchange and requires traditional regulated finance rails. Could you build a cash-backed exchange? Yes, but then merchants accepting that specific exchange will need a way to exchange it back to fiat, and that doesn't work.
There isn't a separate digital virtual currency in Taler. Taler is an electronic payment system that uses existing currencies (such as USD/EUR). Kudos is only used for the demo, but in a real deployment, it will be USD/EUR/etc.
At this very moment the U.S. Financial Service Committee is holding a hearing on 'terrorism' and one would not be surprised to learn that 'cryptocurrency' is the main discussion. What is sacrificed when one is no longer able to "Follow the money."?
I no AML/KYC expert but I have written software systems for fraud purposes before and with that in mind such systems, founded in data collection, are used every hour of every day to link people to activities, legal or not. Given the prolific prosecutorial proof available online as it relates to the value of "who took the money", "who was paid", "who has the money" in such legal cases clearly the institutions tasked with 'security' see a great threat in not being able to follow it.
I was assuming the question was open to "moral" interpretations, rather than strictly legal ones. In turn I keep my position even with your concerns, because the utilitarian calculus of comparing "being able to pay for things anonymously" vs "this is helpful for fraud prevention" is basically a non question in my mind.
My time spent in architecting and coding a fraud system was for employment and income which is not particularly representative of my views about personal privacy per say that we seem to share. I can pay cash for burner phones in stores with no point of purchase surveillance coverage or I can go into a big box and pay with credit and be all kinds of recorded. All about understanding the long game objective as the execution is the easy part.
In a rare case of where judging a book by its cover is actually valid, I am going to call it right now: the fact that this project can't even display their logo on their webpage correctly is an indicator of the general level of competence/seriousness brought to the table wrt competing with an existing global financial system that, to put it plainly, is competent and serious.
Loading the linked webpage on the most popular web browsing device in the world displays their logo with an incorrect aspect ratio. It's pretty obvious that none of these free software zealots tested their software with an iPhone, a device that their target market actually uses.
A refusal to use or promote nonfree software comes into slight conflict at times when developing consumer products, as the markets are captured by nonfree software distribution channels, a tragic fact. You have to be willing to bend your own rules slightly while remaining true to your principles, such as testing your website on an iPhone to make sure it works right when nonfree software users visit it to learn about why free software is better.
In my opinion, for those of us who aren't anti-government, Taler represents an ethical future of digital spending:
It is interoperable, so unlike our current Visa situation, the free market should be able to bid down payment fees to a fair rate. It's insane to me that Visa and Mastercard have basically positioned themselves as exclusive middlemen on the vast majority of digital transactions, in an age when so much commerce necessarily is digital.
It offers privacy that Visa / PayPal / etc cannot.
It makes income traceable in a way that bitcoin does not, to facilitate lawful taxation.
It is inherently scalable in a way that bitcoin arguably is not (bitcoin has offchain scaling mechanisms, sure, but if you're being honest it's a stretch)
It's not introducing a new currency or coin that will be endlessly speculated on, unlike most every crypto solution out there (even stablecoins rely on eth or others for transaction fees)