Domain: chaum.com
Stories and comments across the archive that link to chaum.com.
Comments · 12
-
Re:Spam, SpamAssassin, DigiCash
Using an digicash-like micropayment should be simple to implement. The SpamAssassin program would "deposit" the digicash that came in the mail header into the recipient's account and reduce the spamminess score of the message (if the bank flags it as "counterfeit" the spamminess score would increase) . You might need some method to prevent "theft" of the digicash by mail relays...
Sounds like a great use for digicash to me. -
Big Brother is watching you
I'd be much more comfortable with using a smart card that stored my biometric info inside itself. It may not fit into the whole "a-passport-is-a-way-to-track-you-and-privacy-get
s -in-the-way" mindset, but I definitely wouldn't feel comfortable with the government scanning any kind of biometrics off me just to board a goddamn plane to Canada, whether it's fingerprints or retina scans, or anything else.
If I make no sense in this post, you'll have to excuse me. I'm a little intoxicated tonight. -
Re:Vote loggingThis PDF article (site) by David Chaum describes a mechanism for being able to use your receipt to validate that your vote was recorded correctly (even after leaving the polling station), but without being able to read what your vote was.
The method is a little byzantine for my tastes, but still an interesting read.
-
David Chaum knows
-
Some history (they all failed ...)
It all started with David Chaum's DigiCash and it was very promising. The patents and the technology however are owned by InfoSpace today and are collecting dust. The Blind Signature patent will become available soon, though, and somebody might pick it up. Then there was CyberCash (with Cybercoin), and they went belly up. Then there was Millicent, they died, too. Amir Herzberg (see here) used to be very active in the space but also gave up. Then there was Stefan Brands' system (see here) which never really saw the light in an implementation. Stefan used to work at DigiCash with Chaum (but they did not really mix) and then moved on to ZeroKnowledge where he left from a couple of years ago. This is just a brief recollection of things, I am sure I missed a lot, but they all failed. And this should tell us something
... -
Re:David Chaum is the guy we should be watching
Where have you been
:-)
Unfortunately David Chaum did patent his e-cash protocol years ago and started a company called "digicash" ... which failed big time like many other dotcoms. -
Re:AS long as thay have anonomous cash
David Chaum has been concerning himself with these issues for years. If you read some of his writings you will find that he shares your concerns.
Rather than badly paraphrase his thinking, I'll just quote the introduction to "Security without Identification":
Computerization is robbing individuals of the ability to monitor and control the ways information about them is used. Already, public and private sector organizations acquire extensive personal information and exchange it amongst themselves. Individuals have no way of knowing if this information is inaccurate, outdated, or otherwise inappropriate, and may only find out when they are accused falsely or denied access to services. New and more serious dangers derive from computerized pattern recognition techniques: even a small group using these and tapping into data gathered in everyday consumer transactions could secretly conduct mass surveillance, inferring individuals' lifestyles, activities, and associations. The automation of payment and other consumer transactions is expanding these dangers to an unprecedented extent.
Organizations, on the other hand, are attracted to the efficiency and cost-cutting opportunities of such automation. Moreover, they too are vulnerable, as when cash, checks, consumer credit, insurance, or social services are abused by individuals. The obvious solution for organizations is to computerize in ways that use more pervasive and interlinked records, perhaps in combination with national identity cards or even fingerprints. But the resulting potential for misuse of data would have a chilling effect on individuals. Nevertheless, this is essentially the approach of the electronic payment and other automated systems now being tried. Although these systems will require massive investment and years to complete, their underlying architecture is already quietly being decided and their institutional momentum is growing.
This momentum is driving us toward a seemingly irreconcilable conflict, between organizations' need for security and the benefits of automation on one side, and individuals' need for ensured privacy and other protections on the other. But this conflict may be avoided by early adoption of a fundamentally different approach to automating transaction systems. This new approach is mutually advantageous: it actually increases organizations' benefits from automating, including improved security, while it frees individuals from the surveillance potential of data linking and other dangers of unchecked record keeping. Its more advanced techniques offer not only wider use at reduced cost, but also greater consumer convenience and protection. In the long run, it holds promise for enhancing economic freedom, the democratic process, and informational rights.
Of course the technology Chaum advocates is not the only way to conduct monetary (and other) transactions. You can be sure that there are powerful forces that would like nothing better than to have improved access into people's private business. At the very least, people should realize there are other options. -
Re:AS long as thay have anonomous cash
David Chaum has been concerning himself with these issues for years. If you read some of his writings you will find that he shares your concerns.
Rather than badly paraphrase his thinking, I'll just quote the introduction to "Security without Identification":
Computerization is robbing individuals of the ability to monitor and control the ways information about them is used. Already, public and private sector organizations acquire extensive personal information and exchange it amongst themselves. Individuals have no way of knowing if this information is inaccurate, outdated, or otherwise inappropriate, and may only find out when they are accused falsely or denied access to services. New and more serious dangers derive from computerized pattern recognition techniques: even a small group using these and tapping into data gathered in everyday consumer transactions could secretly conduct mass surveillance, inferring individuals' lifestyles, activities, and associations. The automation of payment and other consumer transactions is expanding these dangers to an unprecedented extent.
Organizations, on the other hand, are attracted to the efficiency and cost-cutting opportunities of such automation. Moreover, they too are vulnerable, as when cash, checks, consumer credit, insurance, or social services are abused by individuals. The obvious solution for organizations is to computerize in ways that use more pervasive and interlinked records, perhaps in combination with national identity cards or even fingerprints. But the resulting potential for misuse of data would have a chilling effect on individuals. Nevertheless, this is essentially the approach of the electronic payment and other automated systems now being tried. Although these systems will require massive investment and years to complete, their underlying architecture is already quietly being decided and their institutional momentum is growing.
This momentum is driving us toward a seemingly irreconcilable conflict, between organizations' need for security and the benefits of automation on one side, and individuals' need for ensured privacy and other protections on the other. But this conflict may be avoided by early adoption of a fundamentally different approach to automating transaction systems. This new approach is mutually advantageous: it actually increases organizations' benefits from automating, including improved security, while it frees individuals from the surveillance potential of data linking and other dangers of unchecked record keeping. Its more advanced techniques offer not only wider use at reduced cost, but also greater consumer convenience and protection. In the long run, it holds promise for enhancing economic freedom, the democratic process, and informational rights.
Of course the technology Chaum advocates is not the only way to conduct monetary (and other) transactions. You can be sure that there are powerful forces that would like nothing better than to have improved access into people's private business. At the very least, people should realize there are other options. -
Huh?From the article:
Instead of trying to make thousands of transactions a day totaling only a few pennies or less (which is what ads result in if you're lucky), I propose a simpler system; a small yearly fee (less than $10USD) which works out to a micropayment per day. Memberships and subscriptions tend to cost more money for a smaller period of time.
So how is this different from regular subscription websites? It's cheaper?
I think micropayments are definitely the Right Idea for the web, but I don't see how they could be properly implemented using current payment systems. Off the top of my head, I think a payment system suitable for micropayments would need (at the minimum) the following properties:
- implicit (yet secure) payments. The user should be able to configure their (trusted) web browser to automatically make requested per-page micropayments to a server if those payments are below a threshold (e.g., $0.001). The browser can prompt the user for permission to make larger micropayments. It's very important that the user does not need to intervene in the micropayment process every time they request a document. Since a user can not read through the whole source of the browser and anything else that might need to make payments, perhaps the browser and other programs should call an external program to make the payments, the user's `payment agent'. This would be a small program that makes payments while following the user's policies and restrictions.
- extremely low (or non-existent) per-transaction fees. If the provider(s) of the payment system are charging $0.10 to the payment receiver for each micropayment, it obviously won't work. This essentially implies the next requirement.
- contact with payment system provider(s) not required for every transaction. If the server collecting micropayments must contact the provider(s) every time a payment is collected, the system will not be feasible. The server should be able to store up many micropayments and redeem them with the provider all at once every day/week/month.
Creating a digital cash system that has all the properties we'd like is a damn hard problem that hasn't be solved yet. However, cryptographic tools such as one way functions and PKI are very powerful. I don't think we've fully exploited their possibilities yet, so I'm still hopeful that a true digital cash scheme will one day be created. -
Re:Bits for $
Hey - you just invented David Chaum's DigiCash. I knew it was a good idea.
And the refund idea merits a lot more thought... if I've understood #6 correctly. (Non habeo Latineramumble)
-
Digicash
DigiCash was founded in 1990 by cryptologist David Chaum (site apparently not updated in recent years...) who owned the two (three?) major patents covering completely anonymized digital cash. To my knowledge it still isn't certain whether it's possible to create a truly anonymous digital money scheme without violating these patents.
Like you said, David is a great mathematician, and an even greater evangelist/idealist (i once attended a lecture of his on cryptology protocols which he turned into a sort of political rally). But he wasn't an unqualified succes as a bussinessman (ahem). Due to various mismanagement problems Digicash went broke in 1998. About a year ago, all Digicash IP (including the patents, source code and the url) was bought out of the brankcupty by startup eCash Technologies inc., located in Seattle.
Though superficially somewhat similar to something like PayPal, this system, should it become viable, will have a far wider impact. Truly anonymous digital cash with a high solvability is something that will strike fear into the heart of every government economist on the planet. Should it ever become implemented, it will change the nature of the internet, and society itself won't escaped unharmed either.
That being said, they don't appear to have made much progress yet in securing deals with major financial institutions, which will probably be a neccesity to make it a success.
Go here for a good list of ecash related links. -
MojoNation: anonymityThe central idea of MojoNation is a service that emphasizes distributed storage/CPU/bandwidth sharing. This is different than setting up a micropayment scheme for viewing web pages. Generally, one might consider this as some client paying a server for hosting a web page -- micropayments can either be in the form of per time interval (a la paying for storage) -or- per page served (a la paying for bandwidth). Think distributed.net for sharing CPU cycles.
PayPal.com and other solutions are not as well-suited for such distributed systems for a number of reasons. First of all, it places some dependence on a centralized, commercial service, requiring people to upload credit card information and such.
I spoke with Jim McCay for a while at the recent Berkeley conference on Anonymity and Unobservability, most of our discussion centered around the anonymity aspects of MojoNation. The micropayment scheme utilized is based on Chaumian ecash, which has the nice properties of being fairly small and straightforward.
User anonymity is ensured by the cryptographic blinding of ecash tokens during the withdrawal (issuing) stage of the protcol. Therefore, the issuing authority (MojoNation until some different infrastructure is set up) is not able to link payments received by "merchants" and the customers that used these tokens. The downside of Chaumian cash (as opposed to that of Stefan Brands) is that all verification to prevent double spending needs to occur on-line. This requires some central MojoNation issuing authority (or some distributed subset of varying authorities) that needs to be contacted for the verfication.
One main aspect of MojoNation that still lacks anonymity is actual peer-to-peer operations. Currently, these just have IP-layer connectivity for usability reasons...but this is hardly anonymous.
Jim pointed out that nothing prevents the eventual "plug-and-play" functionality of some anonymous channel - such as a mixnet (ZKS Freedom, Onion-Routing, etc.) - to be used between peer connections. While speed might be affected, the anonymous micropayments scheme fits right into a future addition of anonymous links.
It's going to be interesting to see MojoNation and other such systems develop.