Beaming Money

Wes writes "If you've ever dreamed of having a system like they use on Star Trek, where credits are instantly passed back and forth, this is it. PayPal, from Confinity will let you do that. Just sign up, load the software onto your Palm or WinCE device and go. If the other person doesn't have the software, you can IR-beam it to them, same as transferring money. Never fear if you don't have a handheld. An e-mail address will do just fine, but no money beaming. Sounds like a new payment type for eBay. "

Re:Wonderful...

[MindStalker]

Geez, its going to be simpley an encypted text/data. There should be no need for any executables, meaning there should be no viruses. But, as was previously said, we need to find out what encryption and protection system they are using first. Anyone know anything about this companies history? any complaints?

Re:What an amazingly bad idea

[pspeed]

Having not read the site at all I won't comment too deeply, but it occurred to me that some sort of double-check system might solve the problems you mentioned above.

Meaning, both my PDA and the other party's PDA would record the specifics of the transaction including the amount of transfer and who the money was transferred from and to. Money wouldn't change hands until both ends had been synched to the server.

This may not be the way they're doing it and would certainly eliminate some of the convenience, but it would keep money from electro-magically appearing out of the ether.

Are we ready for this

[Magus311X]

Notice the electronics trend the past few years? Everything's i-this, e-that, etcedera, but as wonderful as these things are, nothing is really safe anyways, so would we be seriously ready to make this everyday for some (nevermind all) people?

And I'm not necessarily meaning that someone is going to walk around with that massive IR panel hooked into a palm with an IR sniffer (idea!), but there's much larger worries lurking overhead.

No, not the little green men from Mars (that's a different story). Remember back 30 years or so when we detonated a nuke in space to see the effects? No damage, except an EMP shockwave that ruined a good deal of all electronics in the pacific (Hawaii too I believe, I can't remember much, anyone want to follow up on these old projects?).

The military, and in some rare instances, even law enforcment use EMP to nuetralize sensitive areas, in a package smaller than a Pringles tube. It shorts out most electronics and wiring without too much of a problem.

Now obviously this technology can be applied well (like EMP car horns! they'll never go that slow in the left lane again!), yet there can be mailicious uses. yet, when I think about it, there're malicious uses for cardboard so we're never really safe.

Just another thing to think about before we all even considering jumping on another bandwagon.


--me
----------------------------------
Anyone else remember VisiOn?

rob_them.c

[miahrogers]

#include
int answer;
main()
{
printf("gimme yer money");
scanf("%d", &answer);
if(answer == 1)
beamthem();
else
takeitbyforce();
}

Re:Pictures of VCs beaming $3 million to Confinity

[Ender_the_Xenocide]

And I bet Peter Thiel was sweating a little... would have been fun if something had screwed up with that little transfer!

Effective gesture, though. They wouldn't have put $3 mil on the line without a well tested system!

That's kind of circular :)

[shaldannon]

If no one uses it because they're all waiting for other people to show that the system is reliable, then no one will prove that the system is reliable, and all the people waiting around will still be awaiting the proof.... :)


Who am I?
Why am here?
Where is the chocolate?

Pictures of VCs beaming $3 million to Confinity!

On July 23, Confinity made history by receiving its first-round financing from Nokia Ventures using Palm Pilots and Confinity's PayPal software to do the funds transfer. At Silicon Valley's Bucks Restaurant, where many a venture capital deal goes down, Nokia executives will 'beam' the company's $3 million investment to Confinity CEO Peter Thiel's PalmPilot.

http://www.buckswoodside.com/s tories/storyReader$218

Old news

[the_tsi]

There were several services like this in the early days of the Internet... and they worked, too! Jack Rickard had an open invitation to let people pay for their Boardwatch Subscriptions using one of the email-money-transfer services.

I can't find the column on their online version; must have been pre-1995 (back when it there actually was BOARD in boardwatch, instead of this "internet" stuff... :P )

-Chris

Digital cash

[cduffy]

Hmm... it is, indeed, interesting that this happened just after DigiCash went belly up (according to another poster) -- as DigiCash held most of the patents involved in digital cash algorithms.

I wonder if these folks managed to get them for a song...

As for folks wondering how this is done, there are some excellent examples of digital money protocols in Applied Cryptography, a must-read for anyone who finds this interesting.

Re:Another spurious Star Trek reference

[jecpwx]

Actually, there have been several cybercash schemes around the UK for a while now - Mondex in Swindon which seems to be humming along nicely and Visa Cash in Leeds (my home town), which seems to be gaining in popularity quite rapidly... you should see parking meters as the 'foot in the door' for the technology which can then move up the food chain, as the Leeds project has done.

james

Re:Notice the investors...

[MindStalker]

umm can you please point me to a url where you found this info? I don't see it anywhere, but if true that is definatly good news!

Re:I'll stick with cash

[Wholeflaffer]

There are things to be said about cash... but:

I can't be traced: oh, yeah? Where can you spend a lot of cash and not be traced!

refunds are easy: Where are refunds easy? I always seem to have to show a receipt, show ID, and fill out/sign a form.

and I know if someone's trying to use my money: After they've robbed you, you might know if they're using your money, but you won't know who or where!

Cash and checks are increasingly uncommon in Europe, especially checks. Smart cards may face a hostile environment here in the USA, but Visa and MasterCard at least provide some protections against unauthorized use that might occur. Cash will only be protected by a safe, a gun, the police, or moral behaviour. I say, bring on some smart, technologically intelligent alternatives!

Re:What's the catch?

[MindStalker]

Well they specifically state in their privacy policy that they ask for demographic information, but that they don't give it out (cept probably base statistic as in how many people on their system fit certain demographics). They simply use it for indirect marketing. Meaning a adveriser says "Hey, I hear you have alot of college students signed up, give them all this advertisment." PayPal says "Yea we got 2 million of em, that'll cost you 50,000"

Re:Notice the investors...

[dmorin]

URL: http://www.paypal.com/cgi-bin/ pageview?cmd=investors

Re:I'll use paper for now, thanks.

[jsmith]

hmm, that could be a problem. but the technology exists to make everything else about the product secure; it shouldn't be impossible to figure out a solution to the hardware issues. besides, if you lost your 'wallet' most likely none of the transactions would be completed unless both parties sync'd them up. who wants a cashless society anyway - how would you buy dope? an excellent book to read on the subject is "Web Security and Commerce" at www.ora.com

Re:Star Trek's Money System

[E1ven]

A somewhat accepted explaination for this is that while the federation does not pay it's officers per-se, theye is money avail-able to them for use with races that do use a monetary system. Thus, if they wanted to spend money in Quark's bar, they would requisition latinum from the Fed's.

I'll use paper for now, thanks.

[...+James+...]

What happens when you break your Palm Pilot or 'accidentally' do a hard reset? Just like losing your wallet?

James

Re:I'll use paper for now, thanks.

[Stuts]

I found this on their web site:

"PayPal financial transactions are encrypted using public-key cryptography to ensure maximum security for all beamed transactions between users and for all subsequent interactions with our secure server, which occur during synchronization of each handheld device. When you conduct a transaction on the PayPal web site, we encrypt all of your private information. That information is stored on a secure server housed in a secure data center. All transactions are conducted through our secure servers, which are protected behind state-of-the-art firewalls."

Re:I'll use paper for now, thanks.

[...+James+...]

Not if you've received a transaction. Then it's like burning a check written out to you...

Re:I'll use paper for now, thanks.

[SeanNi]

Hmmm... and this thing is theoretically intended for WinCE machines...?


Heh... OTOH, this could be good. Let's say someone big... big and important... has just received a nice large - ummm - payment, and Windows crashes...

Ok, so I'm sure there are a few holes in that scenario, but it's a nice thought :-)
--
- Sean

Re:I'll use paper for now, thanks.

[The+Apocalyptic+Lawn]

Well, their FAQ doesn't cover this, but this quote from their "About PayPal" is interesting:

You can beam the PayPal[tm] software to your friend and then "beam him some money" instantly. The system charges your credit card when you next sync your device, and your friend can register later at PayPal.com.

So my guess is, that if you send money to someone, and your storage medium would err, accidentally be damaged, the transaction will never be sent and your victim will not get the money.

Mo Money!

- da Lawn

Re:I'll use paper for now, thanks.

[MrSpock]

Ummm, no. That is most certainly not how it works. There is too much a risk for abuse that way. My guess is that the payer's PDA uses some public-key encryption system to generate a private-key signed "request for funds", which is sent to the payee's PDA. When the payee syncs with his PC, the PC tells PayPal's proprietor that the payer has authorized a certain transaction from the payee's credit card to the payer's bank account. PayPal has to keep track of which transactions have happened (perhaps a check number type thing) to avoid the same "request for funds" from being exploited multiple times. But as long as PayPal knows the public-key of the payer the "request for funds" can be authenticated and acted upon immediately upon receipt.

Very simple, actually, but you have to be big and trusted to actually pull it off.

Another spurious Star Trek reference

[rde]

It's been quite a year for Star Trek advances. We've had

The cloaking device

The transporter (old news I know)

The medical tricorder

The warp drive

Pon farr (okay, getting laid for the first time in seven years probably doesn't count

Nearly all references are bogus; none of them (except the warp drive) are analagous to their Trek counterparts. Course, they're still cool.

About the credit transfer: the town of Ennis in Ireland tried giving everyone smart cards, and they only used 'em for parking meters. 'A good idea whose time has not yet come' was the official response.

Re:Another spurious Star Trek reference

[delmoi]

I think most smart cards have a certan limit of cash, althogh some places the cards for gasoline and phones have been "recharged"
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"

Re:Another spurious Star Trek reference

[toast0]

what they don't know is the world will come closer to ending when theres 31 0's (out of 32) at least on current systems, which i'm pretty sure will change my 2038 anyhow, linux alpha (probably sparc too) is allready y2038 compliant, maybe it will be the key to dethroning m$
although i hate to think of nearly 40 more years of microsoft 'inovention'

Re:Another spurious Star Trek reference

[chiark]

Visa Cash is a settled system - you have to be a Visa Cash merchant to receive value, which is just a transaction entry on a PSAM. From this, a transaction is sent to visa requesting payment. The funds pool for the card issuer is decremented and the merchant paid.

It is very obvious when more money has been spent on a card than has been loaded.

With Mondex, where real value flows from card to card, it would be possible to create value gradually and have an infinite source of cash...

Re:Another spurious Star Trek reference

[Mark+Storer]

Why is it that every time we get a couple zeros on the end of the year, people start up this "end of the world" stuff? Sorry, but I just don't by it.

Every century a collection of zelots from various religions start getting their mortal affairs in order, and (in some cases) forcing others to do the same. The problem now adays is that some utter psycho could come up with a "millenium bug" that WOULD end the world (at least as far as humans are concerned).

I'm more concerned about people who think the world will end (and try to fulfil some nut-job prophecy), than I am in a couple zeros. Even (scary) three of them.

Re:Another spurious Star Trek reference

[FatSean]

Thats spooky...

Re:Another spurious Star Trek reference

[Syslevel]

What happens when stealing right hands becomes a popular practice among criminals. . .

Re:Another spurious Star Trek reference

[blukens]

Didn't anyone see First Contact? The don't have money in Star Trek. Well, except when it's convenient to the plot. And there's gold pressed latinum. But definately not credits.

Re:Another spurious Star Trek reference

[Jburkholder]

... and don't forget the "phaser"!

Re:Another spurious Star Trek reference

Dont forget the fact that we (U.S.A.) have a chubby, womanizing captain and a first officer incapable of experiencing emotion.

Re:Another spurious Star Trek reference

[Mignon]

Citibank (and some other big bank, I think) tried a pilot (sorry) program on the Upper West Side of Manhattan a year ago or so. They replaced our ATM cards with "smart cards" that could hold cash, and got a bunch of vendors in the neighborhood to install readers. The smart card came with a little reader that would show you your current balance as well as your last few transactions.

One way they promoted it was the chance of winning a few bucks when you transferred money to your card.

They pushed it pretty hard with ads saying how great it would be not to have to worry about having change in your pocket. Big whoop.

They, and others interested in getting people to try using some "virtual" form of money, should take a lesson from the NYC bus/subway system: they've been phasing out tokens and cash (which you could only use in coin form on busses) in favor of the MetroCard, which is a little card with a mag stripe that holds a balance.

The reasons I use the MetroCard and I didn't use my bank's smart card are simple:

• It's universally accepted on all busses and subways. (I didn't get one 'til then.)
• There's advantages to using them over cash:
  • You can transfer from any train or bus to nearly any other, within a couple of hours.
  • Later, they started giving a slight discount: if you put at least $15 on your card, they add 10%.
  • They didn't ask for any personal info when I bought the card. Thus, even though they may know where card #12345 may have been, they have no way of knowing that it's mine.

Thanks to the increased ability to transfer, bus and subway ridership is way up in the city.

This system...

[delmoi]

it sounds like you could buy dope with this system, it inables transfer of funds directly from one pad to another, so theres no way to know *why* the cash was transferd.

*and* theres no cash limit (unlike smart cards with there $500 max) the VC used this system give this start up $3 million dolars....


"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"

Making $$ on this?

[MidKnight]

I wonder how they plan on making $$ on this system.... The signup is free, the software's free, the transactions are free... what does that leave them?

We're all worried about Micros~1 & AOL taking over the world; who's watching the credit card people?

--Mid

Re:Making $$ on this?

[return0]

I want a credit card with a $3 millon limit! I'd create a fake identity, beam myself a bunch of cash, disappear to some tropical island and "pleasure code" for the rest of my life.

Re:Making $$ on this?

[generic-man]

We're all worried about Micros~1 & AOL taking over the world; who's watching the credit card people?

The credit card people are WAY ahead of those two. If you want to use an operating system, you can choose a non-Microsoft OS easily. If you want to go on the Internet, you can easily sidestep AOL. If you want to be able to spend money over the phone or Internet, you're pretty much dead in the water without a credit card. Checks are really being phased out, and even then not everyone (especially minors) has access to a checking account.

The credit card people have taken over the world of electronic commerce. There are dozens of operating systems and ISP's available worldwide to the general public, but there are only four major credit cards (Visa, Mastercard, Amex, and Discover -- although that last one's a stretch) that you can use.

Re:Making $$ on this?

[chiark]

If it's a Cybercash (old-style) lookalike, then the loss/destruction/crash of a PDA means they keep the money - similar to the business model of many Stored Value schemes on Smartcards today.

A fine suggestion, but utterly, utterly wrong. What you are proposing is illegal thanks to the little known and recently dug out and dusted off escheatment laws. It says that when property (tangiable or intangiable) has no rightful owner, like expired cash or phone credits on a card, the government will look after that property until the rightful owner presents himself.

So, if a company is planning on keeping the cash/credit on an expired/lost card, they are acting illegally.

Read up on escheatment and be very scared if your company operates in this way.

Re:Making $$ on this?

[gleam]

Actually, they don't plan on making money on it just yet. Wired did an article on this, mentioning that a VC had beamed $3 million to the creators with his palm. You can find it here.

Re:Making $$ on this?

[Rabbins]

Simple:

They will just make millions off of selling advertising space. Duh.
"Great, Tommy sent me 500 bucks... and look at this sweet ad for Nike!!"
;P

Re:Making $$ on this?

[Otto]

> I wonder how they plan on making $$ on this system.... The signup is free, the software's free, the transactions are free... what does that leave them?

Your money in your account, which they are holding.

It's just like a bank. They use your money to make more money, they they keep the profit. Simple. Normally banks pay you interest (Savings accounts), but they dont have to, because they're providing you a service. Could be very profitable for them, if they get enough users, and don't go belly up inside of 6 months, which is my prediction. :-)

Wonderful...

[jmaslak]

So, I get an e-mail attachment that I'm supposed to trust and open. Sounds like a great oppertunity to do a lot of damage, with a virus. "Click here to get your $500.00!" :(

Re:Wonderful...

[jmaslak]

Yes, provided they have the software, it is just an encrypted text/data file.

However, if they don't have the software, they have to get it. It took credit cards quite a long time to get universal adoption.

So, if I don't have this software, but you want to buy a widget from me, you send me the text/data file. I don't have the software, though, so you "beam" it to my palm-pilot or e-mail it to me or whatever. That is binary, executable code that you are sending to me. :( Even if it was signed, I would have no way to verify the signature without a public key (which you sent to me, with your payment, right?).

Re:Wonderful...

[MaxZ]

The software can be signed with DEVELOPER's public key, not public key of whoever beams it to you.
Of course, that also presents a problem because
one needs access to the Net to verify the digital
signature. Of course, one could store both the money and the software in encrypted form and then try to decrypt at home...

I think that sounds pretty clunky. Now, a smart-card reader for the Pilot... That might work.

mAx

annoynimity

[delmoi]

my guess is it would be hard to just about anything anonymous when you need to be physicaly within 5 feet of eachother...
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"

Yeah, but

[Kagenin]

When do I get my Credstick? Like in ShadowRun?

Kagenin, who not only plays too many RPGs, but dreams of a Cashless Society

Re:Yeah, but

[The+Neon+Samurai]

Hey, can you explain to me the Shadowrun system for certified cred? My friends and I never got that.

Bomberman, Bomberman, mass destruction across the land

A new kind of cat burglary

[AlexZander]

So we could have petty thieves who, instead of cutting purse straps, simply intercept a wide angle IR beam with their own device.. or even MORE simply, stickyfinger the device.. *be it palm, ce, whatever* and beam all the cash in the guy's bank account into his own bank account

So let's see... lose the $3 in your wallet and spend a week waiting for all your credit cards to get replaced... or be drained of every penny you have?

I think digital money is a good thing.. but this is a slightly more sketchy idea.

Re:A new kind of cat burglary

[Col.+Klink+(retired)]

First, digital money would be signed and encrypted, so it's not just a matter of catching the beam. That also means that a stolen pilot won't sync money with someone else's cradle. They would have to beam it to another palm and, I would expect, you'd want to put a password around that function.

Next, I believe you actually need to "load money" into these things. When you sync, you would tell it to load say $50 for "walking around" money. If you palm is stolen, this is the most you can lose. If someone beams money to you, you take your pilot home and transfer it back into your bank. There is no wireless connection to your bank or any way to get money to/from your bank except at the hot sync.

This is NOT like a "debit card" where the money is instantly transfered from your bank to theirs. It's more like a travellers check, where you withdraw the money and carry it around and then someone else deposits it later. They plan to make money off the float (between the time you withdraw the money and someone else deposits it, they will earn interest off of it).

Re:A new kind of cat burglary

[garcia]

I was kinda thinking the same thing...

what about the complaint about the PalmV and using it to steal the remote operation codes from cars so that you can open the doors just by intercepting the keycode... Can you do this w/this? Just intercept the IR beam and run like a purse-snatcher laughing all the way?

I am all for electronic little gadjets doing my work for me, but I feel bad enough typing my CC info into a web browswer for a transaction (and even worse when a computer company says, oh, send it to us in email, it is as safe as handing it to a waiter in a restaurant). Maybe I am old fashioned and maybe a bit paranoid, but I would carry my wallet any day over my Palm for money transaction... Plus, paper and coin and even plastic money transfers just as easy as this...

Re:A new kind of cat burglary

[kslawson]

Any digital money scheme worth its salt will encrypt its transactions. e.g., Alice wants to send Bob money, unaware that Edgar is standing nearby, eavesdropping on Alice's IR transmission; it shouldn't be useful to Edgar, because Alice has (likely using a public-key encryption algorithm) encrypted it for Bob and for Bob only. Given suitable encryption elsewhere in the system (credit card transfers, email transactions, etc.) this should be fairly secure.

Of course, I still don't want my money going down the toilet if my Palm III resets or gets lost or dies...

Re:Security?

[delmoi]

All the data is also stored on the server, and both need to be synched before you can get it (I belive, although I'm not sure that would be necisary)

it's like a check. you can *write* a check for however much you want, but it isn't going to do you a lot of good.........
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"

Re:A new way to rob people

[Felinoid]

Some people have no sence of hummor...
However.. note he got modded up to..

People might (like he did) take the joke out of context and think this is accually likely...

It's funny and a cool joke but not realistic..
I still have images of a a crook fidling with a knife and a plam..

"In todays news a would be mugger went to the hospital when he accadentally stabbed himself during a mugging attempt when he couldn't get the palm working"

It might be easyer if they just steal your palm...
Then you go on the internet have your plan voded and the next time the crook trys to use it you get your palm back :)


A sillyness note... some doom sayers think we'll have to have 666 stammped on our palms in order to do busness..
I just can't get the image out of my mind that "The beast" refers to larg Unix servers in stores and the palm with 666 is a palm pilot set world accessable [chmod 666]
The number of the Unix beast :)

Ok enough sillyness...

Worries

[schporto]

This sounds really cool, and I'd love to use it. But there is no way I'm gonna be the guinnea pig. Sorry,I wanna know how they can ensure several things first.

• What happens if my plam does a reset? Actually by reading the site it seems like my payment never happens.
• People can forge emails. What's to prevent them from forging email payments?
• What credit card companies support this?

I'd really like to use this, it sounds nifty, now prove to me it works safely, and reliably.
-cpd

Re:Why don't banks consider encrypted transfers?

[Penrif]

SSL. That and large amount of transaction auditing at just about every point in the system. Oh, and the limitation most online transfers have to only being able to transfer to ones own accounts or to predefined payees.

It wouldn't be impossible to break the SSL-but I sure wouldn't transfer too much, you *will* be detected (expecially if you try to transfer to *your* account, duh).

Penrif

Re:There is no money in star trek..

[ebbv]

Yeah you beat me to it, there is no money in
Star Trek, they're all a bunch of new-age hippies
who help each other just out of the goodness
of their hearts.

PSHAW!

like that would ever happen, there will always
be people like WILL~1.G8S and such around who
feel they are superior to us all by birth-right.
...dave

Re:vapor

[generic-man]

Boy, aren't we quick to pass judgment. Just because something isn't available yet doesn't mean it's vaporware. They set a release date of fall '99. If it's not available then, come back here and spread the word.

e-gold

[Mawbid]

Has anyone but me heard of e-gold? Has anyone used the service or is everyone doing what I'm doing... waiting until everyone else is using it?
--

Re:Notice the investors...

[MindStalker]

Sorry bout that.. didn't see the side nav bar on the about company tab.
http://www.paypal.com/cgi-bin/pageview?cmd=inves tors

Anyways, for anyone else out there, the list of investors is Nokia, Deutsche Bank, Bill Melton (of CyberCash and VeriFone), and Martin Hellman.

Looks like electronic checks to me

[Kaa]

As far as I can see this is just electronic checks. Instead of writing out a paper check and handing it to the counterparty, you beam an electronic check from your PalmPilot to his PalmPilot. Just as with checks, no money transfer actually takes place at this time -- money flows from your accont to his account later when the transaction information is uploaded to the bank. Same with e-mail: instead of snail-mailing the paper check to somebody, you e-mail an electronic check to him.

Will this work? Probably yes. Electronic fund transfer is not going to go away. Will this work in this particular incarnation? It depends (on the company cluefulness, marketing, govt regulation, etc. etc.) Do I like the scheme? Not very much: there is no anonymity whatsoever.

Also consider the usefulness of the idea: how often do you write out paper checks and give them to other people (as opposed to, say, utility companies)? I do this maybe two-three times a year. For the rest of the time cash, credit card, and online bill payment are quite sufficient for me, thank you very much.

Kaa

Fun with IR

I've put together my own IR assault rifle. I replaced the IR LED on a cheap universal remote with an IR laser diode. I also added a red laser diode for sighting purposes (which is switched off onde the target is acquired). I then mounted the device on my telescope tripod and can now change TV channels in other poeple's houses! The fools! They leave their windows open! Muhahahahaha!!!!!

paperless world

[Felinoid]

I suspect the palm money is just a refrence to a central bank file where the money accually is.
In a sence your palm becomes a really expensive ATM card... only you can shoot a file off so someone else can pull some money out of your bank.

If your palm breaks you can just void your palm money.. It also means you can not run to the store and buy a new palm... have to run to the bank first... void palm money.. withdrawl money... get new palm.. get new palm money...

It also leaves some room for crackers to forge your palm codes and withdrawl more money from your bank than they should...

Re:What's the catch?

[diypower]

If they build up a customer base there will be major advertising opportunities, but the main source of income is the float. PayPal charges your credit card, and they get access to that money almost right away and can invest it (possibly regulated to invest only in liquid securities like U.S. treasuries). Then they hope that the friend you paid leaves that value in their PayPal account for a long time out of inertia or the expectation that they'll use their account real soon.

Plus the Wired News article says they expect over time to get people to load their account by check or bank debit, so PayPal wouldn't have to pay those nasty credit card interchange fees.

Give PayPal credit for recognizing the market opportunity in peer-to-peer payments. If enough buzz develops, somebody will take the next step and commercialize real digital cash.

Re: I want my DigiCash

[DrMazz]

I worked for DigiCash up until it went into Chapter 11 bankruptcy, so I know a little about it ;-) This post is personal opinion - I do not speak for the company.

To the best of my knowledge, all of the non-US DigiCash systems are still successfully up and running. Mark Twain was running a US trial for a long period of time but pulled out a year or so ago, which is why there is no current US presence.

However, you will be pleased to hear that the DigiCash IP was sold to a startup who appear very interested in making it a ubiquitous and successful product, and IMHO it sounds like they have the execution skill to back up the vision. Keep an eye out for it :)

Re:That system has been running in Canada for year

[PurpleBob]

I can see why this would be a good alternative to the play stuff that passes for cash in Canada.

Don't get me wrong, I'm not trying to insult Canadians, just their money. I just remember being in a Canadian arcade, and it was obviously much easier to get one of the arcade's own special cards than to come up with $2.75 in change per game.

($2.75? Remember to take not only the exchange rate into account, but the fact that everyone loves making tourists pay through the nose, especially if they have no clue how much their money is actually worth.)

Okay, okay, this is getting more and more off-topic by the second. I'll stop now.
--

Re:Yes there is cuz the federation isn't the unive

[Eric+the+.5b]

Further, just because the Federation doesn't use CASH doesn't mean they don't use money. DS9 implied heavily that the Federation uses a very fluid credit/debit system. The Ferengi and others just don't buy into this wacky sort of thing and want "real" MONEY in their hot little hands, even if the Federation has enough economic standing to let its citizens convert their credits into latinum (otherwise Chief O'Brien couldn't have paid his bar bill).

Re:I'll stick with cash

[C.Lee]

Me too. And with cash, you don't have to worry about either sitting on or your PDA dying on you....

Re:I'll stick with cash

[C.Lee]

Funny, I've never had to show any ID when getting a refund from either Kmart or Wal-mart, and whoever said you had to use your real name on any of the forms? I've paid $1500 cash for a used car at a dealership without any problems whatsoever.

Re:That system has been running in Canada for year

[tzanger]

My ATM (Interac) card does all the things you mention, save for person-to-person transfers. I thought that the MAC (Money Access Center) cards worked the same in the US?

The money sits in my account until I decide to move it to pay for a purchase. Therefore it collects (pitiful) interest. I don't have to change banks, I can make withdrawls from any bank (usually with an interbank fee however). And some bank machines indeed do give you the option of american cash. In fact, my card works on the Cirrus system of interbank transfers -- I can get cash in the states or wherever Cirrus machines exist.

Re:What happens to patents when a corp goes bellyu

[Colol]

Assuming patents operate in a similar manner to copyrights (which they may or may not), the rights would revert back to the person(s) who actually created the [insert patented item here]. (This also assumes there are no weird contractual clauses about who rights go to...)

Of course, this could totally be off, as well.

Re:vaporware: the authoritative definiton

[SeanNi]

Okokok. I bow before the all-knowing relater of The Jargon File...

D'oh!

I should RTFM more often so that I know of what I speak... :-)
--
- Sean

The danger is that something like this succeeds

[gre.g]

This is basically a way to make credit payments to people who can't accept credit card payments themselves. It's not for ebay or other real merchants. It's likely to be very popular and make them lots of money I'm afraid. Banks actually make more than just the interest on the accounts, they make money on the float, it's basically free money that the banking money synthesizes (Now that's the real start trek stuff, except it's the basis for the existing brick and morter banking business).

The problem is that the availability of faux-ecash systems like this will only make it less likely that we ever get true electronic cash. Mondex, et al are all just "better credit cards" that avoid having to pass your credit card in the clear but don't do anything to preserve your privacy. Do you really want your credit card company to have a list of everyone you exchanged cash with and every store you shop at?

Re:The danger is that something like this succeeds

[sethg]

According to the Wired article on Confinity, the money involved in the transfers will pass through an escrow account managed by Merrill Lynch. So I have to trust that Confinity and Merrill Lynch will not use their position to invade my privacy or cheat me.

If you offered me software that implemented true crypto-cash, I wouldn't have to trust an intermediary bank -- but I would have to trust that the software implemented a secure crypto-cash protocol in a correct way. Even if I had the source code in front of me, I couldn't verify that myself, so I'd have to trust some experts in the field to verify the program's reliability for me.

Furthermore, the average palmtop owners don't have a clue about who to trust on crypto issues, but they do trust the name "Merrill Lynch". So a pseudo-ecash system backed by Merrill Lynch is likely to go farther in the marketplace than a true ecash system backed by, say, Bruce Schneier.

Remember, worse is better.

Re:What an amazingly bad idea

[gschmidt]

Yeah. Instead, money would electro-magically
disappear into the ether. If you never sync
your PDA (or reinstall/wipe the memory/whatever
periodically), you can transfer all you want and
never pay anything..

Re:There is no money in star trek..

[BugMaster+ChuckyD]

New Age Hippies....

Maybe they have a "Gift Economy" and all their software and hardware designs are open Source so there no need for money!

(note for the humor impaired the above is inteded as a "joke")

"I didn't know you wore falsies -- false ears" -Brazil

The T was Better, IIRC

[Pope]

It may have changed by now, as I haven't lived in Boston for a few years,
but their universal transit card was *way* better.
Because of the zoned fares, my Dad had a card that was worth, say, $2.50 for the Commuter Rail trains.
You could then use the same card on the T for subway/tram travel, and it had the Magnetic Stripe for quick access.
The best part: unlike here in fscking Toronto, you didn't need picture ID to use the damn thing!
So I could use it on weekends when my Dad wasn't working. Ideal!

Someone from Beantown may want to correct my statements:
I never had to buy one, so I don't know about cost. But it seemed to work great!

Pope

Re:Security Concerns...

[Jeff+Monks]

Well, they said the word "secure" three times in that paragraph, AND "state-of-the-art". How much more do you want...?

I'm very skeptical of this scheme. First, they have a stupid name. "PayPal"? Uggh. Sounds like a toy cash register made by Mattel.

Not to mention the enormous difficulty of getting this thing to spread. I don't have a Palm or WinCE device (I prefer EPOC, thanks), so if someone wanted to "beam" me the ten bucks I lent them for lunch, they would have to first explain the scheme, quell my fears about its safety, and then convince me to download the software (most likely Windows and Mac only), give this company my private financial information, and then collect my ten dollars. Yeah, ummm... There's an ATM a block away. Let's go get my money.

Star Trek's Money System

[periscope]

On the subject of star trek: According to Jean Luc Picard in Star Trek: First Contact "money doesn't exist in the 24th centuryto which Cockrin's assistant replies "no money? you mean you don't get paid...". This is was in response to the question of how much the Enterprise (1701-E) cost. This is all very good,etc.. but haven't you noticed how the Ferengi and just about everyone else seem to have money or some form or other. Indeed, the Federation seems to have money on some occasions, but on others it "doesn't exist". Can anyone clarify how this is explaned or is it yet another classic Star Trek wonderful inconsistancy?

Re:Star Trek's Money System

[periscope]

Some people spend most of their lives making Star Trek "consistant". Personally I think that's way over the verge of sadness, but what can I say, my Ex girlfriend was really into this kinda thing. Check the credits, you'll see "consistancy checkers".......

Re:Star Trek's Money System

[Syslevel]

Star Trek is supposed to be consistent? I thought it was just a TV show.

Re:Star Trek's Money System

[SeanNi]

1. Gold-pressed latinum. A DS9 (I think) episode where Quark (again, I think) mentions something about the sheer brilliance of taking something worthless, like gold, pressing it into valuable latinum, a process which is hard to duplicate, and thereby making it a good form of currency.

2. STIV: The Voyage Home. The pizza parlour... who's gonna pay for the pizza? Dr. Whatzerface: "And I guess they don't have money in the 23rd Century, either." Kirk: "Well, they don't."
--
- Sean

Re:Star Trek's Money System

[Elvii]

I can't clear it up, but can add to the confusion.. :)

Encounter at Farpoint, before 1701-D arriaved at the station to pick up Dr. Crusher and Riker... she was looking at fabrics, and I believe she said bill to Dr. Crusher on the enterprise... might've been send to, but she had to pay for it somehow... Can't think of any other examples of Fed money in anything but books, which aren't canonical, iirc.

Actually, can think of one more.... how did the starfleet types on DS9 pay for food, drinks, etc at Quark's and on the promanede(sp)? We know that wasn't free.. many scenes of quark charging... And they used gold in the first DS9 ep, iirc.. (Keiko paid for two thingies that Jake and Nog stole to shutup the shopkeeper..)

Ok, so no real answers there.... maybe all Federation types charge to one central Fed Credit card? :)

Re:Encryption

[esper]

At the bottom of most (all?) of the pages, there's a "Security Notice" link which gets you to the following statement:

---
Security Notice

PayPal(TM) financial transactions are encrypted using public-key cryptography to ensure maximum security for all beamed transactions between users and for all subsequent interactions with our secure server, which occur during synchronization of each handheld device.

When you conduct a transaction on the PayPal(TM) web site, we encrypt all of your private information. That information is stored on a secure server housed in a secure data center. All transactions are conducted through our secure servers, which are protected behind state-of-the-art firewalls.
---

No indication of what flavor or key strength their crypto is, though.

Re:A new way to rob people

[SeanNi]

Jeez... it was a joke!!

Didn't you notice the rating comment? aka: 3: Funny??

That's why it was rated up... not because of anything else.
--
- Sean

Mondex

[periscope]

Of course, you're all forgetting one of the largest trials of electronic cash performed so far. You should have heard of Mondex - an electronic cash system co-developed by BT , Midland Bank (now HSBC)> and others. They have an electronic card which uses a smart chip to actually store the cash. You can get electronic "wallets" with which you can exchange cash with other private individuals. Shops have have more permanently fixed card readers. You can lock the card with strong encryption (hello US :-) so that others cant get at your cash even if you loose your card - to use it again you have to "unlock" it, and just like a mobile phone, it can be set to only authenticate with your own "wallet" so someone else can't even try cracking it. Using BT's specially developed telphones, you can withdraw money from the bank without leaving your home and you can also deposit it aswell. Anyone who is interested in this, I wrote a report on mondex several years ago when the Swidon trial took place. Unfortunately it's in M$ word format as my university hasn't embraced Linux yet and their sun's are laughably inequiped with decent word/text processing capabilities. Anyways, if you're interested - it has lots of pretty pictures :-) anyone who mails mondex-request@periscope-systems.freeserve.co.uk will receive a copy - that is if I can find it :-)

Why don't banks consider encrypted transfers?

[Eccles]

It seems to me it should be possible for someone to arrange an encrypted transaction via computer, where given some sort of info about your account (as in a public key), I connect with my bank, generate an encoding indicating the amount, my account, and the target account, and then I could send you the encoding and you give that to your bank for receipt. This could then be an electronic check, and with long enough keys should be safe at least for the short run.

An open letter to Confinity

[Omnifarious]

Are you going to publish the protocol used to communicate with your servers, and between handheld devices?

I own a Palm Pilot, but I use Linux, and I'm worried about my ability to use your service.

I'm also concerned about the security of any non-public protocol. Long experience in the cryptography community has proven that any algorithm that isn't public and survived teams of people trying to crack it isn't secure. I don't care if you use a proven algorithm like RSA. How do you use it? Where are the private keys stored? What data is on the wire? Is any data that may potentially damage security transmitted? I don't care what your answers are. I want other people's answers.

I'm looked at as a technology advisor by a lot of my friends. I will advise them all to not use your service due to the problems I outlined above unless you publish your protocol for peer review.

Re:What an amazingly bad idea

[zogzog]

How long would a palm pilot take to do >100bit public key encryption ? About a month ?

I can't let you do that, Dave...

[NoWhere+Man]

Paper is slowly becoming obsolete...though I agree that keeping your money centralized like that is risky. Should have a direct connection to a bank or something.

What an amazingly bad analysis

Bad idea becauses there's at least three points at which to break in and subvert the system.

To subvert it, you have to know what you're looking at (unless deleting it is sufficient).

-On the IR level, such as copying someone's transaction from a distance.

This doesn't work if the exchange is encrypted. This is easy to do with methods like Diffie-Hellman key exchange; others have mentioned that Hellman is part of this venture.

-At the software level, such as getting a legit payment, then hacking the software on the Palm to up the amount by a large number.

If the payment is signed by the payor, you'll have to derive his signing key in order to alter the contents. With systems like RSA this costs more do than you could get from small or medium-size forgeries.

-At the return the data to Confinity, such as sending them records of transactions that never actually occured in the first place.

Again, you'd have to forge the signatures.

Plus probably more. Admittedly, all these three can be fixed with the right kinds of encryption, but I doubt they worried about that too much when writing the software.

The scheme as described on the web site is very sketchy and doesn't give crucial details; perhaps they are still working them out. However, the worst problem I can see is that it appears to depend on the honesty of the payor; if the payor deletes or otherwise never uploads the record of the transaction, it never happened. Non-repudiation is an essential part of any secure payments system, so you'd have to allow payees to claim payment based on an upload of a signed promissory record from the payor's computer.

The neat thing about this system is that it is viral; the enabling software can spread from Palm to Palm at the speed of gossip. I don't see anything that prevents the same scheme from being used to foster an anonymous e-Cash system in the future, and once Confinity's system is widespread enough for people to start getting annoyed with its lack of privacy, the stage is set for another viral system to replace it overnight. Getting people used to exchanging money with hand-helds is the big battle, selling them on a private system that's just as easy to use is child's play by comparison.

Re:A new way to rob people

[dav]

This is, while wittily crafted, a rather ignorant comment, I can't believe it was sorted to the top of the comment display.

If one reads the article one would see that the transactions are neither anonymous nor instantaneous. Two qualities which are highly desirable to those interested in performing a successful mugging.

That system has been running in Canada for years!

[SeanNi]

> Citibank (and some other big bank, I think) tried a pilot (sorry) program on the Upper West Side of Manhattan a year ago or so. They replaced our ATM cards with "smart cards" that could hold cash, and got a bunch of vendors in the neighborhood to install readers. The smart card came with a little reader that would show you your current balance as well as your last few transactions.

That sort of system has been in place all across Canada for several years now (like about 7 or 8). I's called Interac.

The only thing you mentioned that we don't have are the little readers.

Every single bank and credit union in Canada (there are 5 big banks, a handful of small ones, and a zillion credit unions) is in on the Interac system.

It's basically an ATM (bank) card that can be used for purchasing. Pretty much any store in Canada, from McDonalds to the international airports, to little mom-and-pop corner store, to the big department stores (Sears, etc) accept them.

You can pay for your purchases directly with the card; no signing anything, all you have to do is input a single 4-number PIN. The money, if available, gets debited directly and instantly from your account.

A couple bank machines also offer the option of transferring money directly to someone else's Interac account, similar to what this Confinity thing does (except that you can't carry it with you).

Sure, the bank knows where you made the purchase, when and how much, but that's it. They don't know /what/ the purchase was. And it offers pretty much instant transactions; a few seconds and it's over. It's pretty close to being crack-proof; about the only way would be to tamper with one of the machines in advance... but they sit along-side the cash registers, so you might as well tamper with that and take the money directly, especially since any Interac transfer is logged.

Like I said, it's been in place here since the early 90's, and is immensely popular. I don't have the exact figures on-hand but something like 30%-40% of all purchases nationwide last year were made over Interac, and it's growing by 10% plus per year.

Since every single banking institution in the country is involved, you don't have to be a customer of any one particular bank or have a special ATM card or anything. Any old one will do.

And, there are really only a very few (probably under 5%) stores/restaurants/whatever that don't take it. Even the government takes it for pretty much anything. I think taxes (Income taxes, etc) are the only things they don't accept it for... and there are plans underway to change that.

It's a great system -- to be honest, I've always wondered why on earth they couldn't adopt something similar (or even the same system, to make things easy) in the USA.
--
- Sean

Close, but not quite......

[Rahga]

If you look at the visitors-from-the-past episodes and even that movie, it's not that the got rid of money, but that they eliminated poverty. Though it would be hard to maintain a productive society, eliminate poverty, and continue a minimal form of capitalism, but hey, they _did_ say the same thing about a democracy in a capitalistic society.

Re:What an amazingly bad idea

[blandest]

the palm wouldn't have to crack the code, once you have the key it is just as simple to decrypt as any other method. However, if you are planning on brute force cracking the code, that would take forever, a more feisable effort might be to capture the transaction, then load it back home and crack it there...

just a thought.

Re:vapor

[SeanNi]

Ummm... my understanding of vapourware was that it refers to a software project that gets abandoned before it is completed/released.

Just because something is not available yet (ie: before they said it would be) does not mean that it's vapourware. If it never becomes available, then it is vapourware.

Until they say they're abandoning it, or until the release date hits without them saying/releasing anything, it's simply "under development".

I mean, by your argument, Linux 2.4 is vapourware. Huh??? No, it's not! It's just not finished yet.
--
- Sean

Re: What an amazingly bad idea - Why?

People...you seem to be ignoring a few very important parts of this PayPal (why not PayPilot?) system...

1) Federal law limits your personal liability in credit card matters to $50 (long distance phone calls, stamps, etc). This means that since the actual payment part involves a credit card company...if for some reason the system is hacked and someone tries to fake a $5000 transfer, you just tell your card company to dispute the charge and that's that. Now of course, if you were dumb enough to use your fancy new CHECK card, then you will be fighting to get money you already PAID back (versus getting the right not to pay) so let's not do that, hmmm?

2) It's called Pay_PAL_ and I think this is just to remind people that initially this system will be used to settle minor debts and cash transfers between FRIENDS. Like when the bo-bos in desktop support all decide they want to eat somewhere nice for lunch but one of them is short on cash. Someone else pays for that person and instead of an IOU on a Post-It note...they get a digital version that is less likely to be forgotten or misplaced.

3) For crying out loud...have the people whining about resets even HEARD of FlashPro? If you put your PayPal database in FlashROM instead of RAM then even a hard-rest is not going to touch it. Do this and the only way the "payment to be" will be vulerable is if your PalmPilot breaks or you lose it. If this is the case, the $5 someone transferred from lunch is not going to be your biggest concern. And if it is, you can always ask the person to resend since the data got lost and thus never got charged. Do you really think Confinity would have lost their venture capital funding if the CEO dropped his Palm under a bus? No. Of course he would have gone back to the Nokia rep and asked for a resend. Now if you are selling your car or house to stangers on the street, then loss of Palm might be an issue, but otherwise...get real. =]

4) Hacks and trojans are possibly a future concern but don't forget I can always do an Info command to review the maker, version, and size information if I'm that paranoid (not like it can't be faked but at least it gets rid of the casual CodeWarrior kiddie). But getting back to point #2 I'm not going to let any shmuck on the street beam an application to my Palm, let alone one that involves payment. You either trust your friends that this is legit, or you tell them to put cash on the barrelhead.

Maybe someday when strangers on the street are trying to PayPal each other will these security issues be a concern. As it stands right now, this is just a simple, automated IOU system that gives any JoeShmoe the ability to accept credit card payment (via proxy) from someone they already know and trust. Good for them. I'll use it and hide behind Citibank if it doesn't work the way it was supposed to.

Besides...I'm more concerned about looking my contact list than any PayPal data. The contact list is priceless, PayPal is "only money".

JoeShmoe

~~~~~
The best .sig's are the ones you think up at the last second.

Re:Do we need it?

[RyoZenZuZex]

I'm no expert, but shouldn't it be possible to make a semi-anonymous service by reverse engineering thier encryption protocols?

Do this - take the digital check, intended to be beemed to someone who doesn't have an account. Instead of signing up for the service, and thus revealing who you are, simply use that check to pay someone else for an anonymous service or product. Voila'!

Of course, how viable this scenario is depends on how long the expiration period is on the check. I would think that it'd be at least thirty days or so, to allow for the lazy person with no immediate money concerns. And if we can hack the protocoll, we could make a version that would post-date the check for greater circulation time.

The main drawback of taking this approach is that you couldn't make change - the digital check is a non-changable entity. Thus you wouldn't be able to take a check for $100 and make two payments of $50 off of it. BUT!!! It should be fairly simple to request several digital checks from your friend/trading partner instead of one massive one.

How long will it take us to reverse engineer the algorythms and re-create the software as an open source project? Or will they try to increase confidence in their project by releasing it as open source, or at least open spec? Is it just me, or does this seem like the obvious thing to do for your typical paranoid? Is this just a pipe dream, or could this happen?

vapor

[jfm3]

The software and on line reconciliation system don't appear to be available yet. This is vaporware.

Big Problem if...

[Rabbins]

That website addresses next to nothing....
while making it sound like this thing should be roling out next week some time.

And I thought financial ruin was close enough for all of us with simple credit cards and on-line brokers/auction houses/stores!

A new way to rob people

[broken]

"(...)And from that point on, robbers had Palm Pilots in their equipment, along with switchblades and guns. When they robbed somebody, their usual words were: "point your Pilot to mine and beam all your money and nobody gets hurt"."

Extract From Galactic Encyclopedia, May 2010.

Security Concerns...

[schon]

From their "security notice":
When you conduct a transaction on the PayPal web site, we encrypt
all of your private information. That information is stored on a
secure server housed in a secure data center. All transactions are
conducted through our secure servers, which are protected behind
state-of-the-art firewalls.

Who is guaranteeing the site is secure? Have they been audited by
someone, or are they blowing smoke?

It certainly sounds good, but I'm a little skeptical without more
information..

What's the catch?

[Taral]

C'mon. You don't get something for nothing. The credit card companies charge these guys for processing transactions, but they're going to pay your friend the full amount? And it's all free? Where's the catch?

Re:What's the catch?

[Otto]

The catch is that they dont pay it directly into your bank account, but into your account with them.

It helps to think of them as a bank. They hold your money, and let you spend it. If someone transfers money to you, it goes into that account which you can then spend.

A bank spends your money to make more money. That's how banks survive, other than bank fees. For some savings accounts, you pay nothing, but earn interest on the money in that account. The reason for this is that they use your money to make more money than the interest they pay you.

I wouldn't be surprised to discover that this is actually a bank somewhere, and not just an internet company.

Re:What's the catch?

[Stonehand]

Well, there are at least a few angles where they might make money.

* Advertising, as others have duly noted. Although, not owning any form of PDA, I've no idea how much ad space there actually is on one...

* Possibly, getting a cut from 3Com, if it increases their sales.

* Perhaps the most intriguing/scary thing is, they'd have contact information and transaction information about everybody using the system, which could be useful to anybody interested in targeted marketing. Unless they're contractually bound to have as strong a privacy policy as both the credit card company and the vendors involved, or they make those guarantees... {shrug}

This is only for losers! It says so on the site!

[dlc]

Didn't anyone else notice the little box at the bottom of the front page..."Use your palm or Windows CE to pay your friends." They're obviously aiming this product at those of us who have to purchase our friends affections.

Re:What an amazingly bad idea

[Paul+Crowley]

PGP ran on 386's just fine, so it won't be that bad. Plus there's a decent chance they're using elliptic curve stuff for efficiency.

If Martin Hellman is involved it seems likely they know what they're doing. I only wish they'd make the text on their Website readable - I guess I'll just have to use Lynx...
--

Doesn't anybody READ the articles before posting?

[dav]

They have credible encryption experts involved in the project, including one inventor of PUBLIC KEY CRYPTOGRAPHY (ever heard of that?) who is additionally an investor.

-Undoubtedly the infrared xmission is encrypted!

-The data sent to Confinty is probably encrypted and digitally signed to avoid tampering.

-You probably will not be able to fake a transaction. My understanding of the article is that the money will be held in escrow until both parties confirm the transaction via sync'ing. (Although this would open up another possible problem).

In any case, why not take a RTFM-approach before posting flippant theories.

Re:I'll stick with cash

[Syslevel]

That's all very fine. But please don't sound so cheerful in advocating "smart, technologically intelligent alternatives" to moral behaviour.

It's just chilling.

Youme is free. Me --> Merchant is $$. Duh.

[Myself]

Just like the credit card companies charge merchants a chunk of the fee in order to have the convenience of accepting a certain card.

If you destroy your Palm before syncing it, theoretically the transaction could still happen because the other party could sync THEIRS and the system would still take it.

The only way a transaction would be lost is if both devices holding both sides of it were somehow stopped from reporting the transaction.

Yes they'd be able to trust information from a single source because it's all cryptographically secure, we hope. Anyone, anyone? Bruce?

Re:What an amazingly bad idea

[vkulkarn]

Here's an amizingly simple way to fix those problems...

No $$ changes hands until BOTH parties sync their PDA's and send information about the transaction to Confinity... if the information coming into Confinity from both sides doesn't match, then you get a human involved to call all parties, and you sort the matter manually...

Security?

[dburton]

What about security? What's to keep J.Q. Hacker from writing a Palm or CE program that fools the receiving Palm or CE unit into beleiving it just received, oh, I don't know, millions of dollars? Or, even better, just modify the unit to think it has a million dollars instead of ten dollars. That data has to be stored on the unit somewhere. Seems like there are a lot of possible holes here.

What an amazingly bad comeback

[Otto]

First off, you missed the point. I said it could be fixed with the right kind of encryption. I never denied it. I just seriously doubt it'll work first try. :-)

>The neat thing about this system is that it is viral; the enabling software can spread from Palm to Palm at the speed of gossip. I don't see anything that prevents the same scheme from being used to foster an anonymous e-Cash system in the future, and once Confinity's system is widespread enough for people to start getting annoyed with its lack of privacy, the stage is set for another viral system to replace it overnight. Getting people used to exchanging money with hand-helds is the big battle, selling them on a private system that's just as easy to use is child's play by comparison.

First off, who said people exchanging money with hand-helds is a good idea in the first place? But I'll leave that alone for now.

The simple fact is that if you are trying to get people used to the fact that interpersonal electronic exchange of funds (good phrase) is good, then it has to be absolutely unbreakable. If there is just ONE instance of someone losing $50 because of this thing, then the media will be on to it like a shot, a bunch of self-appointed "experts" will say it's a buggy piece of shit, and everyone who uses it will stop. Plus, anyone else with a device that's even REMOTELY similar can just kiss that goodbye because of the bad public image generated by the first device.

Also, the "viral"-ness of it will work against it. Confinity will be seen as a big brother of sorts, although not in as large a way. What person who doesn't have a Confinity account would accept the software from another person, along with a payment, without knowing that it would work when they tried to sync it. Sure, it would work, but our mythical guy with the new software don't know that..

Now, admittedly, the Palm is currently more of a hacker toy, so this is not likely to be a problem. But it is something to think about. The "smart card" concept extending to interpersonal exchange of funds would be nice. But the technology isn't secure enough yet, IMHO. Even with Public-Key. Why? People don't want security if they actually have to do anything to accomplish it, and public-key requires a bit of work.

Plus people are stupid. :-)

What an amazingly bad idea

[Otto]

From what the site says, it basically allows you to take credit card payments. Probably goes like this:

You setup your Palm with the software.
You setup an account with Confinity (free-ish).
You can now take credit card payments with the software, OR beamed payments from other users.
When you "sync" the Palm with Confinity, the data is sent to them, and they actually charge the credit cards, and send the money to you or your account with them, whichever.

Bad idea becauses there's at least three points at which to break in and subvert the system.

-On the IR level, such as copying someone's transaction from a distance.

-At the software level, such as getting a legit payment, then hacking the software on the Palm to up the amount by a large number.

-At the return the data to Confinity, such as sending them records of transactions that never actually occured in the first place.

Plus probably more. Admittedly, all these three can be fixed with the right kinds of encryption, but I doubt they worried about that too much when writing the software.

Just don't use this for anything important for about a year or two, giving them time to work out the bugs.. Probably vaporware anyway..

Re:There is no money in star trek..

[John+Campbell]

Tell that to the Ferengi.

Encryption

[DiningPhilosopher]

This can only be done safely with encryption. The only reference to encryption I find on the site is in the company info section - it says "Our founding team combines backgrounds in finance, encryption, telecommunications, and the Internet."

Crypto can address issues of forged or duplicated emails (though I'll wait to see how they're doing it before I trust it). Of course, it can't address issues of crashed software, lost email, etc...

Do we need it?

[Flak]

I can't think of a good way to use this product. Don't forget that cybercash has had their e-cash available for web users for years. There is a few online banks that offer the same thing. Credits to be used on the Internet instead of money. This removes the fear of shooting your credit card across the net. (What fear anyways? like giving the number to a HUMAN over the phone is secure at all..)The product will be big for all of two minutes (it was slashdotted after all) and fade away just like the other technology that preceded it.

Re:Do we need it?

[Paranoid+Diatribe]

Odd coincidence today. A few years back, I had a huge interest in Chaum's digital money system, DigiCash. Back then, it didn't seem too widely spread to be of use to me, so every 6 months or so I check up on it. Today I went to their site on a whim only to find they went bankrupt!

And then this slashdot post.

As far as I know, DigiCash (wasn't there an "e-cash" that used Chaum's system?), was the only system that allowed anonymous payments. This is what I found most useful. I was pretty distressed when I heard that DigiCash went under.

I don't think this product is viable. From the glossy web pages, I found nothing about privacy, real encryption, or anything more beneficial over the credit card number over SSL payment.

Oh, sure, I can give some "money" to my buddy with a Palm (any word on an HP48 port?), but is that really useful?

I wanted DigiCash. Are there products that allow for truly anonymous transactions?

Something is fishy about this

[Ulexus]

Since they do not specify these in their page, I can only speculate on my major concerns.

1) As someone has already mentioned, what are they getting out of this?

I can only think of a few ways to make money on this, but none of them seem overly viable.

• a) invest the deposits and the government concurrency, like as the banks.
• 
  
  • i) my guess would be that these are going to be very small accounts with rapidly changing balances, which would give a fairly low margin.
  • ii) even so, this seems the most likely: if enough people deposit, the variance on the total gets smaller (but higher risk)
  
  
• b) kickbacks for financial information
• 
  
  • i) sell to credit companies
  • ii) aww. They'lll do this anyway
  
  
• c) charge interest on deposited funds for "availability services"
• 
  
  • i) their page only mentions that they will not charge for deposits or withdrawals, not for the storage
  • ii) this would sort-of be shooting themselves in the foot... no one would want balances, so this would exclude a)
  
  
• d) offer credit at some interest rate
• 
  
  • i) like as credit cards, loans, etc.
  
  
• e) public service, register non-profit, get donations and government support
• 
  
  • i) yeah, right

2) How is the transaction accounted?
Obviously, they must use both payee-dependence and payer-dependence. If only payee, the payee could get as much as they want. If only payer, the payer could --- oops --- reset --- his pilot. So, the two must agree. Further, the limit of accountability must be either based on the pre-deposited funds or some credit financing scheme as above.
If they do it this way, it seems fairly well accountable, from three axes. Of course, they'll need encryption and authentication and all of that, but that looks fairly sound otherwise... if they do it this way...

That, of couse, is the final concern:
They don't tell us, the future customers, their methods, accountability, and financial interests.

Re:That system has been running in Canada for year

[MoNickels]

What you're describing is basically the same as ATM cards that can now be used any place that accepts a credit card: damned near anywhere.

We've had ATM-cards-as-credit-cards in the States for a number of years now, and to be honest I don't think smart cards are every going to catch on. My money is stored in the bank. Why do I need another middle man? My ATM card deducts directly from my bank account, or I can get cash if I want, and Chase (my bank) now allows you to do bill paying from the ATM machine.

The day that smart cards become universal is the day they act like banks: you can do a person to person transfer on the spot, your money collects interest if you don't spend it, and if you want, I can get in Euros or kroner or whatever.

I have a better idea.

[heroine]

How about credit cards. They're smaller than palm pilots. They're cheaper. They don't have batteries which can run out or leak. You don't need to use a Microsoft operating system on them. I've been using credit cards for years and years.

vaporware: the authoritative definiton

[copito]

vaporware /vay'pr-weir/ n.
Products announced far in
advance of any release (which may or may not actually take place).
See also brochureware .


So spaketh the Jargon File
--

I take it you've never heard of Ferengi...

[Evro]

(see subject)

When will they lose the credit cards?

[qseep]

The problem with all these new transaction schemes is they all use credit cards for transactions, which is just about the most antiquated, brain-dead scheme around. It's easy to base electronic transactions on credit cards, because it just involves sending a 16-digit number plus expiration date and a name. That's lame because no matter how secure your transaction, credit cards themselves are inherently insecure. Just because my wireless payment gizmo is secure doesn't mean the waiter in a restaurant can't nab my credit card number and use it to order junk over the phone.

We need a payment mechanism that isn't so inherently insecure. One excellent one was that of the now defuct DigiCash. E-cash is great because it's anonymous, up until the point you try to cheat with it by using it twice. Credit card companies can't track you for marketing purposes. There's no simple 16-digit number guarding your account.

Of course the problem with e-cash, if you can call it a problem, is that you're going to have to pay a surcharge to use it. With credit cards, the companies make enough money off of people who run up interest charges, plus the vendor's fee, that the consumer doesn't need to pay any surcharges.

How about some kind of a compromise? How about an e-cash account where you can borrow money from it, and it racks up interest charges if you don't pay it back by the end of the month, but the company has no way of tracking your individual transactions, because you can check out the money in lump sums and they don't know who you're paying?

Comments?

What happens to patents when a corp goes bellyup?

[Ungrounded+Lightning]

Do the patents go to the receivers?

How about the patent assignment agreements with the employees who worked down to the end and didn't get their last paycheck? Does that void the assignment contract, thus returning the rights to the inventor?

How about patents in progress or inventions documented but not yet pattent-applied-for?

Re:beaming software

[qmrf]

Nothing....But then, that's hardly a fault of this particular software, now is it?

Notice the investors...

[dmorin]

One of the investors is Martin Hellman, famed in song, story and Diffie/Hellman algorithms. "Best known as co-inventor of public key cryptography", as they put it on the website. So, concerns about security should be addressed at least somewhat by his presence. d

Paper money

[sporty]

I believe the saying goes, a picture is worth a thousand words. Depicting something so physical as paper money in terms of bits and what-not seems more forgable than before.

Someone may bring up, ATM's.. but we never have direct access to their programming. With a PDA, we can just dump memory and inspect.

I am not saying there are no advantages, just the danger seems more ominous.

This Looks Cool and Safe

[GeorgeH]

http://www.wired.com/new s/news/technology/story/20958.html

According to this article, you beam your account number across Palms, and when the user synchs, your account is billed n dollars. So if you do a hard reset on your Palm, you just have to re-enter your account information. You don't "lose" any money.

My first impression when I saw this was "Wow, how long before someone writes an IR sniffer?" Luckily, they seem clueful. Dan Boneh and Martin Hellman (as in Diffie-Hellman encryption) both helped develop the software, so I imagine its reasonably secure. Plus, they use the high-test encryption, opting for security over exportability. IMHO more companies need to take this attitude. Then again, the government needs to get a clue and so do most software houses (hint, XORing passwords is NOT secure!).

I'll probably wait a little while for them to get the bugs out of a nationwide rollout, but I can't wait to be able to buy a jolt with my Palm III!