Slashdot Mirror
Beaming Money
Wes writes "If you've ever dreamed of having a system like they use on Star Trek, where credits are instantly passed back and forth, this is it. PayPal, from Confinity will let you do that. Just sign up, load the software onto your Palm or WinCE device and go. If the other person doesn't have the software, you can IR-beam it to them, same as transferring money. Never fear if you don't have a handheld. An e-mail address will do just fine, but no money beaming. Sounds like a new payment type for eBay. "
Geez, its going to be simpley an encypted text/data. There should be no need for any executables, meaning there should be no viruses. But, as was previously said, we need to find out what encryption and protection system they are using first. Anyone know anything about this companies history? any complaints?
umm can you please point me to a url where you found this info? I don't see it anywhere, but if true that is definatly good news!
Well they specifically state in their privacy policy that they ask for demographic information, but that they don't give it out (cept probably base statistic as in how many people on their system fit certain demographics). They simply use it for indirect marketing. Meaning a adveriser says "Hey, I hear you have alot of college students signed up, give them all this advertisment." PayPal says "Yea we got 2 million of em, that'll cost you 50,000"
URL: http://www.paypal.com/cgi-bin/ pageview?cmd=investors
www.HearMySoulSpeak.com
What happens when you break your Palm Pilot or 'accidentally' do a hard reset? Just like losing your wallet?
James
get nemulator
The cloaking device
The transporter (old news I know)
The medical tricorder
The warp drive
Pon farr (okay, getting laid for the first time in seven years probably doesn't count
Nearly all references are bogus; none of them (except the warp drive) are analagous to their Trek counterparts. Course, they're still cool.
About the credit transfer: the town of Ennis in Ireland tried giving everyone smart cards, and they only used 'em for parking meters. 'A good idea whose time has not yet come' was the official response.
So, I get an e-mail attachment that I'm supposed to trust and open. Sounds like a great oppertunity to do a lot of damage, with a virus. "Click here to get your $500.00!" :(
When do I get my Credstick? Like in ShadowRun?
Kagenin, who not only plays too many RPGs, but dreams of a Cashless Society
"All warfare is based on deception."
Sun Tzu, "The Art of War"
So let's see... lose the $3 in your wallet and spend a week waiting for all your credit cards to get replaced... or be drained of every penny you have?
I think digital money is a good thing.. but this is a slightly more sketchy idea.
I'd really like to use this, it sounds nifty, now prove to me it works safely, and reliably.
-cpd
Sorry bout that.. didn't see the side nav bar on the about company tab.s tors
http://www.paypal.com/cgi-bin/pageview?cmd=inve
Anyways, for anyone else out there, the list of investors is Nokia, Deutsche Bank, Bill Melton (of CyberCash and VeriFone), and Martin Hellman.
As far as I can see this is just electronic checks. Instead of writing out a paper check and handing it to the counterparty, you beam an electronic check from your PalmPilot to his PalmPilot. Just as with checks, no money transfer actually takes place at this time -- money flows from your accont to his account later when the transaction information is uploaded to the bank. Same with e-mail: instead of snail-mailing the paper check to somebody, you e-mail an electronic check to him.
Will this work? Probably yes. Electronic fund transfer is not going to go away. Will this work in this particular incarnation? It depends (on the company cluefulness, marketing, govt regulation, etc. etc.) Do I like the scheme? Not very much: there is no anonymity whatsoever.
Also consider the usefulness of the idea: how often do you write out paper checks and give them to other people (as opposed to, say, utility companies)? I do this maybe two-three times a year. For the rest of the time cash, credit card, and online bill payment are quite sufficient for me, thank you very much.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
I've put together my own IR assault rifle. I replaced the IR LED on a cheap universal remote with an IR laser diode. I also added a red laser diode for sighting purposes (which is switched off onde the target is acquired). I then mounted the device on my telescope tripod and can now change TV channels in other poeple's houses! The fools! They leave their windows open! Muhahahahaha!!!!!
It seems to me it should be possible for someone to arrange an encrypted transaction via computer, where given some sort of info about your account (as in a public key), I connect with my bank, generate an encoding indicating the amount, my account, and the target account, and then I could send you the encoding and you give that to your bank for receipt. This could then be an electronic check, and with long enough keys should be safe at least for the short run.
Ooh, a sarcasm detector. Oh, that's a real useful invention.
The neat thing about this system is that it is viral; the enabling software can spread from Palm to Palm at the speed of gossip. I don't see anything that prevents the same scheme from being used to foster an anonymous e-Cash system in the future, and once Confinity's system is widespread enough for people to start getting annoyed with its lack of privacy, the stage is set for another viral system to replace it overnight. Getting people used to exchanging money with hand-helds is the big battle, selling them on a private system that's just as easy to use is child's play by comparison.
If one reads the article one would see that the transactions are neither anonymous nor instantaneous. Two qualities which are highly desirable to those interested in performing a successful mugging.
> Citibank (and some other big bank, I think) tried a pilot (sorry) program on the Upper West Side of Manhattan a year ago or so. They replaced our ATM cards with "smart cards" that could hold cash, and got a bunch of vendors in the neighborhood to install readers. The smart card came with a little reader that would show you your current balance as well as your last few transactions.
/what/ the purchase was. And it offers pretty much instant transactions; a few seconds and it's over. It's pretty close to being crack-proof; about the only way would be to tamper with one of the machines in advance... but they sit along-side the cash registers, so you might as well tamper with that and take the money directly, especially since any Interac transfer is logged.
That sort of system has been in place all across Canada for several years now (like about 7 or 8). I's called Interac.
The only thing you mentioned that we don't have are the little readers.
Every single bank and credit union in Canada (there are 5 big banks, a handful of small ones, and a zillion credit unions) is in on the Interac system.
It's basically an ATM (bank) card that can be used for purchasing. Pretty much any store in Canada, from McDonalds to the international airports, to little mom-and-pop corner store, to the big department stores (Sears, etc) accept them.
You can pay for your purchases directly with the card; no signing anything, all you have to do is input a single 4-number PIN. The money, if available, gets debited directly and instantly from your account.
A couple bank machines also offer the option of transferring money directly to someone else's Interac account, similar to what this Confinity thing does (except that you can't carry it with you).
Sure, the bank knows where you made the purchase, when and how much, but that's it. They don't know
Like I said, it's been in place here since the early 90's, and is immensely popular. I don't have the exact figures on-hand but something like 30%-40% of all purchases nationwide last year were made over Interac, and it's growing by 10% plus per year.
Since every single banking institution in the country is involved, you don't have to be a customer of any one particular bank or have a special ATM card or anything. Any old one will do.
And, there are really only a very few (probably under 5%) stores/restaurants/whatever that don't take it. Even the government takes it for pretty much anything. I think taxes (Income taxes, etc) are the only things they don't accept it for... and there are plans underway to change that.
It's a great system -- to be honest, I've always wondered why on earth they couldn't adopt something similar (or even the same system, to make things easy) in the USA.
--
- Sean
It's a fine line between trolling and karma-whoring... and I think I just crossed it.
- Sean
That website addresses next to nothing....
while making it sound like this thing should be roling out next week some time.
And I thought financial ruin was close enough for all of us with simple credit cards and on-line brokers/auction houses/stores!
"(...)And from that point on, robbers had Palm Pilots in their equipment, along with switchblades and guns. When they robbed somebody, their usual words were: "point your Pilot to mine and beam all your money and nobody gets hurt"."
Extract From Galactic Encyclopedia, May 2010.
-Undoubtedly the infrared xmission is encrypted!
-The data sent to Confinty is probably encrypted and digitally signed to avoid tampering.
-You probably will not be able to fake a transaction. My understanding of the article is that the money will be held in escrow until both parties confirm the transaction via sync'ing. (Although this would open up another possible problem).
In any case, why not take a RTFM-approach before posting flippant theories.
From what the site says, it basically allows you to take credit card payments. Probably goes like this:
You setup your Palm with the software.
You setup an account with Confinity (free-ish).
You can now take credit card payments with the software, OR beamed payments from other users.
When you "sync" the Palm with Confinity, the data is sent to them, and they actually charge the credit cards, and send the money to you or your account with them, whichever.
Bad idea becauses there's at least three points at which to break in and subvert the system.
-On the IR level, such as copying someone's transaction from a distance.
-At the software level, such as getting a legit payment, then hacking the software on the Palm to up the amount by a large number.
-At the return the data to Confinity, such as sending them records of transactions that never actually occured in the first place.
Plus probably more. Admittedly, all these three can be fixed with the right kinds of encryption, but I doubt they worried about that too much when writing the software.
Just don't use this for anything important for about a year or two, giving them time to work out the bugs.. Probably vaporware anyway..
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Tell that to the Ferengi.
> I wonder how they plan on making $$ on this system.... The signup is free, the software's free, the transactions are free... what does that leave them?
:-)
Your money in your account, which they are holding.
It's just like a bank. They use your money to make more money, they they keep the profit. Simple. Normally banks pay you interest (Savings accounts), but they dont have to, because they're providing you a service. Could be very profitable for them, if they get enough users, and don't go belly up inside of 6 months, which is my prediction.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
The catch is that they dont pay it directly into your bank account, but into your account with them.
It helps to think of them as a bank. They hold your money, and let you spend it. If someone transfers money to you, it goes into that account which you can then spend.
A bank spends your money to make more money. That's how banks survive, other than bank fees. For some savings accounts, you pay nothing, but earn interest on the money in that account. The reason for this is that they use your money to make more money than the interest they pay you.
I wouldn't be surprised to discover that this is actually a bank somewhere, and not just an internet company.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
1) As someone has already mentioned, what are they getting out of this?
I can only think of a few ways to make money on this, but none of them seem overly viable.
2) How is the transaction accounted?
Obviously, they must use both payee-dependence and payer-dependence. If only payee, the payee could get as much as they want. If only payer, the payer could --- oops --- reset --- his pilot. So, the two must agree. Further, the limit of accountability must be either based on the pre-deposited funds or some credit financing scheme as above.
If they do it this way, it seems fairly well accountable, from three axes. Of course, they'll need encryption and authentication and all of that, but that looks fairly sound otherwise... if they do it this way...
That, of couse, is the final concern:
They don't tell us, the future customers, their methods, accountability, and financial interests.
Seán C. McCord
One of the investors is Martin Hellman, famed in song, story and Diffie/Hellman algorithms. "Best known as co-inventor of public key cryptography", as they put it on the website. So, concerns about security should be addressed at least somewhat by his presence. d
www.HearMySoulSpeak.com
Odd coincidence today. A few years back, I had a huge interest in Chaum's digital money system, DigiCash. Back then, it didn't seem too widely spread to be of use to me, so every 6 months or so I check up on it. Today I went to their site on a whim only to find they went bankrupt!
And then this slashdot post.
As far as I know, DigiCash (wasn't there an "e-cash" that used Chaum's system?), was the only system that allowed anonymous payments. This is what I found most useful. I was pretty distressed when I heard that DigiCash went under.
I don't think this product is viable. From the glossy web pages, I found nothing about privacy, real encryption, or anything more beneficial over the credit card number over SSL payment.
Oh, sure, I can give some "money" to my buddy with a Palm (any word on an HP48 port?), but is that really useful?
I wanted DigiCash. Are there products that allow for truly anonymous transactions?
http://www.wired.com/new s/news/technology/story/20958.html
According to this article, you beam your account number across Palms, and when the user synchs, your account is billed n dollars. So if you do a hard reset on your Palm, you just have to re-enter your account information. You don't "lose" any money.
My first impression when I saw this was "Wow, how long before someone writes an IR sniffer?" Luckily, they seem clueful. Dan Boneh and Martin Hellman (as in Diffie-Hellman encryption) both helped develop the software, so I imagine its reasonably secure. Plus, they use the high-test encryption, opting for security over exportability. IMHO more companies need to take this attitude. Then again, the government needs to get a clue and so do most software houses (hint, XORing passwords is NOT secure!).
I'll probably wait a little while for them to get the bugs out of a nationwide rollout, but I can't wait to be able to buy a jolt with my Palm III!
Why can't I moderate something "Wrong" or at least "Grossly Misinformed"?