[JXTA Security] Anonymity Snake Oil in JXTA

Ben Laurie ben at algroup.co.uk
Mon Jul 2 16:11:10 EDT 2001 

Philippe Coupe wrote:
> 
> Here is some answer to Ben Laurie legitimate questions (sorry for the delay
> but I was off last week) ...
> 
> [...]They have chosen (by what process?) a thing called EPocketCash
> (http://www.epocketcash.com/[1]) to do this[...]
> JXTA neither SUN did not "chose" to implement EPocketCash. I, as CEO of
> IPassport Corporation (who operates EPocketCash) proposed to the JXTA
> governance to implement our payment system (inside JXTA). Again, we will
> implement the JXTA merchant and client parts of our payment system. The
> source code will be fully available and will follow open source licence
> guidelines set by JXTA governance.
> If you want to create another payment system project you are free to propose
> and implement it yourself...  Later, the market will decide (and not you, me
> or JXTA community/governance) ...

OK, this has been pointed out by a few other people. It should be _much_
clearer on the website.

> [...] it is tied to bank accounts [...] You like it or not but, worldwide,
> banks manage the money. Without a bank accout there is no way to put money
> to/from any payment system of anykind. A payment system is only a process to
> debit/credit a bank account.

Oh yeah? So what are these banknotes and coins in my pocket, then?

> With EPocketCash, this account is not a regular
> account or a checking account but an EPocketCash/Your_Bank (co-branded like
> your VISA card) account opened at "this" branch of "this" bank (of course it
> must be a bank who partner with us). Your checking/saving (or any existing)
> account are not linked to your EPocketCash account...

So can I open one without presenting ID? Can I transfer cash into one
without ID?

> [...]Oh, except a judge[...] Like it or not but we are a US corporation and
> as such we have to follow the laws and regulations of the USA.

And those do _not_ state that you are required to track money.

> [...]Oh, and probably either side of the transaction (so they can take you
> to court, see? Isn't that a marvellous benefit? [well, they told me it was,
> and they should know, right?]) [...] No, the merchant never know the
> identity/account number of the client. Test our technology yourself as a
> client and as a merchant and check it yourself. Through JXTA, try to
> understand the system and if needed, help us fix it...

So how do I get to take legal action against the merchant as you
described? How does a merchant take action against a fraudulent client?

> Remember, here, we all work on the JXTA project and it's a community based
> work...

So publish your technical documentation, in its entirety.

Cheers,

Ben.

> 
> -----Original Message-----
> From: ben at top.ben.algroup.co.uk [mailto:ben at top.ben.algroup.co.uk]On
> Behalf Of Ben Laurie
> Sent: Thursday, June 28, 2001 7:43 PM
> To: Coderpunks; Cryptography; UKCrypto
> Cc: JXTA Security
> Subject: [JXTA Security] Anonymity Snake Oil in JXTA
> 
> JXTA (http://www.jxta.org/) claims to have a payment project which will
> "implement anonymous and secure financial transactions". See:
> 
> http://payment.jxta.org/servlets/ProjectHome
> 
> They have chosen (by what process?) a thing called EPocketCash
> (http://www.epocketcash.com/[1]) to do this. Here's the marketing
> droidlish: "The goal is to implement the Epocketcash payment protocol
> for financial transactions for JXTA. EPocketCash is the first payment
> system designed exclusively for the Internet. It allows anybody to be a
> merchant and/or a customer at the same time with the same account. This
> anonymous payment system will work on any gizmos connected to the
> internet. Currently we support the WEB, WAP and I-Mode phones."
> 
> Sounds great, no? There's just one teeny problem. It isn't anonymous.
> Not even a little bit. It is merely secret. That is, it is tied to bank
> accounts, and they promise (no, really) that they won't tell anyone who
> you are. Oh, except a judge. Oh, and probably either side of the
> transaction (so they can take you to court, see? Isn't that a marvellous
> benefit? [well, they told me it was, and they should know, right?]). Oh,
> and anyone who breaks into their system.
> 
> But it is anonymous really. They said so.
> 
> Cheers,
> 
> Ben.
> 
> [1] I can't actually read this, it renders horribly on Netscape, but my
> information comes from Philippe Coupe, President and CEO of IPassport
> Corp (who own EPocketCash?).
> 
> --
> http://www.apache-ssl.org/ben.html
> 
> In Boston 'til 1st July.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list