30 May 2019 - 11 minute read
So, cash is a great idea done terribly. It's simple in that you can be very
certain how much you have as it's physical and exists in your hands/pocket and
you can count it and add to it. You don't rely on any 3rd party to manage it for
you so you have no extra people to trust with it other than yourself. It's also
completely anonymous and respects user privacy exceptionally. It has some major
issues though. Firstly, it's bulky. A wallet full of cash is big and heavy and
uncomfortable to have in your pocket. Secondly, it doesn't work online where a
tremendous amount of our spending occurs nowadays. Finally, an increasing number
of shops and other places are ceasing to accept it - only taking card or payment
using the special payment thing on your phone like Apple Pay or whatever.

So, the method of payment that most people use nowadays is the credit/debit
card. These are much easier. One little plastic rectangle with a couple of chips
in it and you can pay anywhere. You type in the card number and everything to
pay online, and in person you can plug it in and type in the pin or you can
press it against the reader to pay instantly. One very big and very bad problem
with it though: zero privacy. It's trivial for your bank, the shop, and the
government to all track every single payment you make with that card. Your name
is attached to it after all. Simply follow all the transactions with your name
on them and you can see everywhere you go. Absolutely horrendous - and also
explains the motivation to stop accepting cash. More card payments means more
spyware means more data means more to sell means more money after all.

So, we need a solution to this. We need a way to essentially anonymise a single
card payment both online and in person, and we need the ability to automate the
process of creating this anonymised payment so we can do it efficiently and
conveniently - making it trivial to switch every payment over to this system.

Part of the inspiration for this idea came from privacy.com, which is a service
that allows you to randomly generate anonymous, single-use credit cards with a
fixed amount of credit on them to make payments privately to other companies.
It's a lot like a VPN but for your money rather than internet traffic. That
said, I don't use the service myself - the privacy policy involves a little more
personal information than I'm comfortable just giving to a company without
properly understanding what's done, if the service is FOSS (AFAICT it isn't but
correct me if I'm wrong), and exactly why every bit of information is required.
The one drawback of the service though is that it only works online - in person,
you still need to pay normally, so it's very much an incomplete solution.
So, onto my idea. The Librem 5 won't come with NFC, meaning it can't act as a
means for contactless payment, so I'm talking that into account. The idea comes
in 3 pieces: web service, mobile app, and a card. The web service is what makes
it all work. It would act in much the same way as privacy.com in that you make a
single payment into the service and it sends you back a randomly generated
single-use card that's completely anonymous with which you can make the payment.
The mobile app is your gateway into this system. When you want to make a payment
- be it online or in person - you open up the app, put in how much you want to
spend, and the app will go away, transfer the money, and then provide you with
all the information of the random card for you, including what would otherwise
be stored on a physical card with the given information. Lastly, the card. This
card would be the same shape and size of any normal debit card, but it would
have some form of connector on one of the short edges (the one that you would
hold when putting into a card reader). As it needs to stay flat, it would likely
be the male end of a USB connector, but like the ones you see with USB sticks
where they're really flat so it doesn't have the metal frame. That would come up
flush with the edge and there would be 2 cutouts either side so you can connect
a cable to it which would be how you connect the card to the phone.

"Why not use Bluetooth?" I hear you ask. Well, if what we're managing here is a
copy of credit card firmware that we're transferring, then we probably want to
use as secure a method as possible, and sending it freely over the air is really
not something we want to do. Besides, a little cable is hardly a pain to use.

So, when you connect the card to the phone with the cable, the phone uses the
information it received from the web service to generate (locally on the phone
for security) new firmware for the card, which it then flashes to the card with
the USB connection. At this point, you can disconnect the cable as the card has
everything it needs. Then, when you go up to pay, you just use the card as you
normally would, the payment happens completely anonymously, and you can carry on
as normal.

The connection system could probably be improved if the card could be designed
so it doesn't need the cable to be plugged straight into the phone, but that
would require the connector to protrude out from the card, meaning it wouldn't
fit in a lot of wallets, which we don't want. Alternatively, you could get fancy
and figure out a way for the connector to slide out for use and then slide back
flush, but that might be fragile. The point though is that you have a USB
connection between the card and the phone so the phone can configure the card
with the information for the randomly generated card you get.

This is the type of product I could imagine Purism getting behind at some point,
though they seem pretty keen on cryptocurrencies, which is sort of on the right
path, but they're not nearly stable enough to safely use to buy actual things
and it'll be a miracle if they're ever supported in places like shops
considering they're all so keen on tracking everyone.
So, let's go through a typical payment. Each morning when I go to work, I get to
the train station, go to the ticket machine, and buy my ticket. Here's how it
goes normally:

  1. Press the ticket I want
  2. Press "buy"
  3. Press my card to the card reader
  4. Wait for the ticket to be printed
  5. Take ticket and head to platform
  6. Continue to be spied on by GWR, my bank, and the government
All very simple. Now, here's how it would go with this system:

  1. Whilst standing in line, plug my card into my phone
  2. Open the app and type in £9.30 for a single payment
  3. Press "flash" button (or whatever the label would be)
  4. Remove card from phone
  5. Get to ticket machine and press the ticket I want
  6. Press "buy"
  7. Press my card to the card reader
  8. Wait for the ticket to be printed
  9. Take ticket and head to platform
  10. Stay safe from tracking and retain privacy!
More steps yes, but I do the first 4 whilst waiting in line, so I end up
spending exactly the same amount of time using the ticket machine. The only
exceptions being when there isn't a line, in which case I could stand next to
the machine and let someone else go first as I get the card ready. I could even
setup the card before I leave home if I wanted. The point though is that the
process is made easy. It only takes seconds and a few simple steps to get the
card ready and it all comes with tremendous privacy and security benefits.

So what would the real-world benefits be beyond just tracking protection? I see
2 huge security benefits from this system. The first is that this card - unlike
a normal credit/debit card - are in many ways immune to theft or RFID attacks.
If someone manages to steal your card, you haven't lost any money because there
is no money on the card to steal. All you've lost is the price of the card and
you can replace the card without having to go through any tedious process with
your bank because every one of these cards would be the same. For the same
reason, you can't have any money stolen from you by someone wandering around
with a card reader up his/her sleeve bumping into people, because there's no
money on the card to steal.

The second benefit is protection from unwarranted extra costs. Because when you
setup the card, you give it a very specific amount of credit to have, so if you
put the details into some website to pay say £23 but the site ends up trying to
take £230, it will just fail, because it can't take that much money because
there's only £23 on the card. Try to take any more and the card will get denied
because it doesn't have the credit.

Out of all the crazy ideas I've had, this is one that I really like. Even if
it's completely impossible and grounded in a fundamental misunderstanding of how
this all works, I still think it's a great idea. If something like this is
already a thing then I desperately want to know about it because I think it
would be incredible to regain this level of control over spending. Also, if
anyone else happens to take interest in the idea and could theoretically take at
least some tiny step towards making it happen - even if it's just some
hypothetical concept of the systems that would go into it - then I want to hear
it. If someone reads this idea, steals it, and makes billions selling it, then
that's fine too, because then the thing I want will actually exist and I'll be
able to buy it and use it and it'll be amazing - a little credit would be nice
though :)


Copyright Oliver Ayre 2019. Site licensed under the GNU Affero General Public
Licence version 3 (AGPLv3).