30 May 2019 - 11 minute read

So, cash is a great idea done terribly. It's simple in that you can be very certain how much you have as it's physical and exists in your hands/pocket and you can count it and add to it. You don't rely on any 3rd party to manage it for you so you have no extra people to trust with it other than yourself. It's also completely anonymous and respects user privacy exceptionally. It has some major issues though. Firstly, it's bulky. A wallet full of cash is big and heavy and uncomfortable to have in your pocket. Secondly, it doesn't work online where a tremendous amount of our spending occurs nowadays. Finally, an increasing number of shops and other places are ceasing to accept it - only taking card or payment using the special payment thing on your phone like Apple Pay or whatever.

So, the method of payment that most people use nowadays is the credit/debit card. These are much easier. One little plastic rectangle with a couple of chips in it and you can pay anywhere. You type in the card number and everything to pay online, and in person you can plug it in and type in the pin or you can press it against the reader to pay instantly. One very big and very bad problem with it though: zero privacy. It's trivial for your bank, the shop, and the government to all track every single payment you make with that card. Your name is attached to it after all. Simply follow all the transactions with your name on them and you can see everywhere you go. Absolutely horrendous - and also explains the motivation to stop accepting cash. More card payments means more spyware means more data means more to sell means more money after all.

So, we need a solution to this. We need a way to essentially anonymise a single card payment both online and in person, and we need the ability to automate the process of creating this anonymised payment so we can do it efficiently and conveniently - making it trivial to switch every payment over to this system.

Part of the inspiration for this idea came from privacy.com, which is a service that allows you to randomly generate anonymous, single-use credit cards with a fixed amount of credit on them to make payments privately to other companies. It's a lot like a VPN but for your money rather than internet traffic. That said, I don't use the service myself - the privacy policy involves a little more personal information than I'm comfortable just giving to a company without properly understanding what's done, if the service is FOSS (AFAICT it isn't but correct me if I'm wrong), and exactly why every bit of information is required. The one drawback of the service though is that it only works online - in person, you still need to pay normally, so it's very much an incomplete solution.

So, onto my idea. The Librem 5 won't come with NFC, meaning it can't act as a means for contactless payment, so I'm talking that into account. The idea comes in 3 pieces: web service, mobile app, and a card. The web service is what makes it all work. It would act in much the same way as privacy.com in that you make a single payment into the service and it sends you back a randomly generated single-use card that's completely anonymous with which you can make the payment. The mobile app is your gateway into this system. When you want to make a payment - be it online or in person - you open up the app, put in how much you want to spend, and the app will go away, transfer the money, and then provide you with all the information of the random card for you, including what would otherwise be stored on a physical card with the given information. Lastly, the card. This card would be the same shape and size of any normal debit card, but it would have some form of connector on one of the short edges (the one that you would hold when putting into a card reader). As it needs to stay flat, it would likely be the male end of a USB connector, but like the ones you see with USB sticks where they're really flat so it doesn't have the metal frame. That would come up flush with the edge and there would be 2 cutouts either side so you can connect a cable to it which would be how you connect the card to the phone.

"Why not use Bluetooth?" I hear you ask. Well, if what we're managing here is a copy of credit card firmware that we're transferring, then we probably want to use as secure a method as possible, and sending it freely over the air is really not something we want to do. Besides, a little cable is hardly a pain to use.

So, when you connect the card to the phone with the cable, the phone uses the information it received from the web service to generate (locally on the phone for security) new firmware for the card, which it then flashes to the card with the USB connection. At this point, you can disconnect the cable as the card has everything it needs. Then, when you go up to pay, you just use the card as you normally would, the payment happens completely anonymously, and you can carry on as normal.

The connection system could probably be improved if the card could be designed so it doesn't need the cable to be plugged straight into the phone, but that would require the connector to protrude out from the card, meaning it wouldn't fit in a lot of wallets, which we don't want. Alternatively, you could get fancy and figure out a way for the connector to slide out for use and then slide back flush, but that might be fragile. The point though is that you have a USB connection between the card and the phone so the phone can configure the card with the information for the randomly generated card you get.

This is the type of product I could imagine Purism getting behind at some point, though they seem pretty keen on cryptocurrencies, which is sort of on the right path, but they're not nearly stable enough to safely use to buy actual things and it'll be a miracle if they're ever supported in places like shops considering they're all so keen on tracking everyone.

So, let's go through a typical payment. Each morning when I go to work, I get to the train station, go to the ticket machine, and buy my ticket. Here's how it goes normally:

  1. Press the ticket I want
  2. Press "buy"
  3. Press my card to the card reader
  4. Wait for the ticket to be printed
  5. Take ticket and head to platform
  6. Continue to be spied on by GWR, my bank, and the government

All very simple. Now, here's how it would go with this system:

  1. Whilst standing in line, plug my card into my phone
  2. Open the app and type in £9.30 for a single payment
  3. Press "flash" button (or whatever the label would be)
  4. Remove card from phone
  5. Get to ticket machine and press the ticket I want
  6. Press "buy"
  7. Press my card to the card reader
  8. Wait for the ticket to be printed
  9. Take ticket and head to platform
  10. Stay safe from tracking and retain privacy!

More steps yes, but I do the first 4 whilst waiting in line, so I end up spending exactly the same amount of time using the ticket machine. The only exceptions being when there isn't a line, in which case I could stand next to the machine and let someone else go first as I get the card ready. I could even setup the card before I leave home if I wanted. The point though is that the process is made easy. It only takes seconds and a few simple steps to get the card ready and it all comes with tremendous privacy and security benefits.

So what would the real-world benefits be beyond just tracking protection? I see 2 huge security benefits from this system. The first is that this card - unlike a normal credit/debit card - are in many ways immune to theft or RFID attacks. If someone manages to steal your card, you haven't lost any money because there is no money on the card to steal. All you've lost is the price of the card and you can replace the card without having to go through any tedious process with your bank because every one of these cards would be the same. For the same reason, you can't have any money stolen from you by someone wandering around with a card reader up his/her sleeve bumping into people, because there's no money on the card to steal.

The second benefit is protection from unwarranted extra costs. Because when you setup the card, you give it a very specific amount of credit to have, so if you put the details into some website to pay say £23 but the site ends up trying to take £230, it will just fail, because it can't take that much money because there's only £23 on the card. Try to take any more and the card will get denied because it doesn't have the credit.

Out of all the crazy ideas I've had, this is one that I really like. Even if it's completely impossible and grounded in a fundamental misunderstanding of how this all works, I still think it's a great idea. If something like this is already a thing then I desperately want to know about it because I think it would be incredible to regain this level of control over spending. Also, if anyone else happens to take interest in the idea and could theoretically take at least some tiny step towards making it happen - even if it's just some hypothetical concept of the systems that would go into it - then I want to hear it. If someone reads this idea, steals it, and makes billions selling it, then that's fine too, because then the thing I want will actually exist and I'll be able to buy it and use it and it'll be amazing - a little credit would be nice though :)




Copyright Oliver Ayre 2019. Site licensed under the GNU Affero General Public Licence version 3 (AGPLv3).