Parts of the article might not be correcly converted. For best experience, go to the Tor site.
http://ttauyzmy4kbm5yxpujpnahy7uxwnb32hh3dja7uda64vefpkomf3s4yd.onion
The Nightmare Of Paying Online
Cryptocurrency should have been the savior of the world from over-reaching control of governments and banks. But while on paper it could have worked. The reality is way worse. There was a store next to where I live that until a few years ago advertised that they can be paid with Bitcoin. The notice is now removed, probably due to the bursting of the crypto bubble, which lead to a rapid decrease of value of many cryptocurrencies.
The terrible fact is that to buy anything meaningful you should have fiat currency. It could be dollars in your country. Or shekels in mine. And most people do not make cryptocurrency at their jobs. So if crypto is being used, conversion mechanisms should be present, so people could use it as money in a meaningful way.
In this article I want to review payment online in general. Taking into account things like cryptocurrencies. But also focusing on just plain implementation details of different methods. And how complex Freedom and Privacy is when dealing with all of it.
Privacy
When you buy something online, most likely that there is just one option. An option to use a credit card. When paying with a credit card, some metadata is being transferred to the business. Mainly the credit card number. But the business might ask for your full name and address. Even if the business doesn't have your name, but only has the number, it's enough to correlate your purchases and therefor quickly identify you.
Even if you are using a VPN of some kind and a pseudonym when purchasing online, the bank itself knows almost everything about your transaction. Some banks even have services where you can view your history of purchases, with sometimes even full receipts being available to you. And the bank obviously knows who you are.
To buy something privately today, is to pay cash. And even that is slowly being taken away because people apparently do not care enough to protest such policies.
But even with cash still being an option. Cash is not an option online. There is a possibility to setup a business online which will receive cash in an envelope, which is legal is most normal countries, but is still an outrageous idea, especially if you are thinking about expensive purchases. And what if cash arrives without any information of what it is for? Should the business send it back then? Then if so, is the business suddenly responsible for returning the cash safely? And what to do if there is no address to return it to?
The closest thing I saw is the cash donating option of FSF where they do not say to mail them the cash, but rather to come give them the cash in person. Though on a different page they say that you can mail them a check. But a check is basically just a one time use, analogue, credit card.
So even with the best options out there, you are still going to be at least identified while paying online. Unless Taler will be a thing. But I don't think it's going to be a real option for a long time.
But how about online stores that receive Crypto?
Well in this case, you will have to purchase the Crypto first. And that will probably require you to use a credit card. Unless you are using one of those Bitcoin ATM machines. Those want your ID card instead. Or both your ID card and your credit card.
In theory a business could open small shops around the world where people could exchange cash for a token of some kind, which is used as money within the business. But I don't think that online businesses ( unless they are Amazon, or something ) are large enough to support such a massive operation. Not even talking about possible legal problems for such a thing in various countries. Especially those with heavy Know Your Customer regulations.
So at the moment there is no way to pay online privately. And it sucks.
Freedom
My real name is J.Y.Amihud and I live in Ramat Gan Israel. I even made an addon for Super Tux Kart where I recreated the area around my house, with a map included in the files. On the other hand you can see that this website is running through Tor network specifically designed for absolute anonymity online. And I apparently take privacy very seriously. So why the hell am I revealing everything about myself even in this very article?
Because privacy is a freedom. It's not a requirement. Privacy is a form of control over what other people know about you. And I just chose to tell you these facts about myself. So I may also choose to tell the business something about myself. And may also choose to tell the bank that I bough something. If I couldn't do that, I would not have privacy.
But privacy is just one bit of the larger picture, which is Freedom. I already explained why freedom is at the top of importance in a different article. And so I presume you understand it.
Freedom is when you can control yourself and your things. So as an extension privacy is freedom. But then also your computer ( with which you may do purchases online ) is your thing. And if you don't have full control over it, you have no freedom in that regard. That's why Free / Libre Software is so important.
Say you want to support an artist using a donation subscription. There is option number one - Patreon. But since the developers of Patreon never cared about your freedom, just simply to use this website you have to give away the control over your computer to the developers of the site, by loading and executing their proprietary javascript code. Notice how this is not a privacy issue. You already agreed to tell the website and the bank that you want to support an artist. So not running this javascript code because it might tell them who you are is kind of besides the point. This is rather an issue of Freedom directly. The code is not under your control and you are running it on a computer that you call yours. So you give away the control of your thing and that's a violation of your freedom.
Okay, but then how about Libre-Pay or Odysee or any other website which are Free Software in an of themselves? Well both Libre-Pay and Odysee uses Stripe for money transfers. And Stripe is proprietary. Meaning to use either of them, you will have to run Stripe's proprietary javascript on your machine. And in the case of something like LBC coin in Odysee, you are given a bunch of choice between various different cryptocurrency websites. Yay! Freedom! Right? But all of them require you to run non-free software javascript. So it's like letting a slave choose his master.
I run something called LibreJS to detect automatically whether the javascript is libre or not. Therefor I know immediately if to stay away from a website. Sometimes like with Odysee or Wikipedia ( both of which are libre ( Expat ( MIT ) license and CC-BY-SA )) the script may give false positives. But in those cases I can find the source code somewhere and whitelist the website. Non of those exchanges make their javascript sources libre.
There are decentralized libre software for exchanging. But all they do is let you find other people to exchange funds with. And the exchange itself is happening though some other way, like PayPal which is proprietary.
One website I know made a simple credit card form with libre javascript. And I'm talking about the Free Software Foundation. The foundation that is literally there only to promote Free Software. Though it's funny that I get a false positive on a script in this form called "additional methods". It's a script under the MIT license. Which LibreJS probably expects to be called "Expat License". But anyway. This script is Free Software. So since they did it, it is possible. And since they did it with Free Software, it's even more possible, since you can just take it and use it.
In Tor though, there is another problem. And I'm talking about the fact that most Tor users shut down all javascript. Because even if it is flagged as Free Software, it might still contain some malware. So Tor Browser provides an option to shut everything down, which fortunately people actually use. The unfortunate result of it is that I can't use even the FSF's implementation on this website. Unless I ask people to lower their security setting. Which is a very bad practice in a Tor Browser. If they forget to restore the security setting, they can get screwed somewhere else.
There is a possibility of making this form with no Javascript at all. But that is a very glaringly huge security issue. This process should be properly encrypted and HTTPs is not a proper encryption. With Tor, the encryption is way better. It is possible, perhaps I could try it. But relying on such a hack will probably not be a very good idea. For some reason as a buyer I feel about such a system the same way that I feel about mailing cash.
Comments work only on the Tor site:
http://ttauyzmy4kbm5yxpujpnahy7uxwnb32hh3dja7uda64vefpkomf3s4yd.onion
http://ttauyzmy4kbm5yxpujpnahy7uxwnb32hh3dja7uda64vefpkomf3s4yd.onion
ErwinjitsuI mean you could mine your own Crypto and use that in transactions. Another one is to hack people's bank accounts and use those to do certain purchases :D Malicious and risky, but you can remain anonymous yourself!
