 So, yeah, hi, my name is Svain, and this is Christian and Thorsten. They'll be doing the workshop on Sunday, and Thorsten also is going to show us the demo afterwards. So, yeah, I want to tell you about Taller, which uses a lot of crypto, but it's not yet another cryptocurrency. But digital cash, made socially responsible, because it's anonymous for the customer. But the merchant can hand out a normal invoice. Also, it's fast, convenient and free as in freedom. So, another tagline is independent, one-click cash payments. Taller is an acronym that means taxable, anonymous, libre, electronic reserve. So, generally, in every aspect, Taller is just like cash. So, here's an overview of what I'm presenting now. So, I first give an intro, telling a bit about credit cards, cash and Bitcoin, then what is Taller and how does it work. Then, Taller is seen by a customer, a merchant, government and technologist. Then, I briefly scroll through the crypto protocol, and then I have this part, which I call the Taller seen by a future relative, just through a crystal ball. So, there, I'm trying to tell you about possible features. And also, I would like to have you thinking about this, what every technology should be thinking about. And check if there's anything about Taller that could be used against us. So, as usual, we're trying to solve a problem, but maybe we are overlooking something. Because if this works, this is going to change something. So, yeah, first of all, a question. Verand is this American tink tank back in the old days. In 1971, it was asked, suppose you were an advisor to the head of the KGP, the Soviet secret police. Suppose you are given the assignment of designing a system for the surveillance of all citizens and visitors within the boundaries of the USSR. The system is not to be too obtrusive or obvious. What would be your decision? Anyone has a clue? So, the answer was credit card payments. So, credit card payments are way too transparent. Credit card payments only serve an oligopoly of a few big foreign companies. It has high fees and is inconvenient, especially for small and frequent online transactions. Like having this two-factor authentication, typing a number from your mobile phone. And then it also has too many false positives on fraud detection. As some of you might know, I'm traveling around a lot. So, actually, I never possessed any credit card that was expiring. Because at one point it was just not working anymore and I got the message that there was any false positives in the fraud detection. So, they deleted my credit card and gave me a new one. So, I'm very much a person who's getting all these false fraud detections. So, but then I'm also like, I'm barely using my credit card. I use cash anyway, right? So, cash also just has a virtual value. So, it's just there because someone has said so and everyone believes it. That's how the system works. So, in that example, this is Rupees from India. This guy, Mr. Modi, from the Government of India said that this money has that amount. So, and then on November 8th in 2016, the Government of India in form of Mr. Modi announced that the demonetization of the 500 and 1000 rupee notes. So, that was 86% of all Rupees existing in cash. So, that happened in the evening of the Trump election. So, don't wonder if you haven't heard about it because that was very well thought of them. And it was valid from midnight onwards. So, cash can disappear and get invalid even overnight. So, what happened then in India is that all the ATMs were out of cash because there wasn't any cash anymore. Small notes are not really available. To get an idea like 100 rupees is like 1 euro 20. So, 1000 rupees is 12 euros and there wasn't any 1000 or any 500 or any more. So, new notes slowly came out from November 10th onwards. I was in India from November 15th onwards and for quite some time, this new cash was nowhere to be seen in the wild. So, it was quite funny. But still, cash is the best we have. And to make that clear, we should use it wherever we can. And you should really do that because when I was looking for pictures of old and new rupees, by the way, Google showed me a lot of 500 euros. You know why? Because they also get deleted in 2025 or something. So, it's very important that we still use the cash. But we also need a solution online. So, as a technologist, I say, okay, then I just use Bitcoin. Bitcoin is something as crypto-anarchists and hackers. We like it very much because it's an unregulated payment system. We find it as a feature that there is no regulation and it's free software, it's decentralized, it's peer-to-peer. So, very nice. As a decentralized banking system, it requires to solve the Byzantine consensus where everybody agrees about transactions and therefore balances. So, Bitcoin solves that problem, that it ties the distribution of money and the creation of new nodes to solving this consensus problem on a ledger. So, you need to compute this computational puzzle and then make the new transactions. I guess everyone knows about Bitcoin, right? And then the last node who finds the puzzle gets the reward of the mining fee. So, it is very slow and it is very expensive. So, that's screenshots from yesterday, bitcoin.info charts. So, this is the Bitcoin cost per transaction. Since I think it's not really readable, the first part is May 2016, so it's one year. And it goes up to 18 and starts by four. That's dollars. So, here I made a shot, I guess it's also not readable. The lowest amount, like the lowest transaction fee which was there, or transaction costs, it's not the fee. So, the fee is actually really small. If you pay by Bitcoin, you just pay a few cents of fees. But that's the transaction costs for the whole system because of the rewards the miners get. So, that's the lowest amount you have. That's the highest amount, that's $16. And that leads to the result that the average transaction value is around $1,000. And by the way, all the electrician costs and environmental costs are not calculated here. It's only the costs of the rewarding. So, you know that you have to compute a lot, so it's also costing a lot of electricity. So, it cannot really be used for doing groceries or buy your dinner or get a dress or something. So, it also not really solves it. Also, all Bitcoin transactions are public and linkable. There's no privacy guarantee. There's stuff like zero-coin, tryptonoid, node, Monero, zero-cash, just Z-cash who offer anonymity. But then, they are also enhanced with laundering services. So, now what is GNUPE-TALER? TALER is a payment system using existing banking infrastructure. You pay in existing currencies like euro, dollars, rupees or Bitcoin. It is like PASH, so you pay anonymously and you can sell with invoice and taxes. It's convenient and fast. One-click web speed payments are possible. It's free and open source. It's a GNUPE package. It uses established crypto and an open protocol. The crypto is based on blind signatures. It's a research project from academia entering real-world now. There's no black blockchain technology used. It's not based on the proof of work or any other distributed consensus mechanism. So, how does it work? Like cash, I withdraw money from my exchange. I spend the coins and the merchant deposits the coins. Same way as cash. And the same way, the exchanges, which can be a bank, need to be verified by audits. Here's another view. Now you have the triangle at the bottom. To make this happen, you need to have the old banking infrastructure. So, I pay money to my bank, like I have money there. My bank makes a wire transfer to the exchange bank. The exchange bank is the one where I can withdraw coins. So, now I possess coins. Now I can spend the coins at a merchant's place somewhere. And that merchant then deposits the coins at the exchange, where the exchange bank then makes a wire transfer to the merchant's bank. So, that's the main architecture and the main concept. So, how does that work? Go to demo.tala.net, install and browse extension, visit the bank, demo and withdraw coins, and visit the shop to spend the coins. And this is something which Torsten is going to show you afterwards. So, this is how it looks at the back end. You have a little script checking if the wallet is installed or is it not installed. If it's installed, the 402 payment required gets triggered and leads to the contract URL. And if not, you have a fallback of saying, oh, you don't have $TOLLE installed, so you can use credit card systems. Then this is the contract where you have all the information you might want, like the currency, and very important, the red part, where it leads you once you've paid the fulfillment of the contract and also stuff like payment deadline, refunds deadline and stuff like that. So, here's a comparison with other systems. So, the credit card is the only one that really serves on and offline. So, all the other systems are either online or offline. As you see, GNU-TOLLE only works online, but that's the idea. We already have cash for offline, so we don't need TOLLE for offline payments. Yeah, so, if you look at the section payer anonymity and payee anonymity, there you can see the major difference. So, of GNU-TOLLE and all the other systems, so that here the payer is anonymous and the payee is not. Yeah, and then I think the last line is also very important, the freedom, I mean, that's why we are here this weekend. Here's another comparison where we grabbed out those four features, privacy, online payment, taxability and licensing, and where TOLLE fulfills all of them. So, now into the views from the different perspectives. So, as a private customer, I find it fast and convenient, and I like that I can send money to friends as well. As a traveler, I appreciate that there is no false positives in the fraud detection anymore and that I can get a proof of payment. As someone who's losing her wallet in meat space occasionally, I'm looking forward to have backups of my wallet. As a citizen of the internet, I know that such thing can only work if it's free and open and third parties can verify all the components. As a hacker, I like that it's private, like cash, there's no personal information required, also no credit card details that need to go to the merchant. As a merchant, I again find it fast and convenient. I appreciate that there's no rejections of limited customers and that there are signed contracts, especially I'm happy that I don't have to store any customer information, which means I don't need security audits in my own infrastructure anymore. It's free and open, so I can integrate it very easy, and I have competitive pricing and support. And Taller is ethical, and it complies with the upcoming data protection regulations. I also didn't know that. There is this regulation starting May 2018, that's like one year from now, where privacy, by design and data minimization are required for all data processing. That's quite interesting. So credit card payments won't work then anymore because they'll be illegal. As a customer and merchant, from both perspectives, it's good that it's cheap, it's an efficient protocol, there's no fraud, so they are competitive providers, so they are barely any costs. That it's flexible, so I can use it for small amounts and I can use it for any currency. That it's stable, that means I don't have any fluctuation risks, like in Bitcoin heavily, as in just as traditional currencies with the usual government protections for financial services. So if the rupee falls and I have rupee in cash with me, which I have right now, then it's like a general risk, but not any different. And it's very nice that it is efficient, so there's no waste of energy in bandwidth, no inflationary costs for the whole economic system, like the mining costs. And then it's good for all both fast and convenient, safe and secure flaws, which I already had in the slides before. If I would be a government, I would like that it's common, so it preserves my independence, there's no monopoly. I like that it's taxable, and I like that it's efficient for the economy. Then I'm happy that it is secure and that it serves signed contracts and proof of payments, so in case of court stuff, there is proof, and there is no counterfeit. Also, I'm happy that it's audited and that there are no bad banks and no fraud and stuff like that, and then it's very nice for me as a government that I'll be protected against foreign espionage. So fortunately, I'm not a government but a techie, so I'm happy that it's coming in GPL. That's a fair GPL for the exchange, LGPL, which is now for the reference code, demonstrating the integration with the merchant platforms, and then there are licenses like Apache, Mozilla, GPL for wallets and related customer-facing software, which can be anything, any license. Then it's a restful protocol and the security does not depend on the use of HTTPS, unless we're hoping that HTTPS will be there anyhow, and it's written in C-TypeScript and Python and uses Postgres as a database. So now the more interesting part, the crypto. So Tali uses proven, established crypto constructions like cryptographic hash functions, blind signatures, schnoir signature, Diffie-Hellman key exchange, cut and choose zero knowledge proof, and, of course, modern instanations are used. So here I'll be just briefly going through it. You're very invited to ask questions, which Christian can reply then. So the first step to do this is to set up the whole thing, so we need to pick an elliptic curve. Then the exchange creates a domination key with ERISA. The merchant creates a signing key, ED, DSA, and the customer creates a planchette. A planchette is a rolling. This is very close to the concept Chalm was creating. That's this guy who started to do digital cash in the early 90s. So the second part is to withdraw. So this is very much like Chalm. So the customer blinds the blank gauge, the exchange blinds the sign, and the customer unblinds to get the coin. So now the planchette gets a coin. So this is the WC3, W3C standard from the payment interest group. So I'm already way out of time, so I just skip that. But that's the standard scheme. So now the third part, the payment. So the customer builds the shopping cart, like clicks items. The merchant proposes the contract. The customer spends the coin, the merchant verifies the coin, and the exchange verifies the coin. So again, here's the whole process of the payment. So and now the fourth part of this crypto protocol is about giving change. This is very heavy. So I think we all agree that it's unreasonable to have like hundreds of one cent coins to solve that problem. So we want to like have the merchant being able to give out change. Which is unlinkable and which still gives the taxability of transaction. So the method is that the contract can specify only to only pay partial value of a coin. So the exchange allows wallets to obtain unlinkable change for remaining coin value. So this is how it works. So the customer asks the exchange to convert an old coin to a new coin, like the rest coin, right? So the protocol ensures that new coins can be recovered from old coins, but new coins are owned by the same entity. So it needs to be refreshed. And this refresh protocol allows to give unlinkable change, to give refunds to an anonymous customer, and to expire old keys and migrate coins to the new ones. Also transactions via refresh are equivalent to sharing a wallet. So I told you before you can share your money. So anyhow, let's go through this very briefly. This is the protocol again. So the owner of a new coin may differ from the owner of the old coin. That's the problem, so we need a straw man solution. So Diffie Hellman is used here. Then the like transfer key setup starts. Then there is this cut and choose used. So the customer commits the exchange chooses. The customer reveals, and the exchange verifies. And then you blind the change and unblind. So, and that's another brief view on the OPSEC. So the two browsers communicate with each other, and they communicate then with the TALA backend and the wallet. And this is very much disconnected from each other. So that's the important part. So if the browser is somehow stupid, then the wallet isn't affected. So, but now for the last minutes, this few as the footerologist. So this is just a rough selection now of things that could be possible. And I'm very happy to discuss this as well. So when it comes to donation, sharing coins is always possible. So it's impossible to stop donations, same way like cash. So any legal recipient will get the money. So it's impossible to create situations like PayPal was not paying to NGOs or WikiLeaks. And as a side note, if it's not legal, there's also no way around it. Then it's also much easier for handicapped persons because they can use their own devices. So the whole thing like captures on websites and the physical terminal thing is not an issue anymore. Then I find it very interesting that the coins expire. I haven't mentioned that before, but the coins will expire after a while. So then there's a fee for refreshing and that creates a negative interest rate. So people might stop sitting on like plenty of money. Then there's a transfer and structure of fees. So freeze fees created by a particular payment system doesn't have to be paid by all customers like we have right now. So usually if there is no fee when you pay with credit card, that means that everyone has to pay those fees because they're distributed among everyone. Then also small merchants don't have the hassle with the credit cards. I don't know if anyone is here who was with us when we started to do credit card payments for the Congress. This was quite a hassle and we actually wanted to drop it in between very often because we just said, okay, let's screw it. This is just too much hassle. So we made it then through the process. Once you have set it up, it's okay, but setting it up is very, very hard. And also customers don't have to think about if they can trust small merchants. I think everyone knows this. You'd rather choose than another merchant if that one, which you just wanted to enter your credit card details, somehow looks scary. Then you have machine-readable contracts, which makes easier tax filings and might make flat tax obsolete. It also makes the Swedish model of transparency of income tax statements possible much easier. Then the next point is multi-currencies and open standards, giving a way for regional currencies and other alternative economies. Then it is very transparent. It's open source, so anyone can understand it if he or she wants to. Then, as I said, I'm losing my wallet in Meatspace sometimes. So I am responsible for my wallet, be it on or offline. And if it's online, I can back it up. If I lose my credit card, I always have a problem. If someone steals my wallet, I can trace the coins the moment they are spent with the help of the exchange. Then you have stuff like restrictive coins, so I can give coins to my kids and make them in a way that they can only be spent for stuff, which is like for non-adults. And it's possible to have micro payments. So that could be an alternative for captures, that you just pay like 0.0001 euro for visiting a website or for emailing someone. Then it's very nice for donations, like the whole micro payment like we have with Flatter and everything. And we could even get rid of web apps that way. And that's the last one, it's a reserve-based system, so you can only spend cash you actually have, like with your wallet. And there are different wallets possible because it's open source. So there's an open question, which we are also a bit in discussion. The goal of or one goal of credit cards is to push customers to spend more money. Cash in the opposite gives a better feeling about how much money is left. We all know this, I guess. Commercial wallets might follow the idea of credit cards, but floss wallets could serve the opposite. But we have no clue how we could serve the opposite. I mean, how can you make an online payment system looking like a wallet where you see, oh, I only have 20 euros left. So, yeah, to go on, you can check out the demo, you can check the docs and the API and the code. You can subscribe to the mailing list, you can join the IRC channel on Freenote, you can follow Taller on Twitter, and you can help us in any other way by just telling around. You can give us feedback, and you can implement Taller into your applications, which you can do on Sunday, 2 p.m., here in this house, not in this room, I believe. And establishing exchanges, that's the big thing for this year. So, yeah, exactly 30 minutes. Thank you. All right, any questions? Yeah. First of all, can you do something like that you can put a certain transaction hold? So, for example, assume that I want to buy a new smartphone with the system, and then I'm agreeing to a certain price and I'm waiting for the shipment, and when the shipment doesn't arrive, is there any way for me to put the transaction hold or open a dispute or something like that, or would that go like through a third party so that we agree on a third party? I'd give some money to a third party, I wait for the shipment, and when it arrives, I release the funds, when it does not arrive, I open this dispute or something like that. Yeah, maybe Christian directly replies. Yeah, can quickly answer. You would want probably a third party escrow service, it's not built into the protocol at this point. What is built is possible to getting refunds, so if the escrow service agrees that, well, you didn't get your thing, you should get your money back, the system can be used to give you your money back even though you have not necessarily identified yourself. So, the giving money back is there, but the escrow, somebody has to be trusted to evaluate is eligible for getting the money back or not, and that has to be somebody else, it's not the payments of the provider. So, if I were to implement this on my web shop, and my typical customer is somebody who is not tech savvy at all, would this be feasible at this point? You want to answer? You will see later how a non-tech savvy nine-year-old, no tech savvy nine-year-old, sorry, can use the system. So, I think usability-wise, yes, once we actually have a user base that can use it, which means having this exchange. And it's only for online transaction anyhow. So, it's not for this little shop owner who's selling beer and who would never touch a smartphone or something, it's for the one who already has a website. So, and the integration is very easy. If I have a website that sells something that's absolutely not for a tech community, like Amazon or selling whiskey or an airline ticket or something. So, could an average citizen use the system today? Yeah, yeah. If they only have a credit card or a bank account. So, ideally, it will be showing up. So, if you click something on Amazon, then you also have the choice of using a credit card or using PayPal or using whatever, so-called überweisung or something. So, then you can also just use taller if you have it installed. And, yeah, the installation and the usage then is quite easy. Anything else, Dan? Do you have a list of acceptance points where I can pay with taller? And the second question is, are there any regulatory issues like money laundering, law or something? So, for the first question, no taller is still this academic research project entering real world, like, about to. So, at the moment, we're looking for exchanges. So, what we need is at least one bank who can serve as the exchange point. And then we can have people actually using it. So, the answer for the first question is no, there is no list because there is nothing yet. And the second question, you, Christian? For the regulatory question, we talked to several bankers and risk management experts and anti-manage learning experts, and they have all told us that, yes, this is not the system they would expect financial fraud to happen in. Yes, it should be compatible with AML and know your customer regulations. So, they do not see that there are problems fundamental with the system. There may be things like you have to, under existing EU regulation limits, the maximum amount that people can buy with it. So, you can't buy a house with it. You may be limited to that. There may be jurisdictions where you have to impose daily withdrawal limits. So, you can't withdraw 10,000 euros in cash in a day, just like there are these kind of restrictions on ATMs these days. But short of these monetary limitations of what the maximum amounts, are you allowed to use the system for? There seems to be no problem. Any other questions? Regarding the idea that the credit card encourages you to spend more money since you have no idea how much is left. So, I think that's probably true for like 10 years ago. But nowadays you can have the card directly linked to your smartphone. So, you could immediately see how much is left at the moment when you spend something. So, do you think that's... And of course, I think there's a second thing. So, people are now talking about standardizing online banking again. And when you have standardized access to your bank account, you could easily have an open source up on your phone that tells you exactly how many euros and how many cents are left on your bank account. It's more about the feeling, right? So, even if my phone tells me how much balance is left on my credit card, it's still a different feeling if my wallet is just empty, right? I mean, I don't know, like for me at least it is. Any other questions? Or comments? Maybe a comment. I don't know if you follow the Flutter thing. They just recently got bought, I think, by this company who does Adblock Plus. And maybe this is a nice window of time now to introduce another system because this Adblock Plus company, I think there is some distrust in the community. So, maybe some people who used Flutter since now are looking for alternatives. So, if you can offer some, maybe it's a good time now. Thank you. Any other questions or comments? Otherwise, I would say we go for the demo now. Do you wanna maybe add your, like, plug your computer? Any other question or something? No, okay. Any questions? Okay. So, first step, I go to demo.tour.net. Yeah. You have it orange. Also, it's not a plug-in, right? Everyone knows how to install a plug-in, probably. Now, to withdraw coins into my wallet, I click on this bank thing. Then I select the amount of kudos to withdraw. Let's say 20. You should say that's your bank page where you have your bank account with your balance, right? Yeah, and then I click on select exchange provider. And then I click accept fees and withdraw. And then I have to answer a math question. Okay. And then, voilà. Easy to withdraw kudos. And now I go back to the... Show your wallet balance. To the starting page. As you can see, here they are in my wallet. Now, I'm going to go to the easy store where you can pay kudos for individual interpreters of Richard Stallman's book, Free Software, Cover Free Society, which is also available for free at the FSF. So, here I'm welcome by a chapter of the book. But just clicking on it, if you already have it, you don't have to pay for it again. Just click confirm payment. And then here it is, the chapter that you paid for. Oopsie. Okay. Thank you, Torsten. You want to buy another one? No, wait. Can you show the wallet again? He wants to... Just click on the toddler icon. And you can also go to the project donation website where you can show respect to a software project choice by giving them kudos. You can see the current money that the current currency that toddler uses. Well, then one can choose for what phone. Then one can choose how many kudos and to which project you want to donate it to. I've just got to pick genutaro. Donate, then just leave it as toddler. Confirm payment. Okay, done. Okay. Any questions, Torsten? I hope that answers any questions about can non-technical people use this? If not, sorry. All right. Thank you very much and see you around the next couple of days.