39C3: How the open-source cash GNU Taler passes the practical test

Contents

At the 39C3 in Hamburg, Mikolai Gütschow and signum presented their experiences with GNU Taler as a payment system at Chaos events. The open-source project promises what the digital euro has so far failed to deliver – true anonymity in payments.

GNU Taler works fundamentally differently from cryptocurrencies or classic card payments: The digital tokens reside exclusively on the user's device, similar to coins in a physical wallet. When paying, the payment service provider does not know who is paying – only the merchant has to identify themselves to receive their money.

Empfohlener redaktioneller Inhalt

Mit Ihrer Zustimmung wird hier ein externer Inhalt geladen.

Externen Inhalt jetzt laden

Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.

"With Taler, we have asymmetric anonymity," explained Gütschow. This is "actually a bit like cash, where you are identifiable at the moment of withdrawal from your account at the ATM. But later, when you pass it on somewhere, you are not."

The system uses so-called blind signatures, a method developed by David Chaum back in 1982. It mimics the function of a carbon copy envelope. A user puts their self-generated token into an envelope with carbon paper, and the bank signs the sealed envelope without knowing its content. Only the user can later unpack and use the signed token.

Why not just use a credit card?

In his presentation, Gütschow criticized common payment methods. Cryptocurrencies, for example, "sometimes have a reputation for being anonymous, but in reality, it's a public database that is decentralized, and as soon as you have the identifier of a wallet or an account, then there's no anonymity."

It's no better with classic payment service providers: "I recently looked up PayPal's privacy policy again. It lists partners to whom they can potentially share data for every transaction or grant the right to do so. [...] In total, I believe there are about 650 partners who could theoretically receive the data."

Field test at Chaos events

At LugCamp 2024 and Dresdner Datenspuren, signum and Gütschow tested the system under real conditions. At Datenspuren, over 500 transactions were processed, with about a fifth of the total revenue going digital. Gütschow summarized the feedback from visitors: "It was just great, it worked really well, it was fun to use." They also heard from the staff behind the bar, "that it was actually a relief for them not to have to constantly deal with change."

The technical infrastructure turned out to be less complex than expected. When the developers initially planned for a large server, they were laughed at by the Taler developers: "Do you want to supply all of Europe with this? [...] A pretty normal small PC hanging behind monitors is enough." Add a tablet as a cash register – and for late-night sales, QR codes on refrigerators sufficed. One can "sell things even without a salesperson [...], by simply sticking a QR code on the refrigerator," explained signum.

The wallet app is available for Android and as a browser extension for Firefox, Chrome, and Opera. However, as with real cash, "the tokens are really in the digital wallet," says Gütschow. Anyone who loses their device or access to it will lose their tokens – "similar to physical cash in a wallet."

Not a PayPal replacement, but infrastructure

Gütschow clarified what GNU Taler is not: "Not a currency, [...] not a cryptocurrency, [...] not intended as a speculative asset or long-term store of value, and [...] not a specific network or a specific provider." There isn't "the provider Taler, like there is PayPal" – but rather a software infrastructure that any provider can theoretically use.

The project follows clear principles: GNU Taler must be free software to make promises like anonymity verifiable. Furthermore, it is important to protect the privacy of buyers and "at the same time enable tax collection on the recipient side, thus making income potentially identifiable, to keep society running."

Counter-proposal to the digital euro

The timing of the presentation is no coincidence. The European Central Bank is advancing its plans for a digital euro, which could be introduced in 2029 at the earliest. However, criticism of the project is growing: Data protectionists warn of the loss of anonymity, the president of the Sparkassen association even sees it as a "door opener for big tech players" and instead favors the payment system Wero, supported by European banks – which, however, also offers no anonymity.

Yet, there are alternatives: "Theoretically, GNU Taler could also serve as the basis for central bank digital currencies," explained Gütschow. Regional currencies are also conceivable – in Basel, Netzbon is already a functioning example.

As early as 2021, Swiss National Bank board member Thomas Moser, GNU developer Christian Grothoff, and DigiCash inventor David Chaum discussed GNU Taler as a technical basis for digital central bank money. The concept would have a decisive advantage: buyers would remain anonymous, while money laundering and tax evasion would be made more difficult by identifying the payment recipients.

Still limitations, but potential

Currently, the system still has limitations. When asked if GNU Taler could eventually replace Visa, Gütschow admitted: "At the moment, an exchange [...] is really a world of its own." While there are considerations on how multiple exchanges could communicate with each other in the same currency, "that is not currently implemented."

For event organizers, the speakers provided detailed instructions. The minimal setup consists of a Debian server with the Exchange and Merchant components, as well as the Point-of-Sale app on a tablet. Those who want to enable bank transfers also need a club account with EBICS access – here, the developers recommend allowing at least two months' lead time.

The entire software is freely available, the API is openly documented. For developers with their own ideas, there are currently even grants of up to 50,000 euros available through the NGI program.

(mack)