this post was submitted on 07 Oct 2024
201 points (96.7% liked)

Firefox

18050 readers
81 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 5 years ago
MODERATORS
 

MARK SURMAN, PRESIDENT, MOZILLA Keeping the internet, and the content that makes it a vital and vibrant part of our global society, free and accessible has

you are viewing a single comment's thread
view the rest of the comments
[–] ants_are_everywhere@mathstodon.xyz 2 points 2 months ago* (last edited 2 months ago) (1 children)

@felsiq

Good point thanks for catching that. The receipt itself can name any anonymous identifier like a crypto address. I was just intending to note that the blockchain is essentially a wasteful timestamp server that doesn't seem needed for this application.

As a practical matter, the website has your IP, when you visited, what you looked at etc. So you already have to trust them with your privacy. And there's a question of whether public policy would allow web traffic to be untraceable by default. But certainly the payment processor doesn't need to know things like which websites you visit.

[–] felsiq@lemmy.zip 1 points 2 months ago (1 children)

Minor correction: the website has my VPN’s IP 😂 I don’t trust random websites with shit, personally. The payments not being tied to your real identity would also not make the web any more or less private than it currently is - just the alternative would remove privacy. Again tho, I’m not tied to crypto specifically and would be perfectly happy with any payment system that maintained user privacy. I just don’t want to see a feature roll out that gets people jailed for visiting lgtbq+ sites or some shit when their payment providers are controlled by fascist governments

@felsiq

> that gets people jailed for visiting lgtbq+ sites or some shit when their payment providers are controlled by fascist governments

If that's your threat model, then there may be an additional threat of timing analysis on the blockchain.

If your threat actor has the resources of a nation state and is able to tap your ISP, the site's ISP, and your VPN's ISP, then you probably also don't want a permanent pseudonymous record of your activity in the form of a blockchain.

This is just an initial thought; I don't have any concrete reason to believe that blockchain forensics + timing analysis is any stronger than just one of those on its own.