Privacy-preserving Subscriptions, Discounts and Tax Deductable Donations
Two independent bachelor theses bring new privacy-focused features to GNU Taler. Christian Blättler designed and implemented token-based subscriptions and discounts in Taler, while Lukas Matyja and Johannes Casaburi's thesis introduces the Donau system, a new type of a donation authority system.
Privacy-preserving Subscriptions and Discounts
Christian Blättler finished his bachelor thesis about designing and implementing token-based subscriptions and discounts in Taler.
Introduction video
Abstract
Subscription-based services are more popular than ever, with a significant portion of digital goods, such as newspaper articles, music, movies, and TV shows, sold through this business model. These services are generally tied to a user account. As a result, the use of a subscription leaves a data trail. Service providers can use collected usage data to build a personality profile that can reveal information about political views, sexual orientation, health complications, or other sensitive topics.
This information, in the wrong hands, can have critical implications, especially in regions with repressive regimes. Ideally, a solution to this problem also addresses the challenge of subscribers sharing their credentials with groups of people online.
This thesis presents a solution for account-less and privacy-preserving subscriptions based on GNU Taler. The solution is convenient for customers, affordable for merchants, and resistant to abusive sharing of subscriptions. Subscriptions are valid during a configured timeframe, while usage during that timeframe is unlimited. The flexible design of the solution allows it to be used for a wide array of use cases beyond subscriptions, such as discounts, loyalty stamps, multi-entry event ticketing, membership programs, deposit systems, and privacy-preserving gifts. In addition, the solution's low operational costs, coupled with its built-in protection against abusive sharing of subscriptions, make it highly attractive to merchants.
The solution is implemented in the GNU Taler merchant component as free and open source software. The integration into the GNU Taler wallets is subject to future work. Furthermore, to inform customers about the degree of anonymity for a given subscription, an additional service for authorizing the anonymity set size of subscriptions is proposed.
Supplemental material
Donau - Tax Deductable Donations with Privacy
Johannes Casaburi and Lukas Matyja finished their Bachelor's thesis on the design and implementation of a privacy-preserving donation system with integrated receipts for tax-deduction.
Introduction video
Abstract
This project describes the design of a privacy-preserving donation system. The central entity in the design is the donation authority (Donau) which was implemented in free software in the context of the GNU Taler project. While implemented primarily for GNU Taler, the system could in principle work with other payment systems.
Providing evidence of charitable donations for tax deductions often requires sensitive personal information, raising privacy concerns. Donors may wish to anonymize receipts while still being able to make legitimate donations to recognized charities. On the other side tax authorities may wish to better prevent donation fraud with verifiable signatures. Deductions for unrecognized charities or failure to deduct valid foreign donations also occur. A system allowing anonymous yet verifiable donation receipts would address these issues. The Donau would be operated by a tax authority. The Donau backend implements a REST API used primarily by charities and donors. It maintains a list of recognized charities, enabling tax authorities to audit the total amount of donation receipts each charity is issuing. Upon making a donation to one of the charities the donor receives a donation receipt which will be stored locally on the donor’s device. Throughout this process neither the charity nor the Donau obtains any identifiable information about the donor, thus enabling anonymous donations. To simplify the verification for the tax authority, the donor needs to submit their donation receipts to the Donau at the end of the year. At that time, the Donau can combine the individual donation receipts in one final annual donation statement. Upon request of the tax authority, the donor can provide this donation statement to the tax authority which can check its validity and can then approve the tax deduction.
Supplemental material