34 comments

[ 3.4 ms ] story [ 77.4 ms ] thread
Despite being an old article, I've seen few references to it in the wild, and thought it was very relevant after seeing http://news.ycombinator.com/item?id=777283
There was a dutch company called DigiCash that was quite far with developing such a concept.

http://en.wikipedia.org/wiki/DigiCash

There's also ECache: http://en.wikipedia.org/wiki/ECache

Very, very interesting stuff.

The first party to create a universal micropayment system for the web that is really usable is going to make it very big imo.

It would be a viable alternative to the ad supported model.

Most websites operate on very small fractions of a cent per pageview, you would have to have an extremely low overhead to make it work.

Say you pay a monthly subscription to the payment service provider, they then do all the bookkeeping based on a .js tag that is embedded on the page that you visit.

If you don't have an account the .js redirects you to the signup page for the payments service provider, you register, pay your initial fee and continue to browse.

You might even end up saving online newspapers in the process.

I completely agree with you.

I would easily spend 5 or 10 cents to read an interesting article, multiple times per day, especially a well written article from the New York Times or Wall Street Journal.

. . . which falls apart for people who don't allow JavaScript to execute in the browser. This would definitely impact some Websites more than others.
The number of pepople who don't allow JS in the browser is vanishingly small and are probably (mostly) the paranoid type who wouldn't use an internet payment service anyway. IMO.
I think you are highly confused about the intersection of "people who don't allow random code execution on their machines" and "people who would like a secure micropayment service."
I don't think I'm confused. I think perhaps many people who browse with JS deliberately turned off (for these reasons) misunderstand the multifaceted nature of security and place irrational weight on the fact that the JS is intended to execute on their machine. A remotely exploitable hole in JS is pretty much exactly the same as a hole in any other of the dozens of components of your browser. I would be much more worried about subtle holes in the myriad of closed-source media plugins you probably don't even know are there, and worse, can be loaded by ad networks.

A much better point against JS would have been about XSS or similar. Yes, that's still a real risk, but incidents seem to be on the decline as it's become standard web developer practise to guard against it. And that's only ever a single-site vulnerability, not the local-machine arbitrary-code-execution exploit you seemed to allude to.

But even if I am confused about all that, I'm certainly not wrong about the numbers - it's about 5% IIRC, and going down. JS is here to stay, is becoming a necessity on many sites, and everyone's just going to have to deal with that.

I don't really think I'm confused.

Not to put too fine a point on it, but "of course you don't." If you did, you would change your opinion.

* I think the majority of people who browse with JS deliberately turned off are misinformed*

Even if so, they are the same so-called 'paranoid' people to whom a secure (and hopefully anonymous) micropayment platform appeals.

And even if I am confused about that I'm certainly not wrong about the numbers, they're minute.

What is important is not absolute numbers. I reckon that school teachers comprise a minute portion of all web surfers. I doubt that Patrick would use this as a reason to exclude such from his Bingo Card Creator site.

I consider myself to be super-paranoid and would welcome with open arms a proper cryptographically secure internet payment system.

You would think that one could generalize this.

Sorry, I updated my comment to sound a little less argumentative. Somehow it always comes out wrong ..

I've done my dues in network admin and I can assure you that informed users like yourself are in the minority. I've only ever known a couple of people who turned off JS as a matter of course and they did so for all the wrong reasons, as I mentioned above. I am sure you can imagine the type of "power user" I am talking about.

Anyone who is actually informed about these security issues tends to mitigate them behaviourally. It's like antivirus. Most of the clued-up tech people I know do not constantly run antivirus software; they don't need to because they never take any action which might lead to virus infection. They might scan once a week or month or something.

It's the same with JS, IMO - if you know about the real issues with it, you also know how to avoid them, and you wouldn't ham-fistedly cripple the rest of your browsing experience in the process.

> A much better point against JS would have been about XSS or similar.

I don't think anyone was making a point against JavaScript in terms of vulnerabilities in the JavaScript interpreter itself. If you read the statement to which you reply, you might notice that the parent comment referred to people wanting to avoid execution of code from the Internet on the machine -- not about whether JavaScript is itself directly vulnerable.

> the local-machine arbitrary-code-execution exploit you seemed to allude to.

I didn't get that impression at all.

"I didn't get that impression at all."

Sorry - as mentioned in my other reply at this level, I really was imagining a certain type of person (in fact, a certain person) as I typed that, and kind of went off on my own.

Still:

"you might notice that the parent comment referred to people wanting to avoid execution of code from the Internet on the machine"

I maintain this is a largely irrational fear. The very phrase "execution of code" is very blurry when it comes to the web browser. And one hitherto unknown bug in an image or (closed source) PDF library and you're "executing code from the internet" too, and at a far more dangerous level of access than anything inside the JS sandbox.

I don't really see how the equivalent of "I'm already at risk, so I may as well be at further risk" is an effective counterargument.
Ah, yes, the old "I like to turn away certain classes of customers because I don't think well of them!" approach to market share. That works well.
I don't have one opinion or another about the customers, all I know is that you can build a viable business without catering to everybody. 92+% of the visitors to the sites that I look after have java support, 97%+ have javascript.

I don't think the remaining 3% are going to be the ones to make or break such an application.

Try using facebook, youtube or any other number of sites with flash, java and javascript shut off.

> Try using facebook, youtube or any other number of sites with flash, java . . . shut off.

Actually, I do visit those sites without Flash automatically playing in my browser. In fact, I use a script to download YouTube videos and play them locally with a media player. I'm not sure what Java has to do with being able to use Facebook or YouTube at all.

JavaScript is pretty ubiquitous, but stuff like Google Maps still degrades usably for those who aren't using JavaScript (for instance), as do the sites and Web applications I design.

I think that explicitly throwing away 3% of your potential users is pretty short-sighted, especially when it's for something as lame as "Well, they don't use JavaScript, and I could do this stuff with other technologies too." I wonder why people don't think of, for instance, the blind using screen readers when they utter platitudes about how the 3% don't matter.

I've been thinking very hard about this topic lately and actually went ahead with writing some code. Then I found http://www.opencoin.org who already did some of the work.

I think there's a lot than can be done in this field - not with micropayments, which everybody seems to think about first when they see this. What I find a lot more interesting is the possibility of many competing Internet currencies not tied to any national one.

How about turning HN karma into a currency? Probably no mass-market appeal... what's lacking is a killer application for digital money and when it comes, it'll probably be in a form that doesn't seem like money to us now.

I wish I had the answers for where to go with this, because there's no doubt in my mind it's the Next Big Thing (TM). That said, I strongly suggest reading Down And Out In The Magic Kingdom by Cory Doctorow ( http://en.wikipedia.org/wiki/Down_and_Out_in_the_Magic_Kingd...), as his Whuffie system seems like a path that needs to be taken, somehow.
Unfortunately he doesn't go into much detail about how Whuffie would actually work. I agree that some kind of karma system will eventually replace money, but the devil's in the details, and Doctorow offers precious few.
What I find a lot more interesting is the possibility of many competing Internet currencies not tied to any national one.

Would you also find it interesting to be indicted for money laundering? http://en.wikipedia.org/wiki/E-gold http://www.wired.com/threatlevel/2009/06/e-gold/

Well, it would probably be an interesting experience... not that I would care to find out. That's why I said the killer application would probably not look like money to us.

Take Youtube, for instance: people go to considerable lengths to create videos that others find interesting. Then they sit glued to the screen watching the view counter go up. There's a currency: people paying with their time (which everybody only has a fixed amount of) for someone's work creating videos.

Now have some ISP give extra bandwidth to people with Youtube videos over x thousand views. It doesn't cost them much "real" money since bandwidth is more or less a fixed cost but you have turned "virtual" money into a currency.

Granted, the example is a bit contrived but you can see where I'm going with this.

Thanks for the wired link.
With such light sentences, I suspect many people would. E-gold continues to operate and the founders ~8 week so of community service and a $200 were pretty light punishments, (although he's apparently deeply in debt, not least due to legal fees). Their main breach of the law seems to be in not complying with the existing regulations on money-transmittal businesses - and basically the production was saying that the only reason you exchange gold is for that purpose.

I don't know if transferable coupons redeemable for in-kind services would meet that same test, or surely Blizzard would have been prosecuted over tolerating real-money-trading in World of Warcraft assets.

How about turning HN karma into a currency?

Strangely enough I had a dream the other night where I was going to a HN meet with my friend (next SF one will be early September, BTW - and I owe 2 people coffee and didn't email them yet...sorry!) and when I got there, there was a vending machine where you could exchange your karma for everything from pants (?) to programming books.

I woke up laughing because this was so obviously stupid, but then I started to consider that if HN was a more conventional site with advertisers and sponsors, rewarding the higher-ranked posts and users with discounts from the merchant sponsors would actually make perfect sense. It's very obvious on a lot of niche forums who the community leaders are, and how much they influence the thinking (and often purchasing decisions) of others.

What is the HN meet? Can you give more information?
It's a high-powered conference of hackers and founders that takes place on an occasional basis at a private location in downtown San Francisco. That's all I'm authorized to >BANG< >THUD<

Seriously, it's just an informal get-together that seems to take place about once every 6 weeks at a cooperative bar where people can drink beer and network a bit. The last one seemed to go off well so electronslave and I were thinking to have it at the same place. It's not a secret, I'll post it here the week before and day of.

Bet your twitter followers. There's a though :-)
Neal Stephenson has some things to say about this in Cryptonomicon. Great book.
Your e-cash for the Internet must be transferrable in and out of your pocket as well. The same money you use on eBay should be usable at the convenience store. Mondex, etc. were the right idea (though tied to local currencies) but ahead of their time for the technology. Maybe time to start thinking along those lines again?
The question is, is there anything else that is universally useful that we can use as a basis for the currency?

How about something like Amazon Turk? Except you don't get paid in cash, you get paid in points. All points had to have been generated by somebody doing a small, useful service for somebody else.

I've been thinking about software to create economic instruments from information (e.g., source code) that you could exchange for micropayments. Can you recommend open source packages that might be useful for issuance and trading?