GNU project introduced Issue of free electronic payment system GNU TALER 0.8 . The feature of the system is that customers are given anonymity, but sellers are not anonymous to ensure transparency of the provision of tax reports, i.e. The system does not allow you to track information about where the user spends money, but provides funds to track the receipt of funds (the sender remains anonymous), which solves the problems of tax audit peculiar to Bitcoin. The code is written in Python and extends under licenses AgPlv3 and LGPLv3.
GNU Taler does not create its own cryptocurrency, and works with already existing currencies, including with dollars, euros and bitcoins. Support for new currencies can be provided through the creation of a bank that acts as a financial guarantor. The GNU Taler business model is based on the exchange of exchange operations – money from traditional payment systems, such as Bitcoin, MasterCard, SEPA, VISA, ACH and SWIFT, are converted to anonymous electronic money in the same currency. The user can transfer electronic money to sellers, which can then be changed to the real money on the exchange point, represented by traditional payment systems.
All transactions in GNU Taler are protected using modern cryptographic algorithms that allow you to maintain reliability even when leakage of private keys of customers, sellers and exchange points. The BD format provides the ability to verify all the transactions and confirm their consistency. Confirmation of payment for sellers is the cryptographic proof of the translation within the contract concluded with the client and cryptographically signed confirmation of the availability of funds at the exchange point. The GNU Taler includes a set of basic components that provide logic for the Bank’s work, exchange points, trading platform, wallet and auditor.
In the new release, the inframent is implemented to eliminate the flaws identified as a result of the security audit of the code base. The audit was performed in 2020 by Code Blau and was funded through a grant issued by the European Commission as part of the new-section Internet technologies. After the inspection, recommendations were made associated with the enhancement of the insulation of private keys and the separation of privileges, improving the documentation of the code, simplifying the complicated structures, processing the methods of processing NULL pointers, initializing structures and callback calls.
Main changes:
- isoged isolation of private keys, which are now processed using separate executable Taler-Exchange-Secmod- * files running under a separate user, which allows you to separate the logic of working with keys from the Taler-Exchange-HTTPD process processing external network requests.
- isoged isolation of confidential configuration parameters of the exchange points (stock exchange).