Hacker News new | past | comments | ask | show | jobs | submit login

I read about Taler a few years back, and I'm excited to see that it is still under development.

In my opinion, for those of us who aren't anti-government, Taler represents an ethical future of digital spending:

It is interoperable, so unlike our current Visa situation, the free market should be able to bid down payment fees to a fair rate. It's insane to me that Visa and Mastercard have basically positioned themselves as exclusive middlemen on the vast majority of digital transactions, in an age when so much commerce necessarily is digital.

It offers privacy that Visa / PayPal / etc cannot.

It makes income traceable in a way that bitcoin does not, to facilitate lawful taxation.

It is inherently scalable in a way that bitcoin arguably is not (bitcoin has offchain scaling mechanisms, sure, but if you're being honest it's a stretch)

It's not introducing a new currency or coin that will be endlessly speculated on, unlike most every crypto solution out there (even stablecoins rely on eth or others for transaction fees)

Taler proposes an extraordinarily unethical panopticon, where unaccountable entities (both commercial and governmental) without any due process can surveil every transaction you make.

Engage in the "wrong" kind of commerce and after the political winds change-- maybe you get rounded up and executed. Regardless of your political alignment, one can't really look at the governance of many nations and say with confidence that you can trust that they won't change in a way which profoundly disrespects your human rights.

Taler misleads people into thinking that its private by claiming that only merchants are surveilled. But every time you pay you both were previously a recipient and you are paying to someone else who relieves. Monitoring reception is equivalent to monitoring everyone, and taler's surveillance is realtime and always active.

> It makes income traceable in a way that bitcoin does not, to facilitate lawful taxation.

Taxation is based on self-reporting, whistle-blowing, and serious criminal penalties for evasion, not on invasive realtime state surveillance into the private transactions of individuals.

Facilitating "lawful taxation" by pervasive surveillance of everyone who receives a payment is like preventing sexual assault by requiring a camera in every bedroom streaming in realtime back to government.

> Taler proposes an extraordinarily unethical panopticon, where unaccountable entities (both commercial and governmental) without any due process can surveil every transaction you make.

No, actually, you are describing the current state of affairs with mainstream online payment systems like PayPal and Venmo

Taler uses blind signatures which means that your exchange has no knowledge of where you are spending your tokens. In essence, when you make a payment the merchant knows you have an IOU to the exchange, the exchange knows it's a valid IOU, but since it was issued with a blind signature the exchange is not aware that it's an IOU that was issued to you. This gives you privacy that parallels the use of real world cash.

Chaumian digital cash is fine, but that isn't what taler actually implements.

Instead, it requires the recipient to identify themselves and the amounts for every payments. This is a continuous realtime surveillance which does not exist for cash.

Used perfectly it might be potentially more private than paypal, but no one is under any illusion that paypal is particularly private.

On a scale of ethical behavior providing strong privacy is superior to providing limited privacy but both are vastly superior to falsely claiming something has strong privacy when it is limited.

Taler takes matters a step further a falsely claim that its continuous realtime mass surveillance is required to facilitate lawful taxation. This claim is false-- an outright lie in fact. Not only is it technically not required, it's not legally required either and taxation has existed for countless generations when this kind of electronic surveillance was unimaginable.

> falsely claiming something has strong privacy when it is limited

Taler provides strong privacy for buyers, not for merchants. It's important to note that Taler is not a peer-to-peer system for transferring money (there are claims for interest in implementing such a system in the future, but it does not exist), so the receiver is always a merchant

Personally I don't mind that businesses are surveilled when I purchase at them, because businesses are not people and do not have the right to avoid surveillance. I would be very concerned if such surveillance could extend to me, but as discussed Taler provides buyers privacy and blindly signed tokens cannot be traced to me.

At the end of the day, balance sheets always balance, every transaction has two sides, and privacy for only one side of every transaction is impossible.

In that case, please enlighten me how to pierce the veil. For the sake of argument, you can play the role of an exchange arbiter - you have full visibility into every transaction.

On a given day you're signing a few billion in IOUs into existence from users, while paying out a few billion in IOUs from merchants. Since you are providing blind signatures, you essentially have two ledgers: one is transactions of the form (user, token_value, signed_at) and a second is transactions of the form (merchant, token_value, redeemed_at).

How do you suggest the exchange matches user to merchant from this data?

Not the person u are replying to Can a hash not be calculated for the iou, does it have an identifier ? The exchange can log those

It cannot, the anonymity guarantees are exposed in the Taler paper[1]: https://ged.univ-rennes1.fr/nuxeo/site/esupversions/41aac1ac...

I've never looked into Taler before this, but they could be matched by token value and approximate time, no?

Token value perhaps, under very low volume (think single digit users). But imagine millions or billions of dollars a day in transaction volume, looking at a $5 payment at a cafe and then trying to figure out which of the people whose been assigned a $5 token to in the past month might have shopped there - it would be absolutely futile.

Taler wallets just sit there until you use them, much like cash. Realistically, there would be too many degrees of freedom to create a matching from merchant to user, even if we additionally assumed a ton of metadata about user/merchant location and such.

Yes, but there isn't billions in commerce each day, at least not now.

Yes it is. You just write down "got 5 bucks from customer" and submit it to the tax office. Now one side is anonymous (customers) and the other not (merchant)

And before that the customer writes down “received 5 bucks”. Then you match up the two and can track the customer’s spending habits

If you go to your ATM and get 5 bucks, and then go to the cafe to pay a coffee with it and it's registered in their system, this is the exact same scenario, you realize that?

Well, If all you have is “A spent $5” and “B received $5” you are still missing a lot of info to identify that A and B are part of the same transaction (there are thousands of $5 trades every day)

But that's not even how Taler works: you withdraw an arbitrary amount of Taler (say $50), this is what is recorded on the consumer side, but then you have anonymous tokens (exactly like coins and bills) that you can spend without connecting to anything: only the supplier need to have a connection to a certification entity (which ensure no double spending).

What is the denomination of these tokens? Do I hand over 500 one-cent tokens to pay $5?

That's the coolest thing about Taler: there is a thing called “the refresh protocol”[1] which allows you to obtain change after a transaction: that is, for instance you pay with a $7 token for your $5 transaction, and you get a $2 change token!

[1]: section “4.7.4. Refreshing and Linking” in this paper https://ged.univ-rennes1.fr/nuxeo/site/esupversions/41aac1ac...

That is pretty cool!

So, basically, if a merchant requests payment of $5 and the buyer only has a $4 and a $3 token then the buyer exchanges her $3 token for three $1 tokens with the exchange (without involvement of the merchant) and then pay the merchant with a $4 and a $1 token?

So Zcash developers feel threatened enough about Taler to spread FUD about it. Sounds like a positive signal to me ;).

Hahah, nice.


I would take this even a step further. To state the obvious, the hard part of building a private currency system is building the private currency system. Once you've done that, it's relatively easy to deliberately relax the privacy guarantees of the system in straightforward ways if that is something you want to do. (Whether this is advisable is totally orthogonal. I'm speaking strictly at a technical level.) Think about this like having a perfect invisibility device. Once you have such a technology, it's relatively easy to make yourself deliberately more visible: e.g., throw a can of paint over your invisible body.*

But Taler doesn't start out by building what I consider to be a very strong privacy base and then allowing for optional relaxations. Instead it makes a series of design decisions that begin with the idea that privacy will be limited in certain ways, and then bakes those design choices all the way down to the foundations of the protocol. This means the designers have chosen the deployment parameters, rather than the people and democracies who might actually want to make the decisions. This rubs me the wrong way.

* This has in the past been interpreted by people as me saying "I think backdoors are great", which is funny and also not true.

The main problem is that certain guarantees about behavior are fundamentally incompatible with certain attributes of transactions; you can have meaningful assertions that hold only if all transactions meet some criteria and there is no optionality, because the intentional abuse will simply choose the set of options that circumvent whatever conditions you want to enforce.

Using your own example, if your "world" supports a perfect invisibility device, then your world can't provide any guarantees that under certain conditions specific things will be seen - you can't have your cake and eat it too, if you want or need such guarantees, then you need to design a world where a perfect invisibility device is impossible.

Stability of any financial system needs an ability to protect against malicious, resourceful actors. Just as a proof-of-work coin needs to protect against double-spending and miner collusion, a Taler-like system needs to protect against malicious exchanges (so, the requirements foor auditability) and against malicious fraudulent merchants (so, the requirements to ensure that there's no option that a malicious merchant might use to cash out anonymously after receiving a payment).

Perhaps there is some way to satisfy all needs, but I personally doubt that, there are too many fundamentally opposite requirements (anonymity vs AML; circumventing gov't control vs ability to take legal action; irreversibility vs reversibility of fraud, etc) - and a system has to choose! If 99% of your transactions use a reversible mode and 1% are irreversible and untraceable, well, you can't have fraud protection for hacked wallets since those will use the irreversible and untraceable option; if you want feature A, you have to ensure that feature B is impossible.

> and a system has to choose!

A system does not have to choose. The society that deploys it has to choose which systems they will use, how those systems will be configured and so on. That society also needs to decide whether they will (or even can) ban alternative systems.

The technology itself should not force the designers' favored technical balance onto society. An ideal technology should allow the broadest possible range of configurations, and let users and society make the remaining decisions wherever it's technically possible.

(Many real-world systems are not ideal, and cannot technically admit the broadest possible range of solutions. But we know that centralized e-cash systems can make different choices than Taler.)

My argument is that a broad range of constraints is inherently impossible to satisfy within a single fungible, fully interoperable money system - I agree that "ideal technology should allow the broadest possible range of configurations", however, even with such an ideal technology designed by $perfect_deity the "environments" with certain incompatible configurations need to be kept distinct and separate enough so they de facto form separate payment systems; and the users and society can choose to use system A for purpose X and system B (perhaps sharing all of the technology except a configuration flag) for purpose Y, but the society can't have a single system for both these purpuses, because if they are substantially different, then money can't be allowed to flow freely between the systems as that option would break one or the other use case.

The society can freely choose between different systems and properties/configurations of systems; but certain emergent properties of a payment system that a society might want to choose require that some other options are closed off, that the configuration is set to ensure that no transactions in that system can use that option.

For example, if some uses need an strictly anonymous system and others need an strictly unanonymous system, then these systems can interact only through some gateway that enforces breaking anonymity in the latter; if some uses need a reversible system and others need an irreversible system, then interaction needs to happen through some gateway that will reverse a transaction even if the other leg can't be reversed, taking on financial risk to cover the costs of such a scenario. And, crucially, it seems plausible that in many cases such gateways on the boundary between different configurations are socially impractical to operate as they would have to take on risks they can't protect from, and there would be financial motivation to target them to abuse that configuration difference.

For example, we're seeing a bunch of barriers between physical cash USD and USD in bank accounts; and we're seeing a bunch of barriers between USD payments via cheques and USD Fedwire transfers. They are almost interchangeable, but the boundary between different "configurations" requires treating them as distinct and anyone offering a service for unrestricted exchange of one of those into the other is in for a world of hurt.

We are having two different discussions here. I am having a technical discussion about how we should design privacy-preserving payment systems. I think we should design them to be as powerful as possible, since it is vastly harder to "strengthen" a weak system than it is to "selectively weaken" a powerful system if society decides to do that. Using this approach means that society gets the largest range of technology to choose from.

You are having a discussion about what solutions society should adopt, and whether multiple systems should be allowed. I think that's interesting but a very different conversation.

The only place where these two discussions interact is when technology developers proactively decide to make some kind of specific privacy/security compromise that they think is the right one. This means that societies who want privacy don't get it. It means that societies who want a different tradeoff don't get it. And the most likely outcome is nobody ever adopts the new system, and we get PayPal.

What I hear in your posts is an assertion that "technology developers proactively deciding to make some kind of specific privacy/security compromise that they think is the right one" is undesirable.

My point is that "technology developers proactively deciding to make some kind of specific privacy/security compromise that they think is the right one" is unavoidable, since any attampts to "avoid" of that choice by leaving options open simply means proactively deciding to make a different compromise that also means that societies who want a different tradeoff (e.g. that the technology must ensure that those options are impossible) don't get the tradeoff they want. Opening one door closes others, in this space one does not simply "add options" without implicitly trading off others.

IMHO the larger thread here is having a technical discussion about how we should design payment systems, of which privacy preservation is one factor that's not axiomatic. Your presumption that the systems must be privacy-preserving and as powerful (on the front of privacy-preservation) as possible seems exactly like a case of a technology developer proactively deciding to make some kind of specific privacy/security compromise that they think is the right one. And not really a compromise, but a point at one extreme on that tradeoff scale, which means that societies who want effective anti-fraud measures, anti-tax-evasion measures and ability to recover funds with legal means without the cooperation of wallet-holder don't get it; and IMHO it's quite clear that societies generally do want a tradeoff like that, as evidenced by all the laws societies have chosen to pass. The societies in general are not willing to trade off these factors to gain privacy preservation, and privacy-perserving payment systems get made only because developers proactively decide to make specific tradeoffs that they personally think are the right ones.

Leaving aside differences in values and the "ought" part, I also fundamentally disagree with the factual points you make in the first paragraph. I disagree that it's vastly harder to turn a security-preserving system into a privacy-preserving one than to turn a privacy-preserving system into a security-preserving one. IMHO many decades and much, much, much more effort has gone into building security-preserving systems than privacy-preserving systems, and we still haven't succeeded at the former, as evidenced by all the loopholes in electronic transfers and cash controls that still leave enormous space for money laundering. Cash is probably the counterexample of a technology that's somewhat "powerful" w.r.t privacy preservation and has proven to be very, very hard to "selectively weaken" effectively.

I'd say that to "selectively weaken" a powerful privacy-preserving system is definitely not easier, I'd say that it's pretty much impossible - since if a society would choose an ability to track specific transactions (e.g. money laundering or drug trades) then a selective weakening does not achieve that goal, and even 99% weakening does not achieve that goal. If there are multiple channels available, then achieving that requires that all channels are privacy-breakable, since otherwise the malicious transactions would all get funneled through the privacy preserving channel. The society can (and should!) apply privacy-breaking selectively, but if the technology can't ensure that these specific transactions are privacy-breakable despite some fraudster trying to preven tthat, then the society doesn't get the tradeoff it wants, that goal requires that 100% of the loopholes are closed - which IMHO is harder than ensuring that some transactions are privacy preserving; especially since you can have privacy preservation even if many transactions are non-private - as if you have multiple channels available, then you can choose to use only the privacy-preserving channels.

The second disagreement is with the statement "Using this approach means that society gets the largest range of technology to choose from." My point is that societies may reasonably want choices which require that other choices are impossible - providing extra choices is not necessarily a net benefit, as the mere availability of option A denies the society some choices. For example, if a society chooses that a certain class of payments should be taboo (for whatever reason), then providing an extra choice of an uncensorable channel does not mean a larger variety of choices - it means denying the society one choice - the choice they wanted, to ensure that taboo-payments don't get made - just to provide another choice that they did not want as much.

Perhaps that's the proper framing of this dichotomy? Maximum-choice-of-policy-outcomes is incompatible with maximum-choice-of-technology-options, there's a tradeoff.

Rather than writing thousands of words about what society should do, my point is much simpler. To give an analogy: a private payment technology can be a powerful system like a general purpose web browser, or it can be like a more hobbled system that can only browse pre-configured web pages and image formats chosen by the developers. Both options are viable, however: the problem comes up when your use case (or your country’s use case) calls for a “browser” with a very specific set of restricted functionality that is greater than the functionality offered by the hobbled system that’s available.

In this case you have a choice. You can ban all browsers entirely. You can use the hobbled browser that doesn’t meet your needs because that’s what’s available. You can try to add new functionality to the hobbled browser, which can be a hard path to follow. Or you can hope that instead of a hobbled browser, there is a more powerful full-featured browser that you can strip down to have the specific set of features you want. In the best case this is easy: just a matter of changing a configuration file. In the worst case maybe you have to snip away some code. To continue this silly analogy: it’s vastly easier to remove PDF support from Chromium than to write a brand new PDF renderer into software that chose not to have one.

Obviously I’m going to have to ask you to take my word that in this case a powerful privacy-preserving payment system stands in for a full-featured browser, and it’s relatively easier to “strip (privacy) features away” from a strong privacy system then to make a weak system more private. I’ve spent a good chunk of my life thinking about this exact problem so I feel confident making this case.

The remaining point you raise is essentially the following: the mere existence of privacy-preserving payment systems deprives societies of choice. This holds in the same way that the existence of, say, Chromium or Firefox makes it impossible for some country to plausibly mandate a browser that can only visit selected web sites or use file formats chosen by the government.

The best thing I can say about this argument is: tough luck. Better (centralized) privacy-preserving payment technologies exist. You can’t make them go away, any more than you can hope that Chromium or Firefox will stop existing. If the success of your preferred system depends on the non-existence of other technology, and that technology is already out there, then you need a better plan.

Isn't this basically what's happening nowadays, except on the level of competing digital currencies instead of on the level of competing configurations?

Bitcoin, Z-Cash, Stellar, GNU Taler and many more, all of those offer different characteristics which societies can pick and choose from. Central Banks don't necessarily like the particular choices that have been made by existing systems and drill down a level further to design a system with exactly the combination of cryptographic blocks that provide the desired mix of characteristics.

I don't think it's wrong that a particular solution like GNU Taler specializes in a particular set of combinations, it will do a better and more maintainable job at this (already pretty massive) project than trying to cover every arbitrary combination of characteristics. Same as libsodium provides a better crypto API than OpenSSL while not running into Heartbleed-scale bugs, because it actually dares to make opinionated choices.

The flexible layer for e-cash should be on the level of crypto primitives, and the actual implementation is the configurable layer that you're asking for.

Web browsers and operating systems are neat and general-purpose, but for a mission-critical currency it would be nice not to have to deal with the endless security fixes that an almighty everything-framework will unleash unto us.

I'm a big fan of libsodium/NaCl for the use case of "encrypting things simply". However, I also recognize that it can't do certain things: for example, the original NaCl didn't support "public key encryption from an anonymous sender who doesn't have a static secret key", and libsodium had to add that feature via a new "crypto_box_seal" function. I've seen multiple people re-implement that feature from scratch into NaCl, before libsodium added it and became the standard. They did this because many protocols require a way to do this, and the original NaCl designers were aware of this but had a very opinionated design philosophy. So we get forks.

This kind of thing is just barely tractable when you're talking about something as "simple" as a non-interactive encryption protocol. It becomes exponentially harder when you get into the world of interactive crypto protocols with ZK proofs and privacy guarantees (where a bug means losing millions of dollars.) It becomes even harder when specific anti-privacy features have been baked into the underlying protocols on purpose, because it requires so much expertise to remove them, and the consequences of a mistake are catastrophic to the whole system. You're often better off just starting from scratch, since the technology of centralized e-cash is reasonably well understood (and the Taler authors probably aren't going to support your fork, because they politically disagree with your choices.)

I have been following Taler for several years and it's great that it exists. But I don't see a pathway to adoption for it, partly because it's so "politically" opinionated around a specific set of features that the authors think are the right ones, and partly because it's hard to launch a centralized private currency without buy-in from a lot of people who agree with your political decisions. Taler can only launch if it finds sponsors who agree with all its choices, and it has not found them yet. Whereas Zcash and Monero launched because, while they're also opinionated, they're decentralized currencies and don't face the same coordination problems.

All these systems impose a notion of society though, so your distinction holds little water.

I've no idea if the "on-chain governance" crowd like Cosmos, Polkadot, etc. could politically introduce tools that supported taxation. Any "miner consensus" design like ZCash, Bitcoin, etc. could never introduce such politically contentious upgrades.

ZCash's developers have thus de facto spoken definitively against taxation, by defining the voting set to oppose taxation.

Taler exchanges do whatever governments permit/encurage banks to do. You might dislike our political system, but clearly Taler adopted a notion of society much closer to the conventional one.

As I noted above, Taler could swap their crypto for balance hiding tool or with techniques that support balance hiding blockchains. ZCash cannot disentangle itself from its anti-tax roots.

> ZCash cannot disentangle itself from its anti-tax roots.

Sure it can. Anyone can fork the Zcash code, and with some changes can adapt it to a centralized ledger. Or you can use a Chaumian system. Once you do this, you will have a system that faces exactly the same adoption hurdles as Taler.

Yes, there exist harder technical challenge in designing systems with more privacy, and ECC has an incredible engineering team doing SNARK work, but.. You're drawing a false equivalence between actual deployment potential in real systems, and the pure technological potential of ECC's code.

At a technical level, both ZCash and Taler operate upon two databases, one for UTXOs and one for nullifers, and either could change their cryptography. If you compare design decisions more carefully then you'll find ZCash baked their politics much more deeply than Taler.

Taler provides inexpensive anonymous payments for small everyday purchases. This is not controversial. ZCash employs non-scalable blockchain designs that cannot realistically support many small purchases, and even requires merchants track the chain, making it primarily an investment instrument. It's true one ECC dev has contributed to the scaling discussion, and ECC's code base spawned zexe and arkworks, which advanced zk rollups, but.. ZCash does not fund obviously much scalability work. In short, Taler appears focused upon real privacy needs of everyday people, while ZCash appears focused upon investors' privacy desires, including for for tax evasion.

ZCash could engineer some taxation support system, although not sure about the complexity. Taler could trivially simplify their refresh protocol, which then makes all transactions become plausibly refreshes, and makes taxation hard.

ZCash expressly supports hiding large balances, presumably from taxation. Taler could adopt a system that hides balances with range proofs, if they valued hiding large balances.

ZCash like Bitcoin was designed to combat flawed government monetary policy, which weds them tightly to this goal. If desired, Taler could operate upon finality proofs produced by blockchains, thus giving supporting the same anti-governmental monetary political goals as ZCash, etc.

Again, if we compare the political positions based into the designs of Taler and ZCash, then we find ZCash's positions to be more extreme, and to be baked more deeply into the design.

This shouldn't be viewed as a Zcash decision vs. Taler. I think this should be more viewed as full centralized Chaumian e-cash (with more flexible privacy choices) vs. Taler. If you're telling me that Taler's "value transparency" decisions are driven by technological scaling limitations that can't addressed any other way, then that's an interesting discussion to have. But it's not a discussion about Zcash.

The claim "can surveil every transaction you make" does not seem justified.

The way I see the process, the flow of Talers is strictly asymmetric and one way, with a clear distinction between users(consumers) and merchants:

1. From exchange to user (deposits).

2. From user to merchant (payments for orders).

3. From merchant to exchange (withdrawals).

The monitorable steps are 1. and 3., which allow tracking the total amount that you can spend and the total amount that the merchant has received. The actual transactions (step #2) are not surveilable, the system does not track who paid what to whom.

The statement "every time you pay you both were previously a recipient" is not correct, since as a non-merchant user you can't be a recipient of payments, you can't have any income in Taler, you can only spend what you yourself deposited in the system through an exchange. And vice versa, as a merchant, you can't make any payments, you can only withdraw your Taler income for real money at the exchange - it's exactly just as with a merchant account for receiving credit card payments, which is strictly separate from any credit card payments that the company might want to make themselves.

This contradicts one of the claimed principles of Taler, "Protect the privacy of buyers". Can you please explain how the example you gave would be possible with Taler, in a way that wouldn't be with crypto currency?

(off-topic: thank you for Opus.)

What do you think of Bitcoins/Ethereum etc. public ledgers?

In theory Bitcoin could provide a reasonable amount of privacy by leaving identities unlinked, in practice it doesn't. (Etherum's 'accounts' are extremely privacy toxic way beyond Bitcoin)

Of course, if one wants to trust other entities one can already easily use chaumian cash w/ Bitcoin.


That works similar to Taler except no integrated spyware.

This approach can even be implemented with multiparty security relatively easily, so that the funds are protected by a majority threshold rather than just requiring a single point of failure.

Comparing Taler to Bitcoin is not appropriate since Bitcoin could be the very monetary unit that is used as the denomination of payment amounts on the Taler network. In other words, Taler is a protocol that is deployed on top of Bitcoin, and does not compete with Bitcoin itself.

Bitcoin is (intended to be) a form of money — just like USD, EUR, gold, silver. The Taler network needs a unit of account (numeraire) to denominate amounts in, and this is what money is used for. Tail itself cannot function without a monetary unit since it’s a payment system (a way to move money).

You are correct - I should have been more explicit, but I was using comparing Taler as a system to move arbitrary money against the Bitcoin network[0], which is a system to move a specific money (Bitcoin the coins), or the various blockchain networks, which do similar for other tokens (including securitized fiat, as in stablecoins)

[0] "the Bitcoin network", meaning the use of blockchain transactions to facilitate payments, or off-chain schemes to do the same with on-chain settlement (as in lightning network)

> It makes income traceable in a way that bitcoin does not, to facilitate lawful taxation.

Can you explain this a bit more? I thought all Bitcoin transactions are completely traceable.

It sounds like Taler is not competing with Bitcoin.

Bitcoin is just as much about improving money in general as it is about preserving and transferring wealth.

Before WWI, a large part of the world was all on the gold standard. I think a Bitcoin standard would be similar to that but with improvements to consensus.

Perhaps Taler is more competing with Lightning networks or decentralized exchanges?

Taler isn't competing with bitcoin per se, but it's competing with a particular vision of the bitcoin network (or any blockchain) as "the future of digital payments". Lots of people are into bitcoin as a digital asset, as some kind of inflation-protecting security, etc. For these purposes, Taler is completely orthogonal and not a competitor at all.

How is bitcoin an improvement on money? Why is a standard on a physical or digital asset desirable, especially when the asset is rare. Wouldn't this unnecessarily restrict monetary policy?

Bitcoin(and by extension the rest of the cryptocurrency space) is an enabler for speculation - in the specific case of BTC, on the price action of the asset as more is mined, and on the cost of mining itself. Speculation's action - which is always crude when looking up close - has the effect of building a market where there once was nothing, and as BTC has grown crowded speculative activity has proceeded towards projects promising(if not necessarily delivering) additional features and social value.

One of the major limitations of a pure debits-and-credits system like Taler is that it has limited speculative interest. It can't be gamed for returns on investment, so it can't initiate the boom-and-bust cycle.

How Bitcoin levels of speculation desirable for a currency?

If my national currency was going up like bitcoin spending would decrease a lot. Why you'd you buy a car today when you can buy it in a month and spend 20% less? The economy would stop functioning.

And when the value of currency falls people want to spend it as fast as possible.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact