“P” is for privacy, “P” is for...—he who shall not be named—why free swaps used to be better than warranted searches—why the last shall be first—going the way of all flesh—the results of the privacy stakes—what to do in practice, be you a buyer or a merchant.
“P” is for Privacy, “P” is for ...
Now there are different reasons why you might choose an e-currency issuer and we’ll compare the candidates on a point by point basis when we get around to it. But we thought it would be nice to offer some thoughts on the matter dearest to our hearts: which e-currency issuer should you choose on the grounds of privacy. While all e-currencies offer the convenience and certainty of non-reputiable transactions, e-currencies provide varying degrees of anonymity. The ideal is an e-currency issuer who
- Operates on a “don’t-know-your-client” basis
- Keeps no records of client transactions
If these two conditions are met then even if Big Brother commandeers the issuer’s data processing centre he will be no wiser when he leaves than when he entered.
The anonymous e-currency niche is a small one, but a relatively easy one to enter. Because of the increased interest by governments in the mass surveillance of financial transactions the world’s main financial players, who operate both onshore and offshore, cannot easily play in the anonymous e-currency market. They are forbidden from doing so onshore—except perhaps for small value transactions—by laws that require them to operate on a “know-your-client” basis. Were they to do so offshore then governments would take action, whether within or outwith the law, to ensure that the issuers were disadvantaged commercially as far as their onshore operations were concerned. And while e-currencies have been growing very rapidly, they have started from a very low base, and are only beginning to command the interest of the major players by way of small but interesting acquisitions.
These restrictions leave the anonymous e-currency niche open to any small enterprise that can consistently demonstrate itself to be trustworthy and reliable. Demonstrating reliability of operation is relatively easy, but as with any quasi-offshore business the appellation “trustworthy” only comes after many years of clients finding that they can “take out” that which they have “put in”!
While primary e-currency issuers require a moderate amount of capital to set up the infrastructure needed to safely store and routinely audit the precious metals that provide 100% backing for the e-currencies that they issue, secondary e-currency issuers that resell primary e-currencies under their own name have negligible set-up costs.
The main problem for the e-currency issuers is that while they readily attract a small and loyal following, making their e-currencies attractive to merchants is an uphill struggle. Without major financial backing and a high rate of cash-burn that effectively buys market share by giving away free cash, growth is, as the euphemism has it, organic!
At present there are three candidates that offer varying degrees of privacy, and who have been around for long enough for us to be reasonably certain that they will not run away with our gold. So if you’re interested in privacy which one of the big three should you select: Pecunix, e-gold, or 1mdc? (And that, dear reader, is called a hint!)
He who shall not be named
It’s a digression, but you may wonder why we always refer to the big three and not, as other commentators on e-currencies do, to the big four. Well, if you’ve seen that Harry Potter film you may recall the discussion between Harry and Hagrid in Diagon Alley, when Harry is told that the evil Lord Voldemort is always referred to by way of the phrase “He who shall not be named”. Well, like Lord Voldemort the invisible fourth member of the big four is as far as freedom loving people are concerned a name that we do not mention in polite society (well, if you must know it’s called “GoldMoney”).
GoldMoney operates under the same “know-your-client” rules that we might expect from the average bank. It requires detailed information about its account holders—notarized no less—though you can open an account and perform some limited transactions without verification. The following extract from their T&Cs gives you a flavour:
GoldMoney has a Customer Acceptance Policy (CAP) so that it can comply with established know-your-customer regulations for financial institutions ... all financial institutions are required to verify the name and address of their customers and the source of the customer funds entrusted to them.
While in some respects GoldMoney may seem similar to e-gold, there is a distinct difference in ethos. GoldMoney is, we feel, an unctuous servant of Big Brother, through and through. E-gold’s at times servile behaviour is dictated more by the practicalities of its location and by its aspiration to be a major financial player onshore. The other reason to shun GoldMoney is that it has gained a reputation for operating its accounts on a hair-trigger, and—taking a leaf from the Paypal rule book—of freezing accounts at a whim. Security demands that you are able to get access to your gold immediately: the price of gold can rise and fall rapidly in response to world events; were you to buy near a peak you would not wish to wait for months watching the gold price rapidly fall before your account was unfrozen.
So now you know why we speak of the big three and not of the big four!
E-gold versus 1mdc
This used to be an easy one to call. 1mdc tells us it operates entirely off-shore. E-gold’s data processing centre is in the US. As far as we know 1mdc does not disclose account details to third parties. E-gold tells us on its web site that “Our staff has participated in hundreds of investigations supporting the FBI, FTC, IRS, DEA, SEC, USPS, and others.”
Now we’re all for putting an end to crime, but what is a whistleblower to do when the government that instigates investigations contains within it the very criminal elements that the whistleblower is intent on exposing? And while we have every sympathy with the Agent Starlings of this world this sympathy does not extend to their political masters who find it difficult to distinguish between public interest and private gain, who seek to use the information gleaned from mass surveillance campaigns to manipulate public opinion, and who further their own political ends by passing on personal information garnered under the pretext of fighting crime to their paymasters within Big Business. The founders of the good old “US-of-A” were wise enough to place some restraints on the executive, but sadly that executive has found ways to get around them.
At the end of the day it comes down to which you fear the most, the criminals within, or the criminals outwith, governments. It we look around the world today we can ask who causes the most misery, those individuals acting at the behest of governments or those individuals acting at the behest of organized crime? The question is rhetorical, for the depredations of governments vastly outnumber those of organized crime. The peoples of the world have unwittingly allowed governments to gather unto themselves ever greater powers, powers that they abuse with deliberate intent, or, in the most charitable of interpretations, lack the wisdom to use wisely. So, we, the people, must wrest back from governments these powers, and where we face the uncomfortable choice between two evils, we must tackle first that which is the greater of the two.
Now you’d think the US government would appreciate e-gold’s cooperation in these matters. But no. On e-gold’s web site we read:
Biting the hand that feeds you
Starting in mid-December 2005, Gold & Silver Reserve, Inc. (G&SR), contractual Operator and primary dealer for e-gold, has been the subject of a warranted search of its premises and records, had its domestic bank accounts frozen, and been the target of a precisely timed, extraordinarily misleading attack by a major business publication. ... The examination utilized the full resources of e-gold's system and prevented customer access. We were told by the government examiners that the outage would be for a few hours, however, due to the volume of data maintained by e-gold for its customers' protection, a surprise to the examiners, the examination occupied e-gold's computing capacity for 36 hours.
“Maintained by e-gold for its customers’ protection”—ironic isn’t it? And 36 hours—the mind boggles! Had the government examiners just wanted details of the transactions made by a few hundred suspects then there would have been no need to bring e-gold’s operations to a grinding halt. It seems like a blatant attempt by the US government to damage a business whose operations are perfectly lawful but which the US government doesn’t approve of—a standard Big Brother ploy.
While we salute e-gold’s founder for his vision of a gold-based economy, he clearly did not appreciate that the playing field would not be level, that he would have to fight with one hand tied behind his back, and that the “so called” referee would trip him up at every opportunity. Sadly, e-gold seems to be at a fork in the road: either it becomes a pseudo-bank or, if it wishes to keep the vision alive, it must move off-shore.
The US has long ceased to be a democracy in which the executive makes policy that is implemented in a transparent and even-handed fashion by impartial public servants. Instead it has become a tyranny where the executive directs the operations of those public servants to its own ends. Francis Scott Key must be looking down with sadness from his place amongst the heavenly hosts, for while the US may still be “the home of the brave”, it has long since ceased to be “the land of the free”.
What’s important here is what e-gold doesn’t say. E-gold doesn’t say that the US government now has a copy of every transaction made by every e-gold account holder, including the relevant IP addresses, going back to the year dot (1996 in the case of e-gold). E-gold doesn’t say that the US government has shared this information with other “friendly” countries (and the US government keeps some strange company—Saudi Arabia, for example; and even in the case of hostile states information is often bartered). E-gold doesn’t say that the details of all these transactions are now being correlated by disparate governments with information obtained from other sources. And we’re not saying that any of these statements is true either. We just don’t know. But we can speculate! What would a government keen to tap everybody’s phone do with a database full of everybody’s transactions? Well Sherlock, even Watson could make a valid deduction in this case! What’s important here is not what e-gold says, but what every man and his dog thinks!
So it would be prudent to assume that the US government and it’s hangers-on around the world have a direct line into e-gold’s transaction database. That doesn’t rule out e-gold entirely from a privacy point of view. E-gold still does not validate your personal details, for which it is to be commended (though a GoldMoney-like scenario looms ever larger on the horizon). If you access your account using a good proxy chain, such as Tor, then you still have a measure of protection. But beware: analysis of transaction details can make it easy to identify you. The transaction database will allow any interested party to determine what merchants you’ve done business with. So if you’ve given personal information to anyone on the other side of an e-gold transaction—if you’ve ever purchased any physical goods using e-gold for example—then provided the US government or its “friends” can get access to that party’s records—and they often have “ways and means”—then your anonymity is blown. So if you’re a whistleblower or a dissident—no matter where you live in the world—and you are using e-currency to pay for a web site, for example, then stay clear of e-gold—if it’s worth their while, then governments and their friends may not find it too difficult to track you down.
So clearly, you should choose 1mdc ahead of e-gold. Well, it used to be that way, but not any more as we’ll see below!
Pecunix: And the last shall be first!
Now Pecunix has a more stylish interface than its competitors; Pecunix has more features than its competitors; and Pecunix offers greater security than its competitors. Yes, all very well, but what about privacy, the focus of this blog entry?
Well when it comes to privacy Pecunix not only belongs in a different category to e-gold and 1mdc, it belongs on a different planet! Or, if you’ll forgive us changing and elevating the metaphor still further: it’s a star shining brightly in the firmament of the great god Zimmerman, because, Pecunix, unlike its competitors, is PGP savvy (indeed if you want to quickly assess the privacy credentials of any site just ask the question, “Does it use PGP, and, if so, for what purposes?”). Now while the use of PGP with Pecunix is entirely optional, if you add a public key to your account then you will get much in return for your efforts.
When you get an email containing a PIN from almost any financial site on the Internet the email is sent as plain text, which means that every man and his dog could know what your PIN is long before you do! Your email has passed through multiple Internet routers and finally to your ISP’s mail server. You can be pretty sure that at least one Big Brother has sniffed the contents somewhere along the line, to say nothing of organized crime. But with PGP enabled, the PIN you receive from Pecunix comes in an encrypted email. And not only is the PIN encrypted, so too are all emails that you receive from Pecunix. And this kindness can be reciprocated since Pecunix’s PGP key is readily downloaded from its site for the purposes of (1) verifying that the email you’ve received is actually from Pecunix, and is not the result of some phishing expedition; and (2) encrypting your reply to Pecunix should one be warranted.
The next felicity that comes with PGP is a rock-solid mechanism for account verification. With PGP enabled if you don’t enter any personal information when creating a Pecunix account, you can still regain access to your account using PGP should you lose your password. No need to use your mother’s maiden name or avail yourself of other equally risible, cretinous, and hacker-friendly methods of password retrieval, methods that seem to be employed by almost all web sites. Hence, it can be said unequivocally that Pecunix operates on a “don’t-know-your-client” basis.
There is a fundamental privacy principle that any exemplary web site will hold fast to: authorization without identification. When it comes to logging into such a site you are your PGP key. And if you need multiple personae for different purposes, then you use a different PGP key for each persona. With Pecunix you have the option of using PGP for authorization providing unexcelled logon security, which is one of the reasons why Pecunix is also the issuer of choice for large-scale asset holding (but we’ll discuss security another day).
In due course we received an email from Pecunix enquiring as to the nature of their sin, and the Prof told them in no uncertain terms what was needed by way of redemption. Despite our vast readership which must now number in millions—well, give or take six zeros—we had no expectation that Pecunix would accede to our request. But we’ve observed that Pecunix, unlike most web sites, responds well to criticism, and where it’s justified acts swiftly to remedy the matter. So we were not too surprised when we received an email from the “main man” at Pecunix, an email that contained the joyous news that Pecunix had repented—and we’re always prepared to welcome a lost sheep back into the fold.
1mdc: the way of all flesh!
Even worse, 1mdc’s new logon procedure requires the user to collect a new security code from his email account every time he logs on. This is extremely cumbersome and does not offer an improvement in security. For example, suppose there is a key-logger on your machine. It will record your 1mdc password as you type it in. 1mdc then insists you log on to your email account to collect a one-time security code to complete the login. But the key-logger will also record the name of the email account and the password as you login to collect the security code. Once a hacker knows your email account and password he will be able to collect the new security code when he in turn tries to login. So in adding this extra step 1mdc have added not to the user’s security but to the user’s frustration.
The net effect of 1mdc’s changes to the logon procedure is to push 1mdc into third place for both privacy and ease of use.
Results of the Privacy Stakes
Now, that’s not to say that Pecunix is perfect. Could we say Nearly Perfect Pecunix? No, not quite yet. They are some areas where we’d like to see improvements, and we’ll expound on those when we get down to discussing details. But in the broad sweep of things, in regards to its motivation, its responsiveness, and its technical expertise, Pecunix is by far the best bet at present for the privacy-minded.
Of course, there’s a problem in practice. E-gold has the largest share of the market, with 1mdc a good second, and Pecunix coming well behind (and most web sites will take no e-currency of any kind in exchange for their merchandise). It would be nice to see Pecunix catch up a little, but that all depends on whether they have the business acumen to match their technical expertise.
Of course, any new entrant to the e-currency marketplace will have the same difficulties as Pecunix in gaining market share. We had a chat with JG about it one day. The ideas we floated were a virtual debit card offered with the same degree of anonymity as the e-currency account—sign up once and you get both; a pass-through mechanism for e-currency payments so that a merchant could maintain a unified accounting system with a single e-currency issuer; bundling of the e-currency interface with some other more popular product; and a user-friendly implementation of e-currency micropayments. But discussing these ideas in detail is something we must leave for another day.
If you’re a Herr W.S. Blooer or a Miss D.S. Dent open an account with Pecunix. Then you can easily pay for your web site and other basic Internet services with very little risk of losing your anonymity.
If, like us, privacy is nice in principle but not essential in practice then open accounts with all three e-currency issuers. Keep most of your gold with Pecunix (it will not only offer you greater privacy, it will also offer you greater security) and keep some working capital with e-gold or 1mdc. 1mdc have a very nice free swap facility with e-gold and now also, in one direction, with Pecunix as well—we can say this of 1mdc, “When the good Lord was giving out business brains, 1mdc was at the head of the queue! It’s a pity they don’t have the technical expertise to match.” If the site where you want to make a purchase doesn’t support Pecunix then use e-gold or 1mdc instead. With e-gold there is a good chance that Big Brother will be monitoring your transactions, though your anonymity should still be reasonably safe with a good proxy chain. With 1mdc your transactions are probably safe, though there is a small chance that Big Brother with get a digital fingerprint of your computer, so your risk losing your anonymity.
If you’re a merchant then having so many different payment systems is a pain in the neck. Apart from credit/debit cards, you’ll be looking at Paypal (well until they freeze your account that is!) long before you’ll consider any e-currency as a payment method. However, if you’re in a niche business and privacy is particularly important to your customers then it’s worth your while offering Pecunix as a payment method. JG pointed out to us that its value is not only the extra business that it would generate. If you wax lyrical about Pecunix’s privacy features then you’ll provide a focal point to differentiate your business from that of your competitors—some of Pecunix’s “street-cred” in this area is likely to rub off on you!