[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Digital bearer postage stamps




Quoting Robert Hettinga ([email protected]):
> I wonder if these guys have heard of double spending?
> 
> Does anyone know whether this is some kind of 2-d barcode (it must be) or
> is it something else?
> 
> Cheers,
> Robert Hettinga

It's a 2-d barcode, with a bunch of info encoded into it..

Short answer: they use statistical security measures to prevent double
spending, but they have a *scary* reputation and limitless resources
to pursue fraud, something no one else really has.  I would not be
brave enough to double spend with this system from my home state, if
I were in the US.

Longer rambling answer:

The E-stamp folks are pretty hardcore as far as security goes, I recall.
They use a Dallas Semiconductor iButton (plug: check out the ibuttonpunks
mailing list....) as a local value store, after paying for postage
at a central location, and do other security measures I don't quite
recall -- perhaps encoding your local post office, such that the local
post office could keep its own database of double spenders, or having
a global double spending database.

The post office is pretty much protected from fraud, in any case -- much
more than existing letters (which can be forged against high-speed
equipment using a phosophor pen).

I'm not sure how E-stamp protects itself from fraud, or protects its
customers from E-stamp committing fraud, but I'm fairly convinced there is
at least statistical security for the USPS against users.

I believe the USPS published a standard during the search for a new
postage system -- they did a pretty good job of it, I just never bothered
to buy a copy.  If someone bought a copy and mailed it to jya, it would
be doing everyone a service.

(Even if you have the nerve to commit bank wire fraud, check fraud, armed
robbery, espionage, sedition, etc., you probably still aren't brave/reckless
enough to commit postal fraud, though -- USPS inspectors make IRS
auditors look passive)


Cheers,
Ryan
[email protected]