[+warner in case he has insights…] On Jan 23, 2014, at 11:11 AM, Daniel Buchner <[email protected]> wrote:
> With a web activity, we could enable apps that handle crypto-currency > payments to transact value for the user. This would make payment with > crypto-currencies a trivial process, here's how it could work: > > 1) Apps that supported crypto-currency payments/transfers would add a hook > for a "crypto-payment" web activity: > https://gist.github.com/csuwildcat/8582305 > > 2) Any app that desires to offer the option to pay or transfer value via > crypto-currency, could then do so by invoking the activity: > https://gist.github.com/csuwildcat/8582556 > > Using the existing Web Activities mechanism, we could allow crypto-currency > apps to do the heavy lifting without adding much complexity to our platform. Using web activities to process payments has always seemed appealing to me because the merchant can say "give me money but I don't care how." Any app can register themselves to take money and give it to the merchant. The tricky part is the latter: how does the merchant trust that it will receive money? Due to the nature of web activities it has no control over *who* processes the payment. If any app can register themselves as a handler for the the web activity then what is that app's incentive to pay the merchant? It's a gold mine for thieves. I hadn't considered the case of bitcoin before in this scenario. Bitcoin is unique in that the payment can be verified on the block chain and that is how a merchant can trust it will eventually receive the money. Theoretically, I can see how a merchant can start a web activity for receiving money via Bitcoin and not care how that money is processed since it can be verified. However, block chain verification is not instantaneous. The story for processing the payment in this manner seems weak. What does the merchant tell the user? Please wait 15 minutes while we verify your transaction? The only way (I know of) that bitcoin payments can be done instantaneously is to use a specific wallet service that gives you "credit" while it verifies the block chain in the background. To get instant payments you have to trust the wallet service but you can't use a web activity to say "only process my payment with these wallet services I trust." Let's say that a merchant could somehow verify bitcoin payments instantaneously when it receives the onsuccess callback. Even then, how do we protect the user from fraudulently making a bitcoin payment to the wrong address (and so on)? By the time the merchant can reject a transaction it's too late, the user may have given money to the wrong person. The merchant wins but the user loses. Kumar > > Feedback welcome - especially if I missed something! > > - Daniel > > > > > > _______________________________________________ > dev-webapps mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-webapps _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
