I have gone through the links, and I still cannot find the answer to my question on what makes UPI “absolutely horrible when it comes to privacy” when compared to the other options in your original comment.
I still maintain that all practical means of digital transactions are inherently poor for privacy, regardless of the channel/medium. One is not less private than the other.
Of course, mediums like cryptocurrency exists which “promise” privacy while transacting. But they are not practical in India, and also do not operate at the scale of the options we are discussing about.
Also, I really appreciate responding back with links, but a line directly answering my question would have saved some time, especially since the links you shared are irrelevant to our discussion. None of the links actually do a comparison of the options or even state that one is outright better than the other. If anything, some of the comments in the linked forum posts only echo what I am saying about the lack of privacy across all digital transactions.
Not the best write-up, but I’ve written a round sketch of what I wanted to explain about:
Data collection: UPI collects a lot of data about the user, for example, transaction history, phone number, payment address, IFSC, virtual ID and even location data.
Data sharing: Agreements with other countries by NCPI to facilitate cross-border sharing means that there is more attack surface for data leaks. Ignoring that, even by current standards, there is data sharing between third-parties like service providers, banks and government (NCPI), allowing for misuse of data, as well as breaches. UPI breaches have happened before already, this isn’t something new, for example, BharatPay and PhonePe’s transaction breaches
Lack of transparency: There is no transparency on UPI - how it works, how the data is handled, and what security measures have been taken. There is a centralized governmental organization, all the transactions go through their unified system, and there’s nothing else - not even an open-source repository to add to the confidence of ensuring privacy. There are no policies or laws dictating how our data will be handled.
Surveillance: There’s multiple reports about surveillance tech in India by organizations like Amnesty and AccessNow, then there was the Pegasus scandal. There are multiple mass-surveillance programs in India, including the Aadhar biometrics and the DRDO Netra. CCTV cameras are all across in major cities. If that is not already enough, there’s a unified system with no transparency - there is stopping the government from surveillance, when it can already collect so much from the user.
I have gone through the links, and I still cannot find the answer to my question on what makes UPI “absolutely horrible when it comes to privacy” when compared to the other options in your original comment.
I still maintain that all practical means of digital transactions are inherently poor for privacy, regardless of the channel/medium. One is not less private than the other.
Of course, mediums like cryptocurrency exists which “promise” privacy while transacting. But they are not practical in India, and also do not operate at the scale of the options we are discussing about.
Also, I really appreciate responding back with links, but a line directly answering my question would have saved some time, especially since the links you shared are irrelevant to our discussion. None of the links actually do a comparison of the options or even state that one is outright better than the other. If anything, some of the comments in the linked forum posts only echo what I am saying about the lack of privacy across all digital transactions.
Not the best write-up, but I’ve written a round sketch of what I wanted to explain about:
Data collection: UPI collects a lot of data about the user, for example, transaction history, phone number, payment address, IFSC, virtual ID and even location data.
Data sharing: Agreements with other countries by NCPI to facilitate cross-border sharing means that there is more attack surface for data leaks. Ignoring that, even by current standards, there is data sharing between third-parties like service providers, banks and government (NCPI), allowing for misuse of data, as well as breaches. UPI breaches have happened before already, this isn’t something new, for example, BharatPay and PhonePe’s transaction breaches
Lack of transparency: There is no transparency on UPI - how it works, how the data is handled, and what security measures have been taken. There is a centralized governmental organization, all the transactions go through their unified system, and there’s nothing else - not even an open-source repository to add to the confidence of ensuring privacy. There are no policies or laws dictating how our data will be handled.
Surveillance: There’s multiple reports about surveillance tech in India by organizations like Amnesty and AccessNow, then there was the Pegasus scandal. There are multiple mass-surveillance programs in India, including the Aadhar biometrics and the DRDO Netra. CCTV cameras are all across in major cities. If that is not already enough, there’s a unified system with no transparency - there is stopping the government from surveillance, when it can already collect so much from the user.