I think you should also highlight how it is different from China’s Alipay or similar payment vendor system in Europe and the US - it is a unified payment system, there is little to no fee for transaction, and you’re not locked to a eco-system, like Apple, or PayPal. But it is absolutely horrible when it comes to privacy.
the difference is this is unified and government maintained, alipay or any payment vendor’s you have to use their apps, and you can only send money to people who have accounts in their apps, here it’s maintained by government no need to make any account anywhere, just direct bank to bank transfer with just phone number and QR code. and more importantly no transaction fees
Can you expand on why UPI is horrible when it comes to privacy when compared to the other options you have mentioned?
I would not be doing any sort of digital transactions if I am worried about privacy as I don’t think one is better than the other in this matter. It would be naive to think so otherwise.
I have gone through the links, and I still cannot find the answer to my question on what makes UPI “absolutely horrible when it comes to privacy” when compared to the other options in your original comment.
I still maintain that all practical means of digital transactions are inherently poor for privacy, regardless of the channel/medium. One is not less private than the other.
Of course, mediums like cryptocurrency exists which “promise” privacy while transacting. But they are not practical in India, and also do not operate at the scale of the options we are discussing about.
Also, I really appreciate responding back with links, but a line directly answering my question would have saved some time, especially since the links you shared are irrelevant to our discussion. None of the links actually do a comparison of the options or even state that one is outright better than the other. If anything, some of the comments in the linked forum posts only echo what I am saying about the lack of privacy across all digital transactions.
Not the best write-up, but I’ve written a round sketch of what I wanted to explain about:
Data collection: UPI collects a lot of data about the user, for example, transaction history, phone number, payment address, IFSC, virtual ID and even location data.
Data sharing: Agreements with other countries by NCPI to facilitate cross-border sharing means that there is more attack surface for data leaks. Ignoring that, even by current standards, there is data sharing between third-parties like service providers, banks and government (NCPI), allowing for misuse of data, as well as breaches. UPI breaches have happened before already, this isn’t something new, for example, BharatPay and PhonePe’s transaction breaches
Lack of transparency: There is no transparency on UPI - how it works, how the data is handled, and what security measures have been taken. There is a centralized governmental organization, all the transactions go through their unified system, and there’s nothing else - not even an open-source repository to add to the confidence of ensuring privacy. There are no policies or laws dictating how our data will be handled.
Surveillance: There’s multiple reports about surveillance tech in India by organizations like Amnesty and AccessNow, then there was the Pegasus scandal. There are multiple mass-surveillance programs in India, including the Aadhar biometrics and the DRDO Netra. CCTV cameras are all across in major cities. If that is not already enough, there’s a unified system with no transparency - there is stopping the government from surveillance, when it can already collect so much from the user.
I think you should also highlight how it is different from China’s Alipay or similar payment vendor system in Europe and the US - it is a unified payment system, there is little to no fee for transaction, and you’re not locked to a eco-system, like Apple, or PayPal. But it is absolutely horrible when it comes to privacy.
the difference is this is unified and government maintained, alipay or any payment vendor’s you have to use their apps, and you can only send money to people who have accounts in their apps, here it’s maintained by government no need to make any account anywhere, just direct bank to bank transfer with just phone number and QR code. and more importantly no transaction fees
Reading OPs description, I did wonder.
it is indeed horrible, I’m pretty sure one of the biggest motivation to push for digital transactions was to track easily and tax easily
Can you expand on why UPI is horrible when it comes to privacy when compared to the other options you have mentioned?
I would not be doing any sort of digital transactions if I am worried about privacy as I don’t think one is better than the other in this matter. It would be naive to think so otherwise.
IFF has written multiple articles about this, not just articles, but also forums.
Forum discussions
UPI - why are full names a part of the response?
Recommendations on banking services
Articles
Need silver linings? NPCI responds to our representation. It is investigating the Truecaller “Breach”
True (caller) or False (caller)? We ask NPCI to answer this question.
What has the NPCI found on the TrueCaller security breach? We write to them asking just that.
There are also research papers with respect to UPI, but I’ll not be linking that here.
I have gone through the links, and I still cannot find the answer to my question on what makes UPI “absolutely horrible when it comes to privacy” when compared to the other options in your original comment.
I still maintain that all practical means of digital transactions are inherently poor for privacy, regardless of the channel/medium. One is not less private than the other.
Of course, mediums like cryptocurrency exists which “promise” privacy while transacting. But they are not practical in India, and also do not operate at the scale of the options we are discussing about.
Also, I really appreciate responding back with links, but a line directly answering my question would have saved some time, especially since the links you shared are irrelevant to our discussion. None of the links actually do a comparison of the options or even state that one is outright better than the other. If anything, some of the comments in the linked forum posts only echo what I am saying about the lack of privacy across all digital transactions.
Not the best write-up, but I’ve written a round sketch of what I wanted to explain about:
Data collection: UPI collects a lot of data about the user, for example, transaction history, phone number, payment address, IFSC, virtual ID and even location data.
Data sharing: Agreements with other countries by NCPI to facilitate cross-border sharing means that there is more attack surface for data leaks. Ignoring that, even by current standards, there is data sharing between third-parties like service providers, banks and government (NCPI), allowing for misuse of data, as well as breaches. UPI breaches have happened before already, this isn’t something new, for example, BharatPay and PhonePe’s transaction breaches
Lack of transparency: There is no transparency on UPI - how it works, how the data is handled, and what security measures have been taken. There is a centralized governmental organization, all the transactions go through their unified system, and there’s nothing else - not even an open-source repository to add to the confidence of ensuring privacy. There are no policies or laws dictating how our data will be handled.
Surveillance: There’s multiple reports about surveillance tech in India by organizations like Amnesty and AccessNow, then there was the Pegasus scandal. There are multiple mass-surveillance programs in India, including the Aadhar biometrics and the DRDO Netra. CCTV cameras are all across in major cities. If that is not already enough, there’s a unified system with no transparency - there is stopping the government from surveillance, when it can already collect so much from the user.