It seems that some anti-fraud mechanisms have evolved to use information about how a user is connected to the Internet to determine whether they are likely to be fradulent. Specifically, in my case it turns out that Paypal does not accept my debit card: "We were unable to verify this credit card through our card validation process. To proceed with checkout, please verify the information you entered is correct or try a different card." I do not have other cards, and my card works everywhere else. A little online investigation suggests that Paypal outsources its card verification process to an overzealous company called CyberSource, and there are many false positives. I suspect that in my case, the false positive is related to my use of Tor. According to this article, geographic location (i.e. "where a buyer's computer is") determined by IP address and ISP data, can cause a transaction to be denied: http://www.intelligentbanking.com/brm/news/ob/20000915.asp These articles cite geolocation as a useful anti-fraud technique: http://www.cybersource.com/news_and_events/international/view.xml?page_id=57... http://www.reliant.com/yhb/department/1,,CID457419,00.html?&cktst=true&REID=F A544C80-A195-0762-7F7B-9DCB487135AD http://www.slate.com/id/74654/ http://www.collectionsworld.com/cgi-bin/readstory2.pl?story=20031201CCRU387.... ml http://www.networkworld.com/news/2001/1022visa.html It seems to me that the world has already begun walking down the dangerous road of developing infrastructure that rely upon routing information and ISP data to identify fraudulent activity. This will present a major stumblingblock to the deployment of location-independent services and overlay networks such as Tor that attempt to separate location from identity. Geoff ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]