this post was submitted on 28 Oct 2024
135 points (97.2% liked)

Asklemmy

43719 readers
1462 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] velox_vulnus@lemmy.ml 1 points 11 hours ago

Not the best write-up, but I've written a round sketch of what I wanted to explain about:

  • Data collection: UPI collects a lot of data about the user, for example, transaction history, phone number, payment address, IFSC, virtual ID and even location data.

  • Data sharing: Agreements with other countries by NCPI to facilitate cross-border sharing means that there is more attack surface for data leaks. Ignoring that, even by current standards, there is data sharing between third-parties like service providers, banks and government (NCPI), allowing for misuse of data, as well as breaches. UPI breaches have happened before already, this isn't something new, for example, BharatPay and PhonePe's transaction breaches

  • Lack of transparency: There is no transparency on UPI - how it works, how the data is handled, and what security measures have been taken. There is a centralized governmental organization, all the transactions go through their unified system, and there's nothing else - not even an open-source repository to add to the confidence of ensuring privacy. There are no policies or laws dictating how our data will be handled.

  • Surveillance: There's multiple reports about surveillance tech in India by organizations like Amnesty and AccessNow, then there was the Pegasus scandal. There are multiple mass-surveillance programs in India, including the Aadhar biometrics and the DRDO Netra. CCTV cameras are all across in major cities. If that is not already enough, there's a unified system with no transparency - there is stopping the government from surveillance, when it can already collect so much from the user.