Firstly, thanks all involved for the phenomenal genius and reality of Bisq. I want to make it my defacto trading platform, so I am doing my research. Part of this is not only (successfully) doing some test trades already, but also engaging with and observing what is happening on this forum.
Secondly, I will gladly take criticism that maybe I watch too much “Mr Robot” if the criticiser is willing to consider that “If you are not paranoid, you are doing it wrong”
From my interactions, I can glean (and please correct me) that Bisq is working through numerous technical issues with a rate of about 22 transactions / day with 2 english speaking arbitrators. Both of these individuals are identifiable by forum handle, and one is a public figure (and lead developer) easily identifiable in the physical world.
Considering that:
Bisq is not in harmony with the intent of Western regulators
A potential loophole for citizens of Russia, China and other states
Arbitration could involve significant amounts of capital
I feel that the knowledge I am able to glean could be considered a non technical (real world) exploitation risk or systemic weakness.
I also understand that “Phase 0” is designed to mitigate risk and provide scalability. It can be argued that the present situation is of necessity and will dissipate with time, and I know that “necessity is necessity”.
I am however suggesting that the (non Tor) anonymity and impartiality of arbitrators needs to be sanctified. Whatever happens in public (eg. the forum) needs to be divorced from what happens between three contractual parties in the application. This can be considered a contractual and civil right.
For the reason above, I am concerned about the following technical issue:
It would be comforting to be kept informed on the forum regarding progress on this issue.
With the DAO we will have an additional security tool to open up the arbitration system to anyone. An arbitrator will need to lock up a high amount of BSQ, thus running risk that this gets confiscated by voting (exceptional case with 80% majority vote required) and as he holds a lot of BSQ he is heavily invested and has little incentives to hurt the project and thus his investment. The bonding is a kind of security deposit to make sure the arbitrator will not have any financial motivation to abuse his role.
Furthermore we will introduce mediators which do not hold the 3rd key and are pure customer care agents. 99% of the cases are of that nature so the both traders agree to the result and then can do the payout themselves (e.g. continue the trade). Then the arbitrator will get very few cases, only if the mediator cannot find a consensus of both traders. The arbitrator gets limited to a relative low amount of cases (about 20) then he has to revoke. So the max. damage of an arbitrator would be limited by 20 * max. trade amount. That will be roughly the amount for BSQ bonding. The confiscated BSQ could be used to compensate the victims.
Thats just a rough sketch of the plan. More details will be developed when we get closer to implementation.
The current arbitrators are high trusted and heavily involved in Bisq. There is no rational reason to expect any bad behavior of them. Small differences in judgements is considered as result of human labour, as 2 different judges will have slightly different views.
The mentioned case was a mix of technical issues with at least one lost message which caused a bit of communication issues, a trader who has repeatedly broken the trade rules and the fact that much of the rules/information is still not 100% well communicated.
Thanks @ManfredKarrer , I am busy looking and getting to understand the DAO better. Given what you have already done, I have every faith in it’s objectives and the standing of every human individual (including arbitrators).
The point I am making here is more blunt and my apologies for its crudeness: If I can figure out who arbitrator XYZ is from the forum, who they are in the real world and their role in the project, what could a malicious player do with that? Does XYZ have children? Maybe personal secrets?
These things are so far beyond the value of BSQ that they could pose a systemic risk to the project. It will be way better if arbitrators remain anonymous (as policy) and the forum is not used to discuss private details of contracts. (I feel this is also an ethical responsibility)
This however means that the technical aspect of the in-app communication MUST be 100% trustworthy. There is more than one known instance where this has malfunctioned: Help! trade has ended 6 days ago, no seller confirmation & non-existent Arbitrator , and all credit due that all is being done to fix it. It is now however a matter of trust that the userbase are assured that it is fixed and will never happen again - or that it is an ongoing problem with regular updates on progress.
I agree, this should be the case in the future. For now the project is too small and the arbitrators are too few for this to be reality. I believe this is obvious and was intended to be the case in the future.
Perhaps giving an anonymous email address with the PGP key could be requirement for future arbitrators so these types of scenarios could be resolved. It could be more then just app misbehaving, it could be due to the trader losing his Internet connection or something, but still being able to prove his identity by singing a message with the key used in the multisig used in the trade.
