I dont want give to much info here because of the ongoing legal process, but warning that the police checked my computer and got private information from many bisq traders i had over the years.
Its kind of stupid that the history not get cleared, at least the private info of other traders.
Possible that others will get a raid too, they got the private information from.
All the payment info of your trades in “Portfolio > history” are indeed stored in clear on your PC.
This particular case though, even if it might be further improved on Bisq’s side, I don’t think can be defined as an issue of Bisq per se, rather of securing your own information that you store on your PC.
My belief is that anyone using Bisq for privacy, is also using (or definitely SHOULD) some form of disk encryption.
For those countries where you can be forced by law enforcement to give unlocking password, a plausible deniability layer with a fake password is also recommended.
Thanks for reporting this. I’ve move this to lounge, only for registered users, but as OP you can decide if it’s better to leave it in “legal”, which anyone can access.
What country is it?
Moved from lounge section to legal, since the OP couldn’t enter to the lounge.
Hi @je49
Thanks for making users aware. Hope your legal issues are resolved quickly for you.
Here is a proposal about clearing trade histories periodically: Encrypt or remove saved trader chats and trade data on local Bisq instances · Issue #5396 · bisq-network/bisq · GitHub
I dont agree with you, there is no need that bisq stores private informations longer than necessary.
Look at sites like hodlhodl.com, after a succesfully trade the private information of your trader is removed and with that no longer possible to extract it from this plattform.
Storing all information makes bisq to a honeypot.
The police was very happy about finding this data set.
Most people dont encrypt and even with encryption removing is more safe, bisq should take that to notice.
Honestly i fear to say it, because i am sure they are reading here.
I agreed with you actually, for an even more privacy minded individual, where just noKYC coins are not enough, removing all past trades details (maybe all past trades in their entirety?) would be a nice feature, possibly to implement in a next version.
My point was more to the extent of “not a bug, a feature” thing.
And obviously, make sure they are reading here. Maybe you are a spook yourself posing as a victim of a police raid You can safely suppose anything you publish on any public platform is read and scrutinized by law enforcement. And even when you know you are doing absolutely nothing wrong, LEO will do their best to pin on you something illegal based on that completely legit activity, if they so wish.
That’s why my point was, "it can be improved based on your situation, YET if you care about your privacy, go with full disk encryption as a bare minimum, and then know the attack surface (eg Bisq saving trade history) and decide how to reduce it (eg learn which file contains the history and setup a script to delete it).
Ultimately, this stuff is necessarily under your own responsibility, noone, even in their best intentions, will be able to protect you better than you can do yourself.
Can you please at least mention a country or a region of the world.
This issue has been a concern for me. You cant really trust the other person has encrypted the meta data. Bisq should be doing this to help protect peoples info, innocent people could be linked if traded with someone under investigation etc etc
This issue has been a concern for me. You cant really trust the other person has encrypted the meta data. Bisq should be doing this to help protect peoples info, innocent people could be linked if traded with someone under investigation etc etc
The trade data issue is being addressed for future trades with this pull request:
User will still have each others data for the trade period and sometime afterwards but then the default settings will start clearing the data.
Well, the bank will still have the transaction data and I wonder who is actually doing the sneaking about “suspicious” transactions. Could it be the banks themselves? Anyway I guess filesystem encryption is the better option here.
Euro countries
Thanks for the update bisq
Thanks for the update.
Clear payment account payload info from closed trades. by jmacxx · Pull Request #6001 · bisq-network/bisq · GitHub was implemented in 1.8.4 to address concerns.
Trade payment account information is set up to now only be kept for 60 days. Should a user want to increase this they can do so in Bisq > Settings.
I think i found a bug.
Sensetive data of failed trades are not cleared.
have you verified deleting of old data is enabled, and trades older than the set amount of days, still show payment information (name, account no.)?
I tested this feature myself on a development setup before 1.8.4 release and it did its job, but you might have found a specific case where the bug happens
Yes all other data are removed, except in portfolio → failed
I think it was just forgotten to included this trades too
What data exists there in portfolio?
I have an excel doc that has nothing but numbers I use; encrypted etc. I dump basic extract data to.
But obvs no names or identifiable anything.
I think i found another bug.
If you look at a cleared trade into the details, this info of the own account is showing:
"countryCode": "XX",
"acceptedCountryCodes": [
"XX",
"XX",
"XX",
],
"bankId": "XXXXXX",
“bankId” is the “bic” of a sepa payment. It renames bic to bankid.
I guess this behavior was not intentional.
Passed comments into github? Let dev’s know?
absolutely open an issue on github at Issues · bisq-network/bisq · GitHub
this looks like something that should be looked into