Is trader chat saved?

Seems like I can’t reference trader chat once the trade is complete. Is there something I’m missing or is this by design? Is it somewhere in the bisq data directory?

AFAIK trader chat is not saved. Not even locally.

Mediation and arbitration chat is saved locally.

1 Like

I see. And is this by design? I feel that it may be helpful to reference.

I am not sure but I do not think so.

The information could be saved locally manually if so wished.

The details of the trade are already saved.

If you think it would be a good addition for Bisq please feel free to open a GitHub issue requesting it to be added:

There’s a git for allowing mediator’s/agents to access trader chat upon escalation.
Ultimately though, after successful etc and moved on over a period of time… it should be removed automatically imo.

Trader chat history can be accessed by using the command ‘strings’ on the “ClosedTrades” file (if the trade is closed).

This might be a linux command, and I’m not sure what the equivalent command is for windows, but the trader chat data is definitely saved on your local machine (because there are no central servers in Bisq :slight_smile:

3 Likes

AFAIK trader chat is not saved. Not even locally.

the opposite is true. It´s saved locally unencrypted and permanently even after trade finish.
May don’t chat sensitive information.

So propose a git to fix.

2 Likes

But I couldn’t find a github issue after quick search. Is this a feature or bug?

I was not aware it was saved locally unencrypted. I would prefer this wasn’t the case.

2 Likes

Chat messages are saved as part of the Trade object. None of the Trade data is encrypted when written to disk. Since this is a local save it’s best to set the Bisq data dir to an encrypted disk if this is a concern.

It’s not been discussed/raised and several folks seem to have different takes on what is currently in place.

What should be the default? Bisq & privacy.

  • The mediators/agents are able to see the exchange only upon trade being escalated.
  • The discussions between traders is encrypted & gets deleted after certain amount of time.
  • Op-Sec is important.
2 Likes

I think trade data should be encrypted.

It is not just a concern about data on your local machine. It is a concern about everyone else’s data being stored on a user’s machine.

Is it currently the case that potentially every person you have traded with will have your data stored on their local machine unencrypted?

1 Like

Is it currently the case that potentially every person you have traded with will have your data stored on their local machine unencrypted?

Yes, all Info of trade partner is unencrypted saved in plaintext forever. Not only limited to trader chat messages but also all account data and transaction ids and btc addresses used for trading. Bank account details, full name. I have opened \Bisq\btc_mainnet\db\ClosedTrades and found every trade from last years bank account number, email, telephone numbers of trade partners in plaintext. That is to give you view how it looks like, but you can always see yourself. Nothing special required. Notepad could even recover trade peers personal details. All sensitive information replaced with XXXCENSORED_XXX for reasons.

SEPA���������:�
>XXXCENSORED_BANK COUNTRY CODE_XXX"�
XXXCENSORED_Full name_XXXeXXXCENSORED_IBAN_XXXXXXCENSORED_bic_XXX*AT*BE*BG*CH*CY*CZ*DE*DK*EE*ES*FI*FR*GB*GR*HR*HU*IE*IS*IT*LI*LT*LU*LV*MC*MT*NL*NO*PL*PT*RO*SE*SI*SKzH
salt@XXXCENSORED_XXX*XXXCENSORED_btcADRESS_XXX"�#{
  "offerPayload": {
"id": "XXXCENSORED_TRADEID_XXX",
"date": XXXCENSORED_TIMESTAMP_XXX,
"ownerNodeAddress": {
  "hostName": "XXXCENSORED_XXX.onion",
  "port": 9999
},
"direction": "BUY",
"price": 0,
"marketPriceMargin": 0.005,
"useMarketBasedPrice": true,
"amount": 700000,
"minAmount": 300000,
"baseCurrencyCode": "BTC",
"counterCurrencyCode": "CHF",
"arbitratorNodeAddresses": [],
"mediatorNodeAddresses": [
  {
    "hostName": "apbp7ubuyezav4hy.onion",
    "port": 9999
  },
  {
    "hostName": "a56olqlmmpxrn5q34itq5g5tb5d3fg7vxekpbceq7xqvfl3cieocgsyd.onion",
    "port": 9999
  },
  {
    "hostName": "sjlho4zwp3gecspf.onion",
    "port": 9999
  }
],
"paymentMethodId": "SEPA",
"makerPaymentAccountId": "XXXCENSORED_XXX",
"offerFeePaymentTxId": "XXXCENSORED_XXX",
"countryCode": "XXXCENSORED_BANKCC_XXX",
"acceptedCountryCodes": [
  "AT",
  "BE",
  "BG",
  "CH",
  "CY",
  "CZ",
  "DE",
  "DK",
  "EE",
  "ES",
  "FI",
  "FR",
  "GB",
  "GR",
  "HR",
  "HU",
  "IE",
  "IS",
  "IT",
  "LI",
  "LT",
  "LU",
  "LV",
  "MC",
  "MT",
  "NL",
  "NO",
  "PL",
  "PT",
  "RO",
  "SE",
  "SI",
  "SK"
],
"bankId": "XXXCENSORED_XXX",
"versionNr": "1.5.3",
"blockHeightAtOfferCreation": XXXCENSORED_XXX,
"txFee": XXXCENSORED_XXX,
"makerFee": 5000,
"isCurrencyForMakerFeeBtc": true,
"buyerSecurityDeposit": 600000,
"sellerSecurityDeposit": 600000,
"maxTradeLimit": 1000000,
"maxTradePeriod": XXXCENSORED_XXX,
"useAutoClose": false,
"useReOpenAfterAutoClose": false,
"lowerClosePrice": 0,
"upperClosePrice": 0,
"isPrivateOffer": false,
"extraDataMap": {
  "capabilities": "0, 1, 2, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16",
  "accountAgeWitnessHash": "XXXCENSORED_XXX"
},
"protocolVersion": 3
  },
  "tradeAmount": 300000,
  "tradePrice": XXXCENSORED_XXX,
  "takerFeeTxID": "XXXCENSORED_XXX",
  "buyerNodeAddress": {
"hostName": "XXXCENSORED_XXX.onion",
"port": 9999
  },
  "sellerNodeAddress": {
"hostName": "XXXCENSORED_XXX.onion",
"port": 9999
  },
  "mediatorNodeAddress": {
"hostName": "sjlho4zwp3gecspf.onion",
"port": 9999
  },
  "isBuyerMakerAndSellerTaker": true,
  "makerAccountId": "XXXCENSORED_XXX",
  "takerAccountId": "XXXCENSORED_XXX",
  "makerPaymentAccountPayload": {
"holderName": "XXXCENSORED_XXX",
"iban": "XXXCENSORED_XXX",
"bic": "XXXCENSORED_XXX",
"email": "",
"acceptedCountryCodes": [
  "AT",
  "BE",
  "BG",
  "CH",
  "CY",
  "CZ",
  "DE",
  "DK",
  "EE",
  "ES",
  "FI",
  "FR",
  "GB",
  "GR",
  "HR",
  "HU",
  "IE",
  "IS",
  "IT",
  "LI",
  "LT",
  "LU",
  "LV",
  "MC",
  "MT",
  "NL",
  "NO",
  "PL",
  "PT",
  "RO",
  "SE",
  "SI",
  "SK"
],
"countryCode": "XXXCENSORED_XXX",
"paymentMethodId": "SEPA",
"id": "XXXCENSORED_XXX",
"maxTradePeriod": -1
  },
  "takerPaymentAccountPayload": {
"holderName": "XXXCENSORED_XXX",
"iban": "XXXCENSORED_XXX",
"bic": "XXXCENSORED_XXX",
"email": "",
"acceptedCountryCodes": [
  "AT",
  "BE",
  "BG",
  "CH",
  "CY",
  "CZ",
  "DE",
  "DK",
  "EE",
  "ES",
  "FI",
  "FR",
  "GB",
  "GR",
  "HR",
  "HU",
  "IE",
  "IS",
  "IT",
  "LI",
  "LT",
  "LU",
  "LV",
  "MC",
  "MT",
  "NL",
  "NO",
  "PL",
  "PT",
  "RO",
  "SE",
  "SI",
  "SK"
],
"countryCode": "XXXCENSORED_XXX",
"paymentMethodId": "SEPA",
"id": "XXXCENSORED_XXX",
"maxTradePeriod": -1
  },
  "makerPayoutAddressString": "XXXCENSORED_XXX",
  "takerPayoutAddressString": "XXXCENSORED_XXX",
  "lockTime": 669272,
  "refundAgentNodeAddress": {
"hostName": "3z5jnirlccgxzoxc6zwkcgwj66bugvqplzf6z2iyd5oxifiaorhnanqd.onion",
"port": 9999
  }
}*@

:face_vomiting: :sob:

Get that change on github asap.

2 Likes

Thanks @bitsquareuser2306874

This is not good.

If one user’s account is compromised it puts all the traders they have traded with at undue risk, and all the traders they have ever traded with at undue risk also.

2 Likes

I have opened an issue for this on GitHub: Encrypt or remove saved trader chats and trade data on local Bisq instances · Issue #5396 · bisq-network/bisq · GitHub

1 Like