Is trader chat saved?

embitkay · March 8, 2021, 2:32am

Seems like I can’t reference trader chat once the trade is complete. Is there something I’m missing or is this by design? Is it somewhere in the bisq data directory?

Pazza · March 8, 2021, 3:33am

AFAIK trader chat is not saved. Not even locally.

Mediation and arbitration chat is saved locally.

embitkay · March 8, 2021, 11:13pm

I see. And is this by design? I feel that it may be helpful to reference.

Pazza · March 10, 2021, 4:14am

I am not sure but I do not think so.

The information could be saved locally manually if so wished.

The details of the trade are already saved.

If you think it would be a good addition for Bisq please feel free to open a GitHub issue requesting it to be added:

Conza · March 10, 2021, 11:51am

There’s a git for allowing mediator’s/agents to access trader chat upon escalation.
Ultimately though, after successful etc and moved on over a period of time… it should be removed automatically imo.

JohnForsyth · March 14, 2021, 9:32pm

Trader chat history can be accessed by using the command ‘strings’ on the “ClosedTrades” file (if the trade is closed).

This might be a linux command, and I’m not sure what the equivalent command is for windows, but the trader chat data is definitely saved on your local machine (because there are no central servers in Bisq

bitsquareuser2306874 · March 18, 2021, 7:43pm

AFAIK trader chat is not saved. Not even locally.

the opposite is true. It´s saved locally unencrypted and permanently even after trade finish.
May don’t chat sensitive information.

Conza · March 19, 2021, 12:56am

So propose a git to fix.

bitsquareuser2306874 · March 19, 2021, 12:04pm

But I couldn’t find a github issue after quick search. Is this a feature or bug?

Pazza · March 20, 2021, 1:12am

I was not aware it was saved locally unencrypted. I would prefer this wasn’t the case.

sqrrm · March 20, 2021, 10:03am

Chat messages are saved as part of the Trade object. None of the Trade data is encrypted when written to disk. Since this is a local save it’s best to set the Bisq data dir to an encrypted disk if this is a concern.

Conza · March 21, 2021, 12:28am

It’s not been discussed/raised and several folks seem to have different takes on what is currently in place.

What should be the default? Bisq & privacy.

The mediators/agents are able to see the exchange only upon trade being escalated.
The discussions between traders is encrypted & gets deleted after certain amount of time.
Op-Sec is important.

Pazza · March 21, 2021, 1:45am

I think trade data should be encrypted.

It is not just a concern about data on your local machine. It is a concern about everyone else’s data being stored on a user’s machine.

Is it currently the case that potentially every person you have traded with will have your data stored on their local machine unencrypted?

bitsquareuser2306874 · March 21, 2021, 9:16pm

Is it currently the case that potentially every person you have traded with will have your data stored on their local machine unencrypted?

Yes, all Info of trade partner is unencrypted saved in plaintext forever. Not only limited to trader chat messages but also all account data and transaction ids and btc addresses used for trading. Bank account details, full name. I have opened \Bisq\btc_mainnet\db\ClosedTrades and found every trade from last years bank account number, email, telephone numbers of trade partners in plaintext. That is to give you view how it looks like, but you can always see yourself. Nothing special required. Notepad could even recover trade peers personal details. All sensitive information replaced with XXXCENSORED_XXX for reasons.

SEPA���������:�
>XXXCENSORED_BANK COUNTRY CODE_XXX"�
XXXCENSORED_Full name_XXXeXXXCENSORED_IBAN_XXXXXXCENSORED_bic_XXX*AT*BE*BG*CH*CY*CZ*DE*DK*EE*ES*FI*FR*GB*GR*HR*HU*IE*IS*IT*LI*LT*LU*LV*MC*MT*NL*NO*PL*PT*RO*SE*SI*SKzH
salt@XXXCENSORED_XXX*XXXCENSORED_btcADRESS_XXX"�#{
  "offerPayload": {
"id": "XXXCENSORED_TRADEID_XXX",
"date": XXXCENSORED_TIMESTAMP_XXX,
"ownerNodeAddress": {
  "hostName": "XXXCENSORED_XXX.onion",
  "port": 9999
},
"direction": "BUY",
"price": 0,
"marketPriceMargin": 0.005,
"useMarketBasedPrice": true,
"amount": 700000,
"minAmount": 300000,
"baseCurrencyCode": "BTC",
"counterCurrencyCode": "CHF",
"arbitratorNodeAddresses": [],
"mediatorNodeAddresses": [
  {
    "hostName": "apbp7ubuyezav4hy.onion",
    "port": 9999
  },
  {
    "hostName": "a56olqlmmpxrn5q34itq5g5tb5d3fg7vxekpbceq7xqvfl3cieocgsyd.onion",
    "port": 9999
  },
  {
    "hostName": "sjlho4zwp3gecspf.onion",
    "port": 9999
  }
],
"paymentMethodId": "SEPA",
"makerPaymentAccountId": "XXXCENSORED_XXX",
"offerFeePaymentTxId": "XXXCENSORED_XXX",
"countryCode": "XXXCENSORED_BANKCC_XXX",
"acceptedCountryCodes": [
  "AT",
  "BE",
  "BG",
  "CH",
  "CY",
  "CZ",
  "DE",
  "DK",
  "EE",
  "ES",
  "FI",
  "FR",
  "GB",
  "GR",
  "HR",
  "HU",
  "IE",
  "IS",
  "IT",
  "LI",
  "LT",
  "LU",
  "LV",
  "MC",
  "MT",
  "NL",
  "NO",
  "PL",
  "PT",
  "RO",
  "SE",
  "SI",
  "SK"
],
"bankId": "XXXCENSORED_XXX",
"versionNr": "1.5.3",
"blockHeightAtOfferCreation": XXXCENSORED_XXX,
"txFee": XXXCENSORED_XXX,
"makerFee": 5000,
"isCurrencyForMakerFeeBtc": true,
"buyerSecurityDeposit": 600000,
"sellerSecurityDeposit": 600000,
"maxTradeLimit": 1000000,
"maxTradePeriod": XXXCENSORED_XXX,
"useAutoClose": false,
"useReOpenAfterAutoClose": false,
"lowerClosePrice": 0,
"upperClosePrice": 0,
"isPrivateOffer": false,
"extraDataMap": {
  "capabilities": "0, 1, 2, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16",
  "accountAgeWitnessHash": "XXXCENSORED_XXX"
},
"protocolVersion": 3
  },
  "tradeAmount": 300000,
  "tradePrice": XXXCENSORED_XXX,
  "takerFeeTxID": "XXXCENSORED_XXX",
  "buyerNodeAddress": {
"hostName": "XXXCENSORED_XXX.onion",
"port": 9999
  },
  "sellerNodeAddress": {
"hostName": "XXXCENSORED_XXX.onion",
"port": 9999
  },
  "mediatorNodeAddress": {
"hostName": "sjlho4zwp3gecspf.onion",
"port": 9999
  },
  "isBuyerMakerAndSellerTaker": true,
  "makerAccountId": "XXXCENSORED_XXX",
  "takerAccountId": "XXXCENSORED_XXX",
  "makerPaymentAccountPayload": {
"holderName": "XXXCENSORED_XXX",
"iban": "XXXCENSORED_XXX",
"bic": "XXXCENSORED_XXX",
"email": "",
"acceptedCountryCodes": [
  "AT",
  "BE",
  "BG",
  "CH",
  "CY",
  "CZ",
  "DE",
  "DK",
  "EE",
  "ES",
  "FI",
  "FR",
  "GB",
  "GR",
  "HR",
  "HU",
  "IE",
  "IS",
  "IT",
  "LI",
  "LT",
  "LU",
  "LV",
  "MC",
  "MT",
  "NL",
  "NO",
  "PL",
  "PT",
  "RO",
  "SE",
  "SI",
  "SK"
],
"countryCode": "XXXCENSORED_XXX",
"paymentMethodId": "SEPA",
"id": "XXXCENSORED_XXX",
"maxTradePeriod": -1
  },
  "takerPaymentAccountPayload": {
"holderName": "XXXCENSORED_XXX",
"iban": "XXXCENSORED_XXX",
"bic": "XXXCENSORED_XXX",
"email": "",
"acceptedCountryCodes": [
  "AT",
  "BE",
  "BG",
  "CH",
  "CY",
  "CZ",
  "DE",
  "DK",
  "EE",
  "ES",
  "FI",
  "FR",
  "GB",
  "GR",
  "HR",
  "HU",
  "IE",
  "IS",
  "IT",
  "LI",
  "LT",
  "LU",
  "LV",
  "MC",
  "MT",
  "NL",
  "NO",
  "PL",
  "PT",
  "RO",
  "SE",
  "SI",
  "SK"
],
"countryCode": "XXXCENSORED_XXX",
"paymentMethodId": "SEPA",
"id": "XXXCENSORED_XXX",
"maxTradePeriod": -1
  },
  "makerPayoutAddressString": "XXXCENSORED_XXX",
  "takerPayoutAddressString": "XXXCENSORED_XXX",
  "lockTime": 669272,
  "refundAgentNodeAddress": {
"hostName": "3z5jnirlccgxzoxc6zwkcgwj66bugvqplzf6z2iyd5oxifiaorhnanqd.onion",
"port": 9999
  }
}*@

Conza · March 21, 2021, 10:57pm

Get that change on github asap.

Pazza · March 21, 2021, 11:59pm

Thanks @bitsquareuser2306874

This is not good.

If one user’s account is compromised it puts all the traders they have traded with at undue risk, and all the traders they have ever traded with at undue risk also.

Pazza · April 5, 2021, 8:40pm

I have opened an issue for this on GitHub: Encrypt or remove saved trader chats and trade data on local Bisq instances · Issue #5396 · bisq-network/bisq · GitHub