Local Bisq

zhaos · July 16, 2018, 4:36pm

Dear developers and community,

Bisq brings users a better service than other exchanges : with built-in Tor, no central server, no identity check and so on.

Despite this I see reasons that would limit adoption :
-users have to enter and share bank details : this is a worry and demands trust
-trades of national currency go through banks : there is not much anonymity there, what about censorship resistance ?
Have you thought about a local functionality : money exchange in the street while deposit and bitcoin exchange over the network ?

greetings,
zhaos

Homard · July 16, 2018, 4:47pm

There were recent discussions on the slack about F2F exchange.
atm nothing is implemented in Bisq, but yes there are thoughts.

ManfredKarrer · July 16, 2018, 6:10pm

There are rough plans here:

github.com/bisq-network/proposals

Enable face to face (F2F) trade in Bisq

opened 09:11PM - 02 Jun 18 UTC

closed 08:25PM - 05 Oct 18 UTC

ManfredKarrer

was:approved

Enabling face to face (F2F) trades like offered at LocalBitcoins is an often req…uested feature but has not been considered to be added because Bisq has a different security model compared to LocalBitcoins and with our model we cannot provide sufficient security to make F2F trades safe. E.g. LocalBitcoins uses ID verification and reputation. Bisq uses the security deposit and the arbitrator as security protection which both would not help much in the context of a F2F trade. Though there might be an interesting idea to allow us to support F2F trades. ## Basic idea It is based on the game theoretical idea of "mutual assured destruction" which is basically just the idea that if both traders do not come to a cooperative result both will lose all what they have put in the trade (e.g. trade amount and security deposits). That model was actually used in the very first concept of Bisq and is used in some other projects like BitMarkets and BitHalo/Nightrader. The reason why we went away from that model was because [Adam Gibson](https://twitter.com/waxwing__?lang=en) found a severe risk for a blackmail scenario. In short, there is always an asymmetry of the max. loss of each trader due to the fact of the non-atomic exchange on the fiat side. That enables that one trader could blackmail the other who has more to lose to agree to a different payout result as it was originally agreed on. An economic rational trader getting blackmailed in that way would agree to the changed payout to have less financial loss than if he would stick to the original contract and risks that his funds will be locked up forever. This risk is specially serious in the context of an anonymous global online market. But we do not suggest a pure "mutual assured destruction" model (based on 2of2 Multisig) but rather to use our existing arbitration system to add more flexibility and to reduce the blackmail risk. ## Assumptions ### Physical access changes risk situation People meeting physically have a different risk exposure compared to the anonymous online market situation. E.g. The possibility of physical access makes unscrupulous behavior less likely. We can assume that the risk of a blackmail is much lower in such a context. Of course physical access comes also with new forms of risks (robbery) but that has to be mitigated by the selection of a safe public meeting location. The general risk for violence in a certain country has to be taken in consideration as well. ### Unclear strategy of arbitrators There is no guarantee that the funds will be locked up forever as the arbitrator can do the payout as he thinks it is fair and/or at any time in the future. The threat that the funds are lock up forever is not a strong motivation anymore for the blackmailed person to agree to an altered payout. He rather would try to convince the arbitrator for his side. If those assumptions holds we could use that model as basic protection for F2F trades. ## Details ### Payment method The payment method will contain an email and/or mobile number field which will be used by the traders to exchange the details for arranging the meeting place. Beside that there will be the location data (country, city, maybe map coordinates). In a first version it should be a basic feature but could later be improved by implementing a map to set the position of the trader. Though exact positions of the traders address have to be avoided for security reasons. Maybe we should add "terms and conditions" the users can define. At LocalBitcoins they often require ID verification of the peer. That should be done only in person to avoid risk of identity theft. ### Offerbook Offers for F2F trades will display additionally the location. In a first version that can be added to the payment method info. A filter option to search for traders by country and city would be good as well. In a later version we could implement a map to look up nearby traders. ### Trade process Once an offer gets taken both traders get in touch by email or mobile and arrange a meeting place and time. We could consider that both traders bring their laptop and do the trade process similar like with an online payment. Though the additional risk for theft if they might have more BTC on their wallet as well as the inconvenience and risk to carry the laptop represents some downsides with that simple approach. They could alternatively meet without any laptop and just do the Fiat transfer and when back home do the confirmation in Bisq for the Fiat sent and received events. That would reduce the risk of theft to the Fiat amount but it does not feel very safe to hand over Fiat without getting immediately anything back in exchange. We could require a hand signed contract so both would have at least some form of evidence. Better would be a digital system which is integrated with the Bisq trade process. LocalBitcoins uses Secret codes to be exchanges by the traders but I am not sure if that adds really much protection. Ultimately there is no solution as the Fiat transfer is not an atomic transfer in exchange to a digital transfer of a signature. The best we can achieve is to bring the moments of both events close together. Another approach might be to combine a repeated partial payment with repeated confirmations via a mobile app. E.g. if the trade amount is 1000 USD the BTC buyer could start to hand over 100 USD to the seller. Next step is that the seller confirms on a mobile app the receipt of 100 USD. Then the next 100 USD will be handed over and then confirmed again. That will be repeated until the final amount has been transferred. It would lower the risk that the peer can run away quickly with the money without confirming the receipt. The receipt could be done as simple email to the BTC buyer or via any messenger app. The proof is not strong but at least it adds difficulty for a potential scammer to fake those messages. Best would be a mobile App which is connected to the Bisq trade and provides signed and encrypted messages. But that is too much effort for a first version. It is also questionable if people are really that paranoid and use that repeated payment method or prefer to hand it over in one part and then do the confirmation. That area needs more though how to deal best with it. For the most simple version lets assume there is a paper contract signed by both traders. ### Dispute The arbitrator cannot help much in case of a dispute as in most cases there will be testimony against testimony and he cannot get a reliable proof about the transaction. So the standard resolution of any F2F trade disputes will be that both traders will got frozen their funds forever. Though they have the option at any time in the future to still come to an agreement and then tell the arbitrator to do the payout according to the result both have agreed on. The arbitrator can also choose to make whatever payout he thinks is fair according to the testimonies of both traders. This option makes blackmail even less likely as there is no guarantee that the funds will be kept frozen. Also the blackmailing person will have likely higher risk to lose the case and the arbitrator decides in favor of the other peer. ID verification can be required as well from the arbitrator - a request scammers usually don't want to follow. One problem is for sure that the dispute resolution adds much higher pressure to the arbitrator as he will not have a tamper proof evidence. But as said to not do the payout at all is a valid default option for the arbitrator. Different arbitrators might have different policies how to deal with disputes which again makes blackmail less likely as the arbitrators strategy is hard to predict. It can be expected that real disputes are super rare (as with online trades) but most cases are caused by usability issues or bugs. For those cases the resolution process will work like any other payment methods. ### Police report In case of theft or blackmail attempt the victim can file a police report and present that to the arbitrator. This will have a lot of weight in the dispute process as it can be assumed the the scammer will unlikely go to that step to trick an innocent peer. ### Security deposit It will require more analysis how the security deposit should be set for F2F trades and it will depend on the model how the Fiat transfer will be executed. ### Risks and warnings The risks and different rules for dispute resolution have to be very clearly presented and accepted by both traders. ### Test run We could add that payment method as experimental for a test run to see how it works in reality and see how much demand exists for it. Before that it would be good to make a poll to see how much demand is really there for F2F trade. The still limited volume on Bisq will be an even bigger issue when it adds a location limitation as well. ### Implementation effort Depending on the open questions regarding the fiat exchange process the implementation effort should not be very high. It is mostly UI work and does not require any deeper changes for a fist version. For map integration though the effort will be higher but that should be left for later after a test run has shown how much demand for that payment method exists. ### Request for more research I think we should add more research about the usual issues with F2F trades on LocalBitcoins or other platforms. - What are typical scam scenarios? - Which protection mechanisms are used? - How do traders protect themselves? If anyone can volunteer to do that research or if anyone has first-hand experience please add it below!

But I fear main problem will be that it is even harder to bootstrap markets as they are locally more restricted. Security situation is different, and not clear if better or worse. Probably depending mostly on country…

alexej996 · July 16, 2018, 8:42pm

In future maybe some arbitrators would be willing to observe an exchange in person or over a camera feed, that could help with disputes, but of course none of these solutions are as good as for other already implemented payment methods.