After further discussions I think it is enough to make one message on the social media account and with that the users can proof to have access. The link to that message will be then stored to the users account and transferred in the trade process to the peer who can check it. So it is not needed to do it at each trade. The social media account need to match the name (not exactly but enough to be unlikely a made up account - e.g. mkarrer is ok for Manfred Karrerm but mk or manfredk not.
Alternatively platforms like keybase or Bitrated can be used. There the link to the profile is sufficient. The profile need to match the name.
Also it is only required to do it if the payment account is new (< 1 or 2 months).
In future we could even do the verification of that posted message automatically (like keybase is doing it), at least with a few mainstream channels like twitter it should be not too much effort (though will have some detail challenges as we want to use Tor and those mostly use cloudflare which blocks tor with captchas…).
I am not sure yet if the 2FA check of banks can realistically be implemented. We would need a database before and I fear that will be difficult to render (too many banks).
Maybe we can add a blacklist of banks known to not have 2FA, should be the minority anyway…
Btw:
Only the buyer is the risk so the seller does not need to provide anything.
So lets look at some detail use cases:
Case 1 Maker is buyer:
- Check if users payment account is older than 1 (or 2) months.
1a: Yes older: Nothing is required.
1b: No, new account: He gets displayed a message to add optionally a social media account and post a predefined text (e.g. hash of his account data + secret). That need to be done only the first time.
Lets skip the email address exchange, it is probably not needed and might cause more problems as it solves.
The taker can see in the offer book that the account is old or new and if new, he sees an icon for “social media 2FA” and/or email. Colors signal risk (red, orange, green…)
The taker gets in the trade process before he confirms receipt the link to the social media message (if provided) and the message what should be there. So he checks if that matches. If so all is ok, if not he should call the arbitrator.
Repeated trades with same user dont need to re-check again.
Case 2: Maker is the seller:
He get asked if he requires social media account check if the taker/buyer has a new account.
We add the decision to the offer and it will be displayed in the offer. Only traders can take the offer who have an old account or who have a new account and have set up their social media 2FA. If they have not yet they get instructed to do so if they want to take that offer.
For ClearXChange the email address is anyway exchanged as it is used as the account ID. We display a popup with warnings that the seller should get in touch with the buyer and verify if the owner of the email is the same as the one of the account.
We include a warning regarding phishing, id theft, malware and social engineering. If users demand thing what is not allowed (e.g. ID card) the peer should open a dispute.
The account age check and optional social media 2FA is the same as above.
The email contact is just additional and optional and as it is anyway exchanged no extra loss of privacy. People are doing it anyway to check the peer by email. So we only make it more clearly defined.
I think that is an acceptable solution to maintain usability and provide some additional level of security which adds hopefully too much friction for scammers to use Bisq.
Of course it will never give 100% security but that will not be possible anyway even KYC could be tricked.
What do you think?