I thought further on the issue…
What about that:
When making an offer you can decide to support direct contact by email. If so you require for your offer that the taker delivers his email address and u need to provide it as well. But it is optional and the email is stored in the account for re-use. You can define at per-offer base. The email will get exchanged int he trade process like the other account data.
The offers in the offer book will have displayed an icon to indicate that direct contact is required for that offer.
Additionally we could provide a tool for uploading a selfie with one’s id card holding next to the face. This photo gets watermarked and a bit distorted and we add some graphical elements (e.g. the Bisq logo) in a way which makes the image worthless for identity theft. Additionally we can render the trade ID over the image in the moment before it gets exchanged with the peer. So the image the peer receives is tagged with that trade. The image will only be exchanged with the peer not with the arbitrator, though the arbitrator could request it from the peers if needed and if they agree to deliver it.
The user only needs to upload the photo to the app (stays local of course) and the app renders the modified image and stores it in the account. The id card need to be a governmental issued one like passport of national id card.
Again in the offer the maker can define if they require an id card image or not. If so, the id cards get exchanged in the trade process same as the bank detail data.
And the offer in the offer book gets marked with an icon indicating the id card requirement.
Of course that all is only for those payment methods which have charge back risks.
What do you think? Do you see open risks with faking the selfie? I think with the photo it gets harder but of course it is not 100% safe. But a seller who wants more security can always require the email contact and can do the id check as they find sufficiently secure.
We can define that min. requirement for such a p2p id check and if a peer requests too much the peer can reject and the arbitrator would refund both in such a case.
I think that would give people enough option between privacy/convenience and security to choose from.
It is a bit of effort to implement so I am not sure how fast we can deliver that. But I wanted to get feedback first. mMaybe someone has a better idea or see some flaws in it…