Privacy concern


#1

If complete history is visible for each Bisq node then this is affecting the privacy negatively in my eyes.

Just a theoretical scenario:
Bisq user U had transaction selling 0.25 BTC for €1751.37 at timestamp t and receives the Euro on his SEPA account. He forgot to mention this trade on his tax declatation. Earlier or later the finance administration will scan the decentral exchanges and will find a transaction with €1751.37 at time t, the same they saw already on U’s bank account with purpose “AB34HFK” which they didn’t understand in the first place.

Already now there are companies offering to public administration services to translate the Bitcoin addresses into real names and those or others will do the same with bisq & friends.

My questions:
Could the history be encrypted/hashed, something where the node has a kind of prove that the transactions happened but showing only the own transactions in clear language?

Thanks, Torte


#2

This timing attack is a general problem for computer privacy. It isn’t 100% reliable and I am not sure if it is considered as proof in most courts, but it is widespread across privacy platforms, from Tor to Bitcoin and Bisq.

It known that Tor can’t protect itself from this, at least not without slowing down the network considerably which would cause users to stop using it as much. Decreasing the privacy even more by having a smaller network.

Bitcoin can soft fork to have confidential transactions like Monero, but that will likely take some time before it gets implemented.

Bisq uses Tor for P2P network and Bitcoin for it’s blockchain. I don’t see any solution for Bisq to increase it’s privacy without these two upgrading their own.

As soon as the offer gets taken on Bisq network, you can see a specific multisig transaction happening on a blockchain with same values and a bank transaction with same value before that multisig gets unlocked on the blockchain, there isn’t much Bisq can do about this as far as I can see.

If Bitcoin starts supporting some kind of confidential transactions in the future then Bisq can use these, but I think you will still be able to notice that the offer with a certain fiat value has been taken (otherwise you would still see it as available) and you will still be able to correlate it with a bank transaction.

So your questions makes sense for Bitcoin transaction part, that could be improved with a soft fork in future when Bitcoin decides it. But from fiat transactions, unfortunately not. We will need to implement a cash payment for that to work.


#3

Thanks. See your point on the cryptocurrency side (minor issue because amounts are often the same, e.g. 0.25 BTC), but not on the fiat side (amounts are usually not repeating)

Another privacy issue example:
Assume a bisq users bank gets hacked or a corrupt employee E tracks the bank transfers and compares with the open history in bisq (–> Market --> Trades --> Currency=Euro). E see’s on my bank account €1751.37, the same amount he see’s at bisq for the same day. E monitoring and knowing earlier or later who received a lot of Bitcoins (and knows from the bank the home address) and sends his friend F with a gun to the house of the bisq user collecting the private Bitcoin keys.

Earlier or later officials, hackers or corrupt employees will analyze the open bisq history (assuming more and more people deal here) and get private information out of it which could kill bisq on the medium/long term.

So why is the trade history with fiat amounts visible to all? For my personal trades it would be enough if only myself plus my trade partner can see it and the others only their own trades (related to exact fiat amounts).

Is there a technical reason that all fiat amounts are public or could this be obfuscated for the public?

The argument with the court not considering the matching amount as a proof is a weak argument in my eyes. It’s not a clear proof but it’s the trigger to ask questions that have to be answered and without the open history nobody would have any questions in their mind (= improved privacy).


#4

I agree it is an issue, I just don’t see a solution for it.

Yes, you can’t hide this trade history as the network is distributed. Every client needs to know the amount of every offer and if it is taken, otherwise you wouldn’t know if you want (or can) take the offer or not.

If the offer gets taken while you are online and you witness it disappear, you will know the BTC amount and price in fiat that is being transacted. Same as you do when you look at the global trade history.


#5

Understand the point… . Guess under the following circumstances we can mitigate it in future from user side:

  • Much more trades
  • Not using % but fixed price in order to get round and recurring fiat amounts, e.g. 1500€, 1000€…

For this I hope that bisq has no unsolvable scaling problems…


#6

One possible mitigation for users would be to use multiple bank accounts and/or transactions. bisq could potentially let the buyer break up their side of the payment into chunks and have different codes for each chunk so that no one code adds up to the exact fiat amount of the deal.

I also like the round fiat amount idea, which is similar to one part of how Phore facilitates anonymous transactions. I would suggest a different mechanism for it though–let a seller make an offer for a variable/% based amount of bitcoin for a fixed fiat amount, letting the amount of bitcoin fluctuate rather than the fiat, setting a maximum limit of bitcoin so that the person selling knows that they have enough bitcoin. Set standard fiat denominations like $250/$500/$1000/$2500/$5000. With enough volume, it would be harder to trace which bitcoin address is yours when there are a bunch of similar fiat transactions all happening within the same timeframe.


#7

Had some thoughts and calculations (with real bank data) on this and my conclusion is, that it’s not important that all bisq users use repeating trade amounts like $250, $500 … . It’s useful that bisq traders use those amounts the other million people use in bank transfers quite often. So the data base are all dollar bank transfers between your bisq trade and 24h after. To avoid time/amount attacks you don’t want to be the only person using a specific amount at this timeframe. You want that the same amount is repeating as often as possible in your currency space. Here the method (working without program code change) how to have 700-1000 times more often (calculated for Euro area but for dollar it should be similar - not for small country currencies) the same amount you used, so linking your fiat identity with the bisq trade is nearly impossible:

  1. Only full dollar amounts, 0 cents
    This causes that nearly 39 times more people use exactly the same amount on average as you. Because bisq is not offering enough BTC decimal places this can be reached by using a fixed price (you might need to adjust the exchange rate a bit to get 0 cents, this is the cost for the privacy).

  2. Do the fiat transfer on the first banking day of the month
    At least in the first six days of a month. This causes that on average about 5 times more people use the same amount in the 24h time window.

  3. Use amounts where the first digit is a 1
    You gain factor 3.5. This sounds silly but google Benford’s law and you’ll understand. So a 1000€ deal is much much better than 987.74. The second best first digit is the 2 by the way.

  4. Fiat value not too high
    Smaller amounts (e.g. between $100 and $200) occur much more often than larger amounts (above $1000) in bank transfers. So you might split a trade into more than one for privacy reasons. Gaining factor: depends on the specific numbers, I use here as factor 2 (which is probably far too low)

Bottom line this is what you gain applying the first 3 rules:
On average you will hide your fiat trade amount under nearly 700 (=39*5*3.5) times more clone amounts than an average trader. This should be by far enough to avoid the fiat amount can be linked to the BTC trade. Using as well rule number 4 you can expect to increase the gain factor to significantly above 1000.
Compared with a bad choice like $987.74 the factor is about 60.000 times which will mean in practice that a person using such amounts probably will be the only person using it at the same day (or less than a handful). The link is now an easy one.

From Bisq code side it would be an advantage to support this in future releases to make it easy to get full dollar 0 cent trades and to promote (as recommendation not a must) any amounts obeying to the rules above. But as said before, everybody can start immediately. If not waiting to the 1. of next month you still can gain today the factor 136 by using rules 1. and 3. The smaller your currency area is, the more rules you should use, if you want to have the fiat side private (today and in future when a hacker cracks your bank and sells the data).

P.S: This is the result high level. If someone is interested on the math behind please send me a PM in case this exist here in the board…


#8

Would you like to open a Github PR for the feature to round the fiat amount so there are no decimal places in the trade statistics? I think that is easy to implement and has no side effects I am aware of. The other points I think are more problematic/complicate/inconvenient and will not generate so much extra value.
Never forget biggest privacy risk is on the Bitcoin side with chain analysis. That is hard to fix as long Bitcoin itself does not provide better privacy. User can control if with lot of effort but most are not skilled enough or prefer convenience.


#9

Just opened a pull request. I am only a little hobby programmer and not so familiar with Java and all the bisq code, so I wrote the request into the file as a comment, which I suspect is the right place… .


#10

Eventually we will probably need to look at Lightning Network and if it is possible to integrate it with Bisq.

Using LN chain analysis kinda becomes impossible.
Of course there are other benefits from using LN as well that will make this quite useful to explore.
I am just not sure how it would work with Bisq, since Bisq already uses a 2-of-3 multisig.


#11

I am not much up to date but the OpenBazaar guys always complained that contracts based on multisig is not really working over LN. So it likely will require a complete new concept of how to secure a trade.


#12

I support the idea of using standard denominations of fiat, or at least limiting transactions to ‘round numbers’, in order to reduce the fingerprintability of transactions.

Dash’s PrivateSend function could provide a solution to the blockchain end of the equation. To prepare funds for private transactions, a wallet’s funds are broken down into many addresses with standard denominations of 10, 1, .1, .01, and .001, and then mixed in a manner similar to coinjoin. With this flexibility, round numbers of fiat could be paired with privatesend denominations, greatly reducing the fingerprintability on each side of the transaction. Where appropriate, the advantage goes to the market maker, of course.

I’m very hoping the next release of dash will introduce .0001 as a denomination also.

Dash can be used as a base currency in bisq, but I since I last checked the privatesend function is not built into bisq.

It’s possible Bisq could leverage this functionality. Combine that with standard denominations of fiat, and a good solution could be achieved.


#13

Bisq should not publish real amount traded if possible so that banks cant corelate. Pick a random number between -%5/REAL AMOUNT/+%5 and publish that.


#14

Yes we are considering to add a change there. It must be at the offer creation/taking so the fiat amount will be rounded. But it requires a bit more thought for all details so it will not go into the upcoming release but probably the next one