Privacy on Bisq explained

Bisq is all about avoiding KYC on traditional exchanges.
This comes in a nuanced way, as truly, undeniable private bitcoin can easily come from mining a block yourself, while all the rest takes work. Well, mining a block does take a lot of work as well, just a different kind :grin:

Privacy is a very multifaceted concept; not having to show your ID to register doesn’t mean you aren’t traceable anyway, so let’s delve deeper (the following might be boring for some, interesting for some others), I invite anyone to chime in and correct me, or add information, where they think it’s due.

==== BITCOIN NODE ====
First off: Bisq has its own P2P network (in which you fit in by connecting to “Bisq network peers”, the stat at bottom right in your app window) where it moves data specific to Bisq itself; and also uses the Bitcoin P2P network which is made of thousands of nodes run by people all over the world.
The former is builtin in Bisq, the latter you have some control over, by, for example, installing and using your own node to connect to the Bitcoin network. This will allow you to access the network by relaying requests only on your own service, without letting others infer your assets by the transactions you look for.

Easiest to install is Bitcoin Core, but it comes at a cost: it will take 500GB of your disk space (not just bitcoin core though, any full node will take as much space), so you need to have it to spare, the whole blockchain is that big now, and only going to increase with time. If you do it, Bisq will use this node automatically as long as it’s detectable on the same PC you run Bisq from. You are needed to enable peerbloomfilters directive with it, by adding the appropriate option inside the bitcoin.conf file under Bitcoin Core data folder. Bloom filter is a way for SPV (simplified payment verification) wallets like Bisq, that only store the last blocks in the chain instead of it whole (500GB and counting, remember?), to query the Bitcoin network for data in a more “private” way (go search for it if you’re curious, it’s an elaborate way to mask your sensitive data, that comes with increased data usage).
A node with bloom filters enabled can be open to DDoS attacks, so you can enable bloom filters just for the local PC, by adding to bitcoin.conf the following line:
whitelist=bloomfilter@127.0.0.1/32
followed by:
server=1
to enable the node to accept incoming connections from clients.

The next level is running a “proper” full bitcoin node, for example on a Raspberry Pi, but if you’re up to it I doubt you need this guide at all. In that case anyway, you will have to add the node’s info in Bisq from the Settings>Network info panel, by selecting Use custom bitcoin core nodes and filling in your node’s address:port.

==== YOUR FIRST DEPOSIT COINS ====
If you use Bisq to buy bitcoin, you need to have bitcoin first. The minimum security deposit can be 0.001 plus something for trade fees and miner fees, but actually in order to be able to take buy offers of 0.01btc (the most common, less markup-expensive kind of offer for new accounts) you would be better off with 0.003btc all inclusive (deposit + miner fees + trader fees). The result of your first trade will be used to cover the deposit+expenses for following trades.
So you “just” need to get yourself that starting amount.
You don’t want to use coins you purchased from exchanges, or the no-KYC appeal of Bisq will be lost.
You could use coins purchased from a no-KYC ATM (fewer and fewer around), that a friend of yours gave you, that you mined yourself (this gets more and more involved), or you can simply join the bisq#buy-bitcoin chat on keybase, where you will find several users who can give you some btc after you send them a payment first, with a payment method you both agree on.

=== MOST PRIVATE PAYMENT METHODS ====
Once you’re started on Bisq, you are faced with many payment possibilities (having many choices is always good).
For privacy oriented people, the methods that traders usually prefer are US Postal Money Order (only available in the US), face-to-face (F2F, which is private, yes, but poses other risks, namely going at a meeting where the other party knows exactly how much money you have in your pockets, so you would better choose a very open place with many people around), and Cash by mail (CBM, arguably the best of them all when it comes to privacy, and yet inducing the inevitable fear that an evil postman could steal your money, plus it might be costly to source the tamper proof bags and pay for insured expedited tracked and signed-for shipping, especially across borders; this is a recurring topic on keybase chat,
and not without merit).

==== TRANSACTION TRACEABILITY ====
You can follow the previous points to the best of your capabilities, and yet your privacy game wouldn’t be by far complete: even if your true identity is never, at any point, associated with a Bisq trade, the blockchain is sitting there, waiting for you.
Any transaction is publicly visible and traceable, and specialized agencies can track the movements of your every coin to decide, with a high level of confidence, which coins belong to the same wallet/individual.

Best possible practice (one which I would never follow myself, because it would be extremely inconvenient) is the following:

  1. send btc for your first trade from an external wallet
  2. when trade is complete, withdraw to another external address
  3. send btc for the second trade from another different external address
  4. withdraw to yet another external address
  5. rinse
  6. and
  7. repeat

You see, this soon becomes suicide.
If you, then, use BSQ to pay for trading fees (which you should definitely do, both for your own convenience, and for the good health of Bisq as a whole), then not even the previous steps will save you, unless you adopt an even stricter protocol for BSQ itself. Why, you ask?
You have one or more BSQ utxo’s (that is, coins) in your wallet, and when you use those coins to pay for fees, you get back the change to your wallet, change that is tied to the previous coin and the previous trade; if you use that change to fund the following trades fees, the so accurately unlinked transactions in the previous steps, will become linkable by having been associated on the blockchain with the recursive change utxos of your BSQ, hence with the same person.
Are you really going to get yourself new BSQ for each new trade?
Didn’t think so.

My best suggestion, to my knowledge, is make use of the convenience granted by Bisq wallet, and go along your chain of trades with no worries; then, when you have accumulated an amount that you are comfortable sending to your cold storage for good, use JoinMarket to coinjoin it and hopefully delete any previous traces.

Just be mindful that joined coins are not welcomed by exchanges, so if you ever need to sell those coins in the future, don’t send them to C@inB@se or B!n@nce or whatever, as they might get locked forever. And yet, if you need to sell btc, that’s what Bisq is for!

Have fun.

4 Likes

Hi @w000000t thanks for the great guide much appreciated. I think everyone should think from a privacy first mindset when using Bisq.

Here is a link to more info about the #buy-bitcoin channel in Keybase: Informal Market for Small BTC Trades - Bisq Wiki

Amazon eGfit cards is another way to aquire BTC with no KYC on Bisq. Payment can also be made using credit or debit card. For more info see: Amazon eGift card - Bisq Wiki

1 Like

Funny I forgot about egift cards… I had the hope, before my time actually using Bisq, that I could use the amazon code coupons you buy for cash at shops, but those are not allowed (obviously, I realized later) otherwise it would have been the ultimate privacy tool, albeit with limited fungibility

1 Like

Crazy how BSQ destroys your privacy.

Could one improve BSQ privacy by periodically trading all one’s BSQ for BTC, and then buying a different chunk of BSQ back? Would the multisig trade addresses that mix the buyer and seller’s coins provide any plausible deniability?

Haven’t thought too much about it, but I suppose you could break the chain by selling BSQ for BTC, and then using a completely different BTC utxo to buy another batch of BSQ.
This way, your consecutive trades on Bisq will be onnly associated together per BSQ batch.

Nice summary of some of bisq’s privacy concerns. I made a proposal Federated trade fee aggregators · Issue #329 · bisq-network/proposals · GitHub for a different way to pay the fees which should reduce number of txs and would also limit onchain traceability. I still think the link between bitcoin outputs from one trade to the next is the main issue, but as mentioned, the BSQ fees are also a problem.

I’ve read that thread on GitHub, from my own low skill level point of view, and it does make sense.
It would introduce some new weak points, but getting rid of bigger ones, in my opinion.
It’s also clear it didn’t get much traction, too bad there’s a developer shortage for Bisq… I am lowkey thinking about learning Java from scratch exactly for that purpose, I might get some fum + additional income :grin: