To increase privacy I wonder whether it would be possible to use fantasy names or only initials for the recipient name in SEPA transactions. Has anyone tried it yet?
edit to make this more clear:
Banks are not required anymore to check the recipient name. Could be that they still do it nonetheless. If this would work it would mean the coin seller would not have to give away his name but only his SEPA number.
This is ânot allowedâ in Bitsquare. Itâs a (small) protection against man-in-the-middle attacks. Youâre in fact breaking the contract and if an arbitrator would learn about it, he could decide against you.
Itâs obvious this doesnât fully protect against mitm attacks but it creates a little more friction for scammers.
Edit: I understand that you rather wouldnât share your real name. Sharing your name shouldnât be much of a problem compared to centralised exchanges. In Bitsquare you only share the name with your trading partners. On traditional exchanges youâll never know what happens to your data. (cloudbleed)
I guess it wouldnât take way too many offers then to identify majority of Bitsquare users. I am not sure how this is protecting from mitm attacks, but if it is a small protection as you say, it could be worth the risk. Is this something that could be reconsidered in the future?
@marc
I donât see either how that could help protect from a MITM attack. Do you mean because you would have to change two strings instead only one (bank account number and name)?
Where can I read up on the rules? I could not find them.
But the buyer could not even tell if the name is correct or not (assuming the bank does not check it).
Maybe we could figure out a way to hash the name to a fantasy name. harrypottername(sha256(name)) so that in case it should become necessary you can prove it.
It probably doesnât help much protecting from MITM attacks. I was thinking along the line that an attacker would have to wait with opening an account in Bitsquare until a fish is on the hook. I guess it makes no difference if itâs just the name or name+IBAN.
What would protect from MITM attacks, though, is to use distinct payment reasons like âpayment from bob to alice for flowersâ. With a payment reason like this a potential victim should be alerted.
Please join the discussion here: https://github.com/bitsquare/bitsquare/issues/373
I think I mixed things up.
Name and SEPA go into the trade contract, though. You can see contracts in the trade history by clicking on the âiâ, for example.
When a trade goes wrong for any reason, the arbitrator will demand proof that you made a payment, or did not receive a payment. If you fail to prove youâll lose your funds. You might run into trouble when names donât match.
MITM protection as discussed on github is important and something like the flowers thing sounds like a good idea (as long as it is still casual enough not to make transactions easily flaggable). It is mostly a different topic, though.
I donât see how the name in the SEPA transaction can make any difference for the arbitrator but I have not yet to any complications at all.
This is ânot allowedâ in Bitsquare
So is this true or not? If yes where does it say so, I can not find it. Besides this I think initials only as SEPA name should be fine.
I read the discussion marc pointed out and I think this could perhaps be avoided by using reason the seller specifies to avoid patterns (could still have recommendations for sellers).
Yeah, adding a privacy for sellers is a plus, I think it should be allowed.
Hi all,
I am quite new to bitsquare.
Monday I sold 0,2 BTC. Today I received the money on my bank account.
The bitcoin buyer âHolder nameâ that appears in bitsquare is different compare to the SEPA holder name.
What shall I do?
The bitsquare SW shows a window with the following msg:
âplease verify that the sender holder name in your bank matches that on in the trade contractâ If not âplease donât confirm but open a disputeâ.
What shall I do?
Is it a minor issue or not?
Thanks in advance.
regards
Please open a dispute by cmd+o.
Itâs up to you. As I learned in previous discussions the name is not really relevant and not helping to prevent attacks. But it still could be an attack (MITM).
Effectively the other trader broke the contract. If you open a dispute, he should be losing his security deposit. Depending on the size of the trade it makes more or less sense to pull such an attack. I learned that 150⏠to 250⏠is a typical amount.
That being said, no one ever tried that on Bitsquare before.
I think I would let it slide. If you decide youâd rather ask the arbitrator, you can use cmd/ctrl+o to open a dispute before the trade time runs out. Please do this with the relevant trade selected.
Thank you very much for the quick answer.
In the meanwhile I check (I searched in google the sender string) and the sender seems to be a corporation active in bitcoin ( I omiss the name in this public forum, but I can send it private).
It is not clear to me, what they are trying to do? (If it would be a MITM attack)
(I still have 5 days remaining)
thanks
it is probably nothing critical, but i can tell the peer if you open a dispute. otherwise he will repeat using a incorrect account.
@kino I have done successfull transactions with the SEPA names being obvious fake names in bitsquare. I think this âruleâ should be changed.
edit to clarify: the fake names where from the other side!
@marc You sound as if you had changed your opinion, maybe you could change the second post in this thread to reflect this? For a casual reader it looks like it is forbiden / does not work while it actually does.
To be frank I would never put my real name in a SEPA account within bitsquare as it is just not necessary.
Please note it is forbidden to use a fake name! You should have opened a dispute and if you use yourself a fake name you risk that others open a dispute.
There are social engineering scams (described in Github and on other threads here in the forum) we want to protect against with the cross check that the data form the bank receipt matches the data in bitsquare.
The privacy with bank transfers is anyway broken as most banks show the data at the receipt.
I assume there might be banks which check also the name and if it is wrong make problems with the transfer.
To discuss the change of this rule for sellers is why I started this thread. As a matter of fact, recipient names are not checked for SEPA transactions. It is impossible to prevent malicious actors to e.g. have somebody send âa service fee to mircosoftâ because the receiver never sees the SEPA recipient name.
I am not sure the name field for sellers can be of any use but maybe we can come up with a standard protects privacy. Note a bank clerk / police can still look up the name belonging to a SEPA account.
For example: Use initials. Use a hash. Use a deterministic fantasy name (âharry potter name generatorâ) derrived from the real name or from the account number or from the transaction number.
I have opened a dispute. Letâs see.
Had to look it up. Love it 
Whatâs preventing people from putting any name they like in the name field? Seems like including a name is worse than not. If people are told they have to put their real name it creates a false sense that indeed the name youâre seeing is legit.
Most banks show the name of the sender. If that does not match with what you have setup in Bitsquare the trade will end up in a dispute. In future there will be one warning and if a user still does not follow the rule he will lose his security deposit. There are social engineering scams we need to protect against. See other threads and GH thread about thatâŚ
This one, I assume? https://github.com/bitsquare/bitsquare/issues/373
Thanks for your patience in explaining this. Since I almost never use it, when my phone rings I know thereâs a 90% chance itâs a scam, so itâs hard for me to even imagine such an attack.