Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add option to make trade 'reason' less obvious #2869

Closed
rexi1e opened this issue Jun 4, 2019 · 69 comments
Closed

Add option to make trade 'reason' less obvious #2869

rexi1e opened this issue Jun 4, 2019 · 69 comments

Comments

@rexi1e
Copy link

rexi1e commented Jun 4, 2019

Its pretty easy for a bank that has recognized the format of a Bisq trade "reason" to identify which its customers are trading bitcoin with Bisq.

Could you make an option for the user to pick a randomly-generated trade reason that's less obvious?

Maybe source a couple hundred reasons from Venmo's public data or something and then randomly pick form that, or something...I dunno

@rexi1e
Copy link
Author

rexi1e commented Oct 6, 2019

A presenters at HCPP mentioned Bisq as great KYC-free option to trade bitcoin, but their reason for not using was this.. Also many users having issues with Revolut, probably for same reason

You know this endpoint show latest public Venmo txs. Check message values for some ideas ;)

@ghost
Copy link

ghost commented May 9, 2020

Here is the export of messages from the mentioned Venmo endpoint:

"Miss you",
"Groceries",
"Virtual coffee date!!!",
"To help w/ your bills this month",
"Thanks for everything you do",
"Rent's due, dude",
"Takeout > Going out",
"Thank you, friend",
"Pizza for din. And bfast too.",
"You got this",
"Dinner",
"Treat yo self",
"Grab a snack on me!",

@ghost
Copy link

ghost commented May 9, 2020

And another one https://github.com/sa7mon/venmo-data it looks juicy, but I was not able to download the dataset.

Also there is the study where they have extracted the data for: https://www.rpubs.com/toehmler/559525


Another one is: https://github.com/erikgregorywebb/datasets/blob/master/venmo-public-payments-raw-2019-01-01.csv

But there is a lot of emojis, that are maybe hard to type (I would like to stick to plaintext). And also there are some quite akward messages like:
"Best head of my life✊🏾🍆💦😛"

Here is polished list of transaction messages found in this dataset: https://gist.github.com/petrhejna/84a5718ae1426448b851b8091cfd87c8


I would even say, we need to generate our own dataset (do some copywriting). Not sure if data from Venmo can be used.

@cd2357
Copy link
Contributor

cd2357 commented May 10, 2020

I don't think much can be gained from such a change.

Best case, it keeps privacy relatively unchanged but uses up dev resources to implement, test and spend time deciding on all kinds of new edge-cases:

  • include emojis or not? some bank UIs do not allow that, having payment descriptions with emojis would look suspicious
  • what is a good min/max length of the message? some bank UIs limit that, people might not be able to use the "payment reason" which Bisq assigns to their trade
  • what is a good character set? allow special characters? if yes, which ones (for which languages)? again, some online banking UIs do not allow much flexibility there, and people might not be able to type them in
  • localize these messages? or just keep them in English? if localized, which "locale" to use when 2 traders using different locales trade with one another? enforce the EN word list even when 2 users with the same non-EN locale trade?
  • etc

Worst case, it actually decreases privacy and could introduce more issues:

  • what to do about payments to-from same non-English speaking country? like from a bank account in Italy to another one in Italy? if an account has many such payments (perhaps trading in a local community?), when it is clearly unusual for locals to use English descriptions, well that might look suspicious
  • how about a family account (owned by both people) suddenly having transactions with "Hey missed you" as description?
  • traders currently use the payment description to match payments to the trades with that ID, if the description starts becoming some new random string or expression ("Rent for this month" etc), it will be much harder for them to decide which payments match which trades, and could cause lots of new support cases + unfinished trades + trades ending up in mediation. Especially for traders who don't do just 1-2 trades per month, but several per day, or several per week.
  • etc

As mentioned in #4249 (comment) I'd say the current approach is good enough.

@ghost
Copy link

ghost commented May 10, 2020

That's fair point. Ill suggest to close the issue with this.

@dmos62
Copy link
Contributor

dmos62 commented May 14, 2020

To continue from what @peterzen said, we could examine the mentioned "reason for payment" dataset to see what are the most prevalent and "neutral" reasons for payment (e.g. "Payment for #123123ABCD") and choose a few based on that. In other words, data-based search for how to get a needle-in-the-hay-stack effect. Making the "id" strings more varied is important either way: only using the uid string is suspicious, but having no variation in how we generate that uid makes all Bisq trades interlinked.

@peterzen
Copy link
Contributor

It's important to keep in mind that there is a wide variation of traded amounts, and the provided payment description should be consistent with the value being transmitted - e.g. labeling a $100 tx as "Brunch #1234567" or a $25 tx as "Skiing contribution #123456" will stick out if manually being looked at. This makes it difficult to use any dataset, especially the aforementioned payment provider's whose users typically transfer very small amounts.

Another issue with the above kind of strings is that they're not natural and won't stand manual scrutiny: in person-to-person bank transfers people rarely use long IDs. To get around that, one option might be to let the user posting the offer manually edit the payment description, which would thus be available to the moderators. With this approach traders could use reasons that more naturally fit their own usage patterns.

@sqrrm
Copy link
Member

sqrrm commented May 15, 2020

@peterzen I think this is the most reasonable one, letting users set their own string. Uniqueness is required though to disambiguate different trades if they go to mediation, perhaps not a simple task unless you just add the normal trade id after the string.

@peterzen
Copy link
Contributor

@sqrrm The payment description could be decoupled from the trade ID, though, no?

@sqrrm
Copy link
Member

sqrrm commented May 15, 2020

The string that's added to the payment on the bank transaction is what's used to verify that the transaction is related to the bisq trade in question when the case goes to mediation.

@dmos62
Copy link
Contributor

dmos62 commented May 15, 2020

@peterzen it was pointed out that mediators need the trade ID in the payment description: #4249 (comment)

I almost agree about recipient-specified payment reasons. Though, is it possible for a payment reason string to be good for the recipient and bad for the sender? Like specifying that recipient is buying something that's legal for him to buy, but illegal for sender to sell. Can a sender then cancel the transaction?

If that weren't a problem, I'd like to see the payment reason being made up of the trade id (which, again, should be more search resilient than it is now) and a custom prefix or suffix (e.g. "Prefix specified by recipient #tradeid").

@peterzen
Copy link
Contributor

The string that's added to the payment on the bank transaction is what's used to verify that the transaction is related to the bisq trade in question when the case goes to mediation.

As the mediator sees both the trade ID and the payment reason they're able to verify the bank tx against the trade.

@peterzen
Copy link
Contributor

@peterzen it was pointed out that mediators need the trade ID in the payment description: #4249 (comment)

I almost agree about recipient-specified payment reasons. Though, is it possible for a payment reason string to be good for the recipient and bad for the sender? Like specifying that recipient is buying something that's legal for him to buy, but illegal for sender to sell. Can a sender then cancel the transaction?

This is indeed a tough one - going down this manual editing route would add a boatload of unwelcome complexity to the process.

@peterzen
Copy link
Contributor

@peterzen it was pointed out that mediators need the trade ID in the payment description: #4249 (comment)
I almost agree about recipient-specified payment reasons. Though, is it possible for a payment reason string to be good for the recipient and bad for the sender? Like specifying that recipient is buying something that's legal for him to buy, but illegal for sender to sell. Can a sender then cancel the transaction?

Having spent more cycles on this, a potentially simpler method seems viable: if the user posting the trade is able to specify the payment reason, which the sender can verify and confirm when accepting the contract, there would not have to be an additional step in the trade flow; meaning no additional complexity.

@dmos62
Copy link
Contributor

dmos62 commented May 18, 2020

@peterzen but then someone can mine the offer book for payment reasons (the idea is it's visible to everyone, right?).

@crowphale
Copy link

It's really hard to guess what good payment reasons could be for all users. We don't know all the users, what they typically spend money on, how much, etc. So from privacy perspective, it seems like letting both parties to agree on custom reason is the best option (with default option if they don't care, which can be the current alpha-numeric code).

Are there any other (non-privacy) issues with that? Like can one side use this to make cheating easier (arbitraging harder)?

@Conza88
Copy link

Conza88 commented Dec 14, 2020

A random generator for string of text related to price and Venmo etc ain't viable imo.

The solution most definitely relates to the users being able to amend the "reason". Both agreeing.

Or its simply saying reason MUST include the current "reason" string, but like others have said can mask it. As in order ID, or down payment one etc?

As suggested, could cause issues for people more so e.g. bank sees orders ID on a personal account?! etc.

It'd be normal ID assigned as is now, but if either have issues with Bank account or are wanting to elevate the reasoning, be protective they can engage other party in chat.

After agreement in chat can propose "change reason" and accepted, allows payment to proceed / amends terms. Logged.

If they don't agree, can proceed on old one and note not to trade with X next time. Or cancel trade. Don't think people will care that much ?

@pazza83
Copy link

pazza83 commented Dec 14, 2020

I think a simple solution would be:

At time of offer BTC seller (taker or maker) can specify an alternative Trade ID eg 'Party'.

The buyer can then choose to use either the usual Trade ID or the alternative Trade ID provided by the seller. Both would be acceptable.

I agree with @Conza88 that most people will not be bothered. I do not think there should or needs to be discussion about this in trader chat. Either an alternative is used or it is not.

@Conza88
Copy link

Conza88 commented Dec 14, 2020 via email

@aesema
Copy link

aesema commented Dec 14, 2020

Hello all. I also concur with the last idea. In my country having a trade ID mentioning a well known classified website would make sense. If the buyer doesn't like it, then (s)he can use the usual generated ID.

@pazza83
Copy link

pazza83 commented Dec 15, 2020

Hi @Conza88 and @aesema how about something like this?

Portfolio Sell BTC (alternative Trade ID)

@Conza88
Copy link

Conza88 commented Dec 15, 2020 via email

@pazza83
Copy link

pazza83 commented Dec 15, 2020

Hi @Conza88 thanks for the feedback.

Sure. And same with vice versa (seller)?

Yes, it would be the same. Think it should be maker/taker only. If it was maker and taker you would get 2 alterative options and it would get confusing.

I'd like an "(i)" that when hovered over indicates why, it's purpose.

Yes, I think it would be important to offer some more info to the reason.

I guess if maker of BTC sale put in e.g. "gun sale" and in my country that's illegal to own, that could cause issues - in which case, you'd just not do it...

Yes, counterparty could always ignore their peer's suggestion, this would always be acceptable.

Do you think it should be maker or taker that sets the alternative Trade ID? I am leaning towards taker as they can then learn which traders will include their suggestion and use this knowledge when taking future offers.

@Conza88
Copy link

Conza88 commented Dec 15, 2020 via email

@chimp1984
Copy link
Contributor

Have not followed all the discussion, so sorry if I missed something critical...
I think payment with a invoice ID are common and those IDs are similar to those we use in Bisq. There are already some diff. styles for the short trade ID (mixed case, only numbers,...).
Any added complexity always comes with UX costs and I think that is not justified here to make Bisq more complicate...

@Conza88
Copy link

Conza88 commented Jan 28, 2021

We will soon have the removal of Trade ID requirement in description as the future default.
Taker is not going to put in trade ID description when paying, leaving it blank.

In conjunction with this - I am re-highlighting this below request... which should make the process more efficient (MAKER can specify an "Optional Alternate Trade ID"... perhaps this needs its own thread/discussion?

I still think an optional alternative Trade ID will be a helpful addition. It's leave it blank by default, or the MAKER can indicate their preference for "e.g. Thanks for the collectibles", "Craiglist 2051 purchase", "Bicycle", "downpayment" etc. if I was a maker, I would get sick of having to chat about what it is the reason ID should be in trader chat. As e.g. a taker of BTC - I want to accommodate as much as possible the seller, so I become a preferred person they sell to etc.

Replicating real world transactions efficiently and conveniently is ideal. Facilitating that should be the goal by the protocol.
It's shite it has to be done, but better than the alternatives...

This is just an additional field.

Helping facilitate communication/trader chat is also important:

Do we have an idea on how often is reason for payment left blank as a general rule in fiat payments? If this happens very often, that would be great. But if not, that would be an easy way to idenfity Bisq transactions.

Found this interesting: https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9047935 , taken from bank data in Spain 2017-2018, small sample. Examples of bank transactions descriptions. No comments on blanks (not their purpose). I suspect its a large % (e.g. at least 20-50%). In any case, this is why "Alternate Trade ID" allows MAKER/TAKER flexibility in coming up with common sense terms they are both comfortable with.

image

@deusmax
Copy link
Contributor

deusmax commented Feb 2, 2021

The Bisq Trade Id worked well so far. Changing it is just a weak attempt to delay bank scrutiny. The real question is how to effectively react to increasing intolerance to crypto by the banking sector.

@mpolavieja
Copy link
Contributor

mpolavieja commented Feb 2, 2021

I have made a very informal survey amongst my friends that work at banks (Spain), and the rough consensus is that around 40% of payments have no reason (blank reason, no text). The % is probably much higher if there is no invoice related to the payment (informal payments between friends, families, etc). So If this rough consensus is rigth, I think it is way better to leave the "reason of payment" blank.

@mpolavieja
Copy link
Contributor

mpolavieja commented Feb 2, 2021

@viperperidot

I am also against it because should any questions or investigation into your account be asked then you have already incriminated yourself by lying.

IMO, this is the most compelling argument to leave the "reason for payment" blank.

@Conza88
Copy link

Conza88 commented Feb 3, 2021

I have made a very informal survey amongst my friends that work at banks (Spain), and the rough consensus is that around 40% of payments have no reason (blank reason, no text). The % is probably much higher if there is no invoice related to the payment (informal payments between friends, families, etc). So If this rough consensus is rigth, I think it is way better to leave the "reason of payment" blank.

Awesome work on finding out roughly! Glad my gut was fairly on the mark: "I suspect its a large % (e.g. at least 20-50%)."

Going from the above stats as well, if someone wanted to put a reason it'd be better as relating to "Shopping, Bank, & Leisure".

IMO, this is the most compelling argument to leave the "reason for payment" blank.

Right. Alternatively, I wouldn't be putting anything (without agreeing with seller if I was buying) that I wouldn't be able to confidently back up "e.g. bought a bicycle from seller." "I have a photo if you want? Bought second hand, no invoice. Ad gets taken down. I have a photo of the bike if you want?"

Also alternatively, "I bought some collectables. What of it?" technically true.

The Bisq Trade Id worked well so far. Changing it is just a weak attempt to delay bank scrutiny. The real question is how to effectively react to increasing intolerance to crypto by the banking sector.

I understand this sentiment. I think as you outlined in keybase, purchase patterns etc. can raise investigations, or someone gives the game away (one moron I traded with admitted to being asked by Revolut about a transaction and he sent screenshot of Bisq! he basically seemed he'd do the same if TW asked! Did my best to clear up/address etc.) and I do wonder if he was targeted or something and gave the game up.

In any case, adapting is currently required - at least this GIVES THE OPTION. Everyone can STILL use a trade ID (despite all the warnings about protocol being not to), just need to discuss with trader. Ultimately, we will see if lack of Trade ID helps at all.

@henkvantijen
Copy link

One thing I suspect triggers the transaction is a 'strange', non-rounded, amount, like 377,26 euro/dollar.
You get that when you buy a rounded amount of btc. Therefore, my practice is that I always try to buy in rounded fiat amounts, like 375,00 euro.
Maybe someone with bank relation can confirm my above suspicion?

@ripcurlx
Copy link
Contributor

ripcurlx commented Feb 3, 2021

One thing I suspect triggers the transaction is a 'strange', non-rounded, amount, like 377,26 euro/dollar.
You get that when you buy a rounded amount of btc. Therefore, my practice is that I always try to buy in rounded fiat amounts, like 375,00 euro.
Maybe someone with bank relation can confirm my above suspicion?

That is why we introduced rounded amounts for fiat transactions. You'll always transfer rounded amounts on Bisq as they are less subject to trigger any automated flags.

@mpolavieja
Copy link
Contributor

like 377,26 euro/dollar

I think this is not possible in Bisq as ripcurlx points out. If this happened to you, please report.

@mpolavieja
Copy link
Contributor

mpolavieja commented Feb 3, 2021

Right. Alternatively, I wouldn't be putting anything (without agreeing with seller if I was buying) that I wouldn't be able to confidently back up "e.g. bought a bicycle from seller." "I have a photo if you want? Bought second hand, no invoice. Ad gets taken down. I have a photo of the bike if you want?"

Also alternatively, "I bought some collectables. What of it?" technically true.

Too convoluted. From my experience with "the system" (banks, public administration, taxman, courts, etc) the saying "Anything you say may be used against you" is, by far, the weapon they most frequently use to go after you. So if there is doubt and there is the possibility of not saying anything without attracting attention, the best option is always say nothing.

@chimp1984
Copy link
Contributor

chimp1984 commented Feb 3, 2021

I have the impression we are making a mountain out of a molehill in that issue.
Banks are screwed in many ways, we reduced their ability to screw traders by removing that hint. Adding any lie as many have pointed out would add additional risks and should not be done, specially Bisq should not support that from the app perspective, that might have even legal implications.
Leaving it empty seems the easiest improvement and traders have the trade chat and are flexible to override that with anything they like.
Why not leave it for now and close that issue and focus on more important things?
If there is no strong opposition, I will close that issue.

@henkvantijen
Copy link

henkvantijen commented Feb 3, 2021 via email

@Jul3k
Copy link

Jul3k commented Feb 7, 2021

I believe the decision to remove the trade ID as reason for payment actually reduced the security of the Bisq trade protocol. Let me explain a possible scenario that scammers performed on multiple platforms before and Bisq just became more vulnerable to:

  1. A scammer accepts your BTC sell offer
  2. He uses your banking information to place another sell offer with the same price on the internet. The sold goods can be completely different, a ring for example on Ebay.
  3. The scammers offer is accepted by a second victim which performs the payment to your initial offer.
  4. You receive the payment and confirm the release of bitcoin. The bitcoin are send to the scammer.
  5. The second victim files a complaint because he never received a ring. He will then contact the police and sue you. In my jurisdiction (Germany), your lawyer might tell you: You received a payment with reason for payment ring. Since you did not deliver a ring, you will have to refund the victim. So you become the final victim.

(Even if you have a good lawyer, you will have a lawsuit with the second victim. The scammer is safe on an anonymous platform like Bisq)

EDIT:
In my opinion the person placing the offer should have the decision on how much risk he is willing to take. As a seller the correct statement of the trade ID as reason for payment would provide additional security as it clearly assigns the payment to the trade. That way it will be harder for a person to reclaim the payment by stating it was unjustified. Also it makes it difficult for scammers because a mismatch in the reason for payment raises suspicion. With the current implementation the buyer can accept the offer before he agrees with the seller on the specification of a trade ID. Doing that over the trade chat is clearly not very practicable as the seller has to state his wish before the buyer initiates the payment and thus forces him to stay in front of the computer. Disagreements on the trade protocol will result in more meditations. If a seller wishes to opt for not having a trade ID, because he is afraid his bank will ban him, he should specify that when creating the offer. Forcing that change on everyone is illegitimate to me.

EDIT2:
I am aware there is still the name of the bank account that needs to match. It happened to me a couple of times that people used the bank account of their girlfriend or a payment processor that did not state the name, so it was always good to have the trade ID as a second layer of confirmation. Also to prevent refunds it is safer to assign the payment to a trade.

@pazza83
Copy link

pazza83 commented Feb 7, 2021

Previously to release BTC when trading using a bank payment details needed to match where; Account name, fiat amount, account number, reference

Now to release BTC when trading using a bank payment details needed to match where; Account name, fiat amount, account number

So all in all I do not think removing the trade ID being included compromises security.

In the example above of the ebay seller my thoughts are:

  • It would not work as account name and account number would not match
  • Even if it did work (seller releases payment to incorrect account name and number) then having a trade ID as a reference would likely not make a difference to the seller that is not concerned if other payment details match.

@dmos62
Copy link
Contributor

dmos62 commented Feb 7, 2021 via email

@Jul3k
Copy link

Jul3k commented Feb 7, 2021

There are banks (like mine) that do not show the account number of the sender for privacy reasons. Then the only chance to confirm a correct payment is by the name. I also believe now it is possible to make the names match.

  1. A scammer looks for suitable BTC sell offers with fixed price
  2. Places his fake offer matching the fixed price
  3. If a victim accepts his fake offer he will have the name to create an payment account with matching names to accept the BTC offer

For the BTC seller it will then be impossible to notice that he fell for a scam and difficult to prove that he rightfully received the payment. This will make it likely that the money can be reclaimed. I am not saying that a trade ID would make it impossible to trick people but to my opinion it would make it a bit harder and also less likely that payments can be claimed back.

@Jul3k
Copy link

Jul3k commented Feb 7, 2021

And to add another point. I does happen quite often that buyers accept multiple offers. I had buyers accept every single offer that I had open at that time (~10). Having the trade ID to keep track of which payments have been received was very useful then.

@pazza83
Copy link

pazza83 commented Feb 7, 2021

I also have some bank accounts that do not show payee details. I think these are best avoided in Bisq as you cannot be sure the account that sent you the payment.

A scammer looks for suitable BTC sell offers with fixed price
Places his fake offer matching the fixed price
If a victim accepts his fake offer he will have the name to create an payment account with matching names to accept the BTC offer

I think this is a possible but likely improbable to succeed. All things would need to align to allow it to be successful.

  • Trade with someone that cannot see their bank details
  • Trade with someone they know the first and last name of and know that they will pay in a account of the same name
  • A likely offer to be online with the amount of 0.01 BTC or less (buyer will not be able to create a signed account in time with one trade).
  • Trade still online when they have their victim in place, or if they take the Bisq trade first they risk not completing their trade in time on the third party site.

Due to the above the scammer would be much more likely to lose their security deposit when trying this. The 0.006 BTC security deposit is a large proportion for new account under 30 days old, so I do not think the benefits vs risks would be worth it for the scammers.

The trade IDs do help with multiple offers, but no reason you cannot ask buyer to label multiple offers; 1, 2, 3 etc. Alternatively it just takes a little more checking to make sure you received the correct amounts. I am thinking of making offers at different amounts to make this easier eg 0.01, 0.095, 0.09 etc.

@Jul3k
Copy link

Jul3k commented Feb 7, 2021

Okay. So lets plot this further and sorry for my criminal intent. When I look at the EUR/BTC SEPA offer book, I see plenty of people that have multiple offers (I know from the same onion address) with the same price (often 0.01 BTC) online over multiple days/weeks/months. I could choose possible victims and perform a trade with them once. I would use the correct name but wrong account number to find out if they complain and thus check if they can see my account number. Or I lookup the bank and check if they show the account number to customers which is even more secure. I would not even have to complete the trade. I could tell that my bank does not allow me to send money to their bank. Mediators will likely recommend to cancel the trade. So a scammer could do all that without much risk to loose his security deposit. A single seller with multiple offers could be used simultaneously, making a revenue >0.05 BTC per scam possible and the whole thing quite profitable.

I would personally fall into that category of a seller matching those criteria. Of course I could change my bank, but to be honest they are crypto friendly. Before I felt/was more secure with the trade ID specified. If the trade ID leads to people being banned because their banks see a violation of their terms and can match transactions to the Bisq protocol then maybe the trade ID should be more random in its nature to prevent that. Variable length, sometimes numerical/alphanum, containing dashes, dots, spaces, hashs ... could be used. My 2 cent.

@Conza88
Copy link

Conza88 commented Feb 7, 2021

then maybe the trade ID should be more random in its nature to prevent that.

You can't get more random than it was.

The protocol change in communications has highlighted the "NO TRADE ID" element... what hasn't been as prominent is the:

"You are free to discuss via trader chat if an alternate "reason for payment" would be suitable to you both."

I think this needs to be highlighted more and its a mistake to not indicate this in conjunction with any comm's about "No Trade ID".

Because ULTIMATELY there is a choice now. You can as a SELLER specify what trade ID "reason" you would like to see in description. If you KNOW you can't see account number or name or something, then discussing and pondering some acceptable general 'reasons' would work. Have you done a trade with this person before? Be more cautious then about the possibilities of this scam. Don't release the BTC then.

As I've mentioned there are some other improvements that would help.

@Jul3k
Copy link

Jul3k commented Feb 8, 2021

Have there been actual cases where the trade ID caused accounts to be banned? I do not see how this would be possible with a trade ID that does not have a defined structure to be matched against without plenty of "legal" payments also causing a ban. I am aware that the release note states that an alternate reason for payment can be specified. I don't agree on the point, that I as a seller have the possibility now to define the trade rules. The buyer can initiate the payment as soon as it is confirmed on the block chain. I would have to contact him before. Also I believe it is stated here that "responding to trade chats is always optional".

@pazza83
Copy link

pazza83 commented Feb 8, 2021

Have there been actual cases where the trade ID caused accounts to be banned?

Did you see the discussion around closures of TransferWise accounts? I think it happened mostly on Keybase.

But essentially it seemed that TW was able to link Bisq trades together using the trade ID as a reference. This resulted in a number of Bisq users having their accounts closed. It is also what lead to this topic being reignited and the changes made to the latest release.

@Conza88
Copy link

Conza88 commented Feb 8, 2021

Have there been actual cases where the trade ID caused accounts to be banned?

It's strongly suspected. Transferwise mass account deactivations. Above analyses for e.g. Spain, where approx 40% of standard descriptions are blank.

I don't agree on the point, that I as a seller have the possibility now to define the trade rules. The buyer can initiate the payment as soon as it is confirmed on the block chain. I would have to contact him before.

One proposal was having an "Alternate Trade ID" field that the seller could specify as maker, and then the taker could choose to use or not. That would be post taking offer. For a variety of reasons, it was shifted to no trade ID.

If offers were to specify BEFORE what trade ID they wanted to be used etc, I think that'd do far more to discourage offers being taken in the first place, with no possibility of providing feedback to maker (seller). "Hey, I want your offer but I don't like the TRADE ID you want me to use, it sucks etc."

At least post taking - there's more likelihood trade goes through in an acceptable way for both.

As a buyer, I often ask the seller before sending if they want me to use a reason or blank. Perhaps having a checkbox when making the offer "Please consult about 'reason for payment' before sending" would assist? That way it is known/communicated if maker just wants it sent asap and does not care about a reason for payment field... OR if they are bulk trader, want something in there.

Worst case though, taker sends fiat before discussing. Can just get him to chargeback/cancel it, and re-do.

@Jul3k
Copy link

Jul3k commented Feb 8, 2021

No. I have missed that. I just can't wrap my head around how a bank would match a reason for payments to Bisq with a regex like: It can contain numerals, or letters and can be separated by dashes or dots or spaces at any position. This must also match every reason for payments ever stated.

@Conza88
Copy link

Conza88 commented Feb 8, 2021

No. I have missed that. I just can't wrap my head around how a bank would match a reason for payments to Bisq with a regex like: It can contain numerals, or letters and can be separated by dashes or dots or spaces at any position. This must also match every reason for payments ever stated.

I suspect its likely volume that may initially trigger an investigation into an account - but then upon looking into the account, the banks/fintech see's there is a ton of other random numbers/letters transactions to all these other accounts. Super suspect. They then follow the trail and rope in everyone linked.

There were some that were only given a warning and likely had other transactions NOT with trade ID's but using the service for other stuff.

Ergo, by NOT displaying the "TRADE ID's" (random letters/numbers) but allowing for "real" / "no" "reason for payments" descriptions, it is ALL ELSE BEING EQUAL assumed to be harder for banks/fintech to assume these are decentralised exchange trade and thus more likely to go unnoticed/not deactivate in bulk.

Perhaps the volume trades by someone still triggers an investigation but if the response is "services rendered" or something like that, it makes it less likely they can rope in everyone else. Perhaps it has little impact. We will see. In any case, TW put through massive volumes very swiftly and was global liquidity - very suitable to Bisq. This is a pivot in that regard and hopefully it works. Or hopefully Strike Global / Lightning change the game and that becomes the standard lol.

@pazza83
Copy link

pazza83 commented Feb 8, 2021

No. I have missed that. I just can't wrap my head around how a bank would match a reason for payments to Bisq with a regex like: It can contain numerals, or letters and can be separated by dashes or dots or spaces at any position. This must also match every reason for payments ever stated.

With TransferWise all payments where TW-TW.

TransferWise were aware of people using Bisq for payments either though it's promotion on Twitter or other social media, or a user contacting support for help with a payment for Bitcoin!

How to make a payment is documented here for all to see: https://bisq.wiki/TransferWise

TW-TW payments are not promoted heavily by TransferWise, therefore, it would not be hard for them to run a list of all payments made in a given period using this method and look for payment reference than would be indicative of Bisq Trade ID numbers.

TransferWise have no obligation to provide services to anyone, therefore, if they feel they are using their TransferWise account to trade BTC it is easy for them to warn or ban them. This is what happened. Over a couple of days at least a dozen Bisq users when warned or banned.

I also suspect Revolut has banned people based on a review of their accounts due to the Trade IDs.

@Jul3k
Copy link

Jul3k commented Feb 8, 2021

If TW is so arbitrary in their banning of people, don't you think they will do the same when no reason for payment is specified? I looked at their business model and they have an interest in a balanced cash flow between countries in order to keep their own exchange fees low. I suspect it was this imbalance of cash flow that draw their attraction to Bisq and might also be the reason they banned people (not just because they hate bitcoin). They well continue to look for accounts showing a strange cash flow and users selling high volumes on Bisq will still trigger that. As you suspected before, if you have one big account that triggers investigation I do not think they will stop banning/warning all the people that traded with this account if every single transaction has no reason for payment.
Anyway those are separate issues. For SEPA transfers it was certainly good to have the reason for payment field for the following reasons:

  • The account number is not always visible so we have to rely on the name for verification
  • Name and or account may not match because a different account is used to send money
  • It makes associating payments to trades easier
  • It makes charge backs harder
  • It generates some information at the moment of accepting the offer which makes triangle attacks more difficult
  • It might be less suspicious than having none. (I feel more likely to be investigated why I receive 10 payments a day without reason of payment, when they thought before "Ah, ok this guy is selling stuff on the internet".

@mpolavieja
Copy link
Contributor

If you use bisq a lot with the same bank and receive / send a lot of payments, then you are a honeypot for the bank and sooner or later they will look at your activity, and probably link it to your trading peers. Centralization will always be a problem in any p2p protocol.

In the scam @Jul3k describes, while it would be true that tricking the buyer to include the trade-id into the payment reason makes the scam a bit harder, I don't think it would be that difficult.

IMO, having no payment reason is less suspicious as there are a lot of payments with no reason. Moreover, the anonimity set is much larger because a blank reason is fungible. The set of specific payment reasons is not fungible.

@mpolavieja
Copy link
Contributor

I would like also to emphasize that including a reason for payment that tries to hide the transaction can be a problem. If you are not comfortable to disclose any kind information, the best option is always not to disclose it. Much better than trying to disguise that information with other information.

@pazza83
Copy link

pazza83 commented Feb 9, 2021

If TW is so arbitrary in their banning of people, don't you think they will do the same when no reason for payment is specified?

I think the absence of the trade ID will make it harder, hopefully impossible, for them to link Bisq payments.

Anyway those are separate issues. For SEPA transfers it was certainly good to have the reason for payment field

I agree it was useful, but I think removing Trade ID is the better option to enable Bisq users to have a reduce risk of accounts being closed / frozen.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests