Bank id leaking #5201
Comments
|
Thanks for opening your first issue here! |
|
Hi @Bl5ckj5ck thanks for this. I agree I thought this has been removed. I do not see any reason why any bank account details need to be shown. Users will know the offer is SEPA and what country the bank is in. No need for them to know the actual bank before taking the offer. On the GBP market it does not show the Faster Payments sort code which is essentially the same thing as the SEPA BIC. I think they should be removed. |
|
Here is an example:
Here how I propose it should look:
|
|
I’d leave the “SEPA” specification but without the bank id (xxxxx). |
|
I will take a look at this tomorrow. |
|
@BtcContributor thanks. Thinking about this I think it is very important. If a compliance officer from ACME Bank downloads Bisq they should not be able to search for what offers on the platform are trading using ACME Bank by checking sort codes / BIC / routing number etc |
|
Fixed for SEPA and a couple of other instances while maintaining method payment as said by @Bl5ckj5ck. Do you think that the Accepted banks field is needed when using Transfer with specific banks? Otherwise I would completely delete that line.
|
|
The “Accepted Banks” field might be useful for the taker since this would tell him which banks he should put in his Bisq payment account in order to accept the offer. At the same time I think that this info does not reveal any personal financial details of the maker What do you think about it @pazza83 ? |
Yes for specific bank it is needed. There is no way not to leak ID as the taker would need to know the Bank being used. I think it is a rarely used payment method on Bisq. Same for "Transfers with same bank" payment option. |
Yes agreed. For specific bank and same bank this info is needed. I do not think these are used very much and the trader would be choosing to leak their bank name in order to achieve a trade. I think, therefore, it is ok for these 2 payment methods. |
|
@BtcContributor please can you also check what info is leaked when making a payment using 'Japan Bank Furikomi' it is a payment option in Bisq. Also "SEPA Instant" instant payment option should be the same as SEPA. |
|
Everything seems good to me.
|
|
Hi @BtcContributor any updates on this? I noticed that your commits still have to be merged and you’re waiting for @ripcurlx to review them |
|
Hi! That's correct @Bl5ckj5ck. |
|
I'm just focusing on the v1.6.0 release right now. Will review it soon. Maybe we could even push this in the end one step further to actually also remove this information in the protocol level. |
|
Thanks for the update @ripcurlx |
|
@bisqubutor The “Transfer with specific bank” payment method currently meets the needs that you pointed above. |
|
@bisqubutor I agree that knowing what bank a trader is user might be useful when buying from the same seller. But in this instance I think privacy beats convenience. |
and others
Hey guys 👋
One of the strongest point of Bisq is to keep users’ info private and to show them just to the users who are involved in the trade.
However, if you pick randomly one buy btc SEPA offer and expand its details, you can see the bank id near the description of the payment method. Example: SEPA (XXXX)
This potentially lets everyone put the id online and find the bank where the creditor will get the payment.
Wouldn’t be better for privacy purposes to hide the bank id from the payment details and to show it just when you accept the offer?
The text was updated successfully, but these errors were encountered: