<p>If I understand the modified proposal, arbitrator would have access to the bank name of the user and the amount he withdrew. If a government agency gets this data for a lot of Bisq users, they could also get the data from every bank on all of it's users and derive a hash for every bank user account. Than just see which ones match and they get the list of only Bisq users.</p>
<p>Even if banks had billions of users, this would take seconds even on a GPU.<br>
Not to mention that if they already have amounts that were withdrawn, they could filter those out.<br>
Maybe they even know the probable time frame when this was withdrawn and might not even need to hash anything.</p>
<p>The problem isn't just the arbitrator himself, even if they are very trusted they could be a victim of a lot bigger more serious attack. I just see too big of risk for too little of a gain here. Security is very important to all exchanges, but Bisq also cares and provides privacy that can not be matched by any centralized exchange, that is what makes this project so important.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/bisq-network/proposals/issues/23#issuecomment-394388502">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AkpZtn9LQ-7ICk-nzKd4_VZSaiAwDo-Mks5t5U0JgaJpZM4UXw49">mute the thread</a>.<img src="https://github.com/notifications/beacon/AkpZtotcyKeoVZ_DicXgrVVoc1q2It0eks5t5U0JgaJpZM4UXw49.gif" height="1" width="1" alt="" /></p>
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","potentialAction":{"@type":"ViewAction","target":"https://github.com/bisq-network/proposals/issues/23#issuecomment-394388502","url":"https://github.com/bisq-network/proposals/issues/23#issuecomment-394388502","name":"View Issue"},"description":"View this Issue on GitHub","publisher":{"@type":"Organization","name":"GitHub","url":"https://github.com"}}</script>
<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/bisq-network/proposals","title":"bisq-network/proposals","subtitle":"GitHub repository","main_image_url":"https://assets-cdn.github.com/images/email/message_cards/header.png","avatar_image_url":"https://assets-cdn.github.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/bisq-network/proposals"}},"updates":{"snippets":[{"icon":"PERSON","message":"@alexej996 in #23: If I understand the modified proposal, arbitrator would have access to the bank name of the user and the amount he withdrew. If a government agency gets this data for a lot of Bisq users, they could also get the data from every bank on all of it's users and derive a hash for every bank user account. Than just see which ones match and they get the list of only Bisq users.\r\n\r\nEven if banks had billions of users, this would take seconds even on a GPU.\r\nNot to mention that if they already have amounts that were withdrawn, they could filter those out.\r\nMaybe they even know the probable time frame when this was withdrawn and might not even need to hash anything.\r\n\r\nThe problem isn't just the arbitrator himself, even if they are very trusted they could be a victim of a lot bigger more serious attack. I just see too big of risk for too little of a gain here. Security is very important to all exchanges, but Bisq also cares and provides privacy that can not be matched by any centralized exchange, that is what makes this project so important."}],"action":{"name":"View Issue","url":"https://github.com/bisq-network/proposals/issues/23#issuecomment-394388502"}}}</script>
<script type="application/ld+json">{
"@type": "MessageCard",
"@context": "http://schema.org/extensions",
"hideOriginalBody": "false",
"originator": "37567f93-e2a7-4e2a-ad37-a9160fc62647",
"title": "Re: [bisq-network/proposals] Certification for ownership of a bank account (#23)",
"sections": [
{
"text": "",
"activityTitle": "**Aleksej Jocic**",
"activityImage": "https://assets-cdn.github.com/images/email/message_cards/avatar.png",
"activitySubtitle": "@alexej996",
"facts": [

]
}
],
"potentialAction": [
{
"name": "Add a comment",
"@type": "ActionCard",
"inputs": [
{
"isMultiLine": true,
"@type": "TextInput",
"id": "IssueComment",
"isRequired": false
}
],
"actions": [
{
"name": "Comment",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"IssueComment\",\n\"repositoryFullName\": \"bisq-network/proposals\",\n\"issueId\": 23,\n\"IssueComment\": \"{{IssueComment.value}}\"\n}"
}
]
},
{
"name": "Close issue",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"IssueClose\",\n\"repositoryFullName\": \"bisq-network/proposals\",\n\"issueId\": 23\n}"
},
{
"targets": [
{
"os": "default",
"uri": "https://github.com/bisq-network/proposals/issues/23#issuecomment-394388502"
}
],
"@type": "OpenUri",
"name": "View on GitHub"
},
{
"name": "Unsubscribe",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"MuteNotification\",\n\"threadId\": 341773885\n}"
}
],
"themeColor": "26292E"
}</script>