[bisq-network/bisq-desktop] Data leakage when funding Bisq (#1559)

ronohara notifications at github.com
Sun May 27 09:32:45 UTC 2018


Shen you scan the QR code to fund your Bisq wallet, using the defaults, it sets a description of "Fund Bisq wallet"... or at least it does when you send from Mycellium.

Presumably this is done using the payment protocol, but it leaks information. That payment protocol transfer is clear text. Easily intercepted on the network.  Correlation of metadata then lets an attacker know that you are using Bisq, and how much your wallet is funded by. If it is a big amount, your become a target.

I suggest that using the payment protocol becomes optional. Just a QR code of the receiving address should be the default setting.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq-desktop/issues/1559
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/github/attachments/20180527/aaf0fb43/attachment.html>


More information about the github mailing list