[bisq-network/bisq] Security risks with re-use of onion address (#2005)
Manfred Karrer
notifications at github.com
Fri Nov 30 13:35:22 UTC 2018
@qubenix
If someone can read your data directory you are already in a pretty bad situation. Basic security assumptions in Bisq is that your system is not compomised on that level.
Your onion address cannot change if you have open offers, trades or disputes. For the reputation though we could and probably should use a seperate key pair to be more flexible and make it possible to renew the onion address without losing the reputation. But as @freimair mentioned reputation requires some sort of identity and that is usually in conflict with privacy. So you will not get both in a perfect way. But letting users choose what is more importent for them should be the way to go.
Consider also that the main focus of Bisq it on the Fiat exchange side and here the bank details reveal your real life identity so some extent to the other peer anyway. With that in mind trying to get perfect privacy on the network side does not give you much as an undercover agent could easily just do a trade with your and find out your identiy. For altcoins though there is more headroom for a high level of privacy. But also here you should consider the Bitcoin-blockchain (and - if not a cryptonote coin - the altcoin-blockchain) as the weak element where it is very easy to lose privay and for most users who are not very skilled and knwoledgeable very hard to get good privay (e.g. coin merge, block explorer lookup, bloom filters,...).
Atm we have many other high prio tasks to complete (new trade protocol, DAO, P2P network stability,...), so no dev resources to get into those rather sophisticated features. If you are a developer you are welcome to join and work on it.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/issues/2005#issuecomment-443205022
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20181130/30c2ae04/attachment-0001.html>
More information about the bisq-github
mailing list