[bisq-network/bisq] Account signing flawed, new security model (#3590)
ExPrgrmmr
notifications at github.com
Sun Nov 10 09:47:00 UTC 2019
With _account signing_ anybody virtually gets trusted from simply trading with a signed user. This adds no protection since no real proof of trust is delivered. A scammer can operate as normal.
Here suggesting a new model for security:
1. **Information on users**
Total number of trades and account age are important metrics that indicates trust. This should be displayed on all users.
2. **Raise limits not only on account age**
Limit raise is triggered instantly from a combination of account age and number of trades per payment account, as an automated criteria for trust (“PoT”). Number of trades * account age > N. The score can be displayed for self tracking.
PoT = Proof of Trust
Note that the risk for cashback scam can never be eliminated.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/issues/3590
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20191110/e1e6ca7b/attachment.html>
More information about the bisq-github
mailing list