[bisq-network/proposals] Using PoW for the P2P network messages as dos protection (#268)
Manuel
notifications at github.com
Fri Nov 27 19:41:27 CET 2020
For onboarding users (buyers without BSQ bonding).
On a second stage, if we want to try buyers without BSQ bonding for small quantities, maybe we could try something rather manual to get a feeling of how much demand there is for it. Only very experienced Bisq users would do this kind of sell offers (maybe initially a controlled group) and would coordinate with the buyer and require him some proof of ownership though the chat before disclosing their payment data to the buyer. We could pick up some old ideas such a digital signature, to publish some string code in social media where the name of the owner of the account is clearly shown (twitter, a verified keybase account, etc). If the buyer is unresponsive, the seller could cancel the trade straight away.
On a third stage, if we see there is enough demand, some implementation could be carried out for those payment methods where the seller is *always* able to verify the buyer basic payment data. For example SEPA would not work as sellers don't usually get to see the IBAN from the buyer, but just the BIC, name of the bank and name of the buyer. So a scammer could make / take many small offers with unsigned accounts using fake IBANS within the same bank, and then pay all of them from the same stolen payment account.
So for those payment methods where the seller is *always* able to verify the basic payment data (i.e. account number), maybe it could be tried to use a hash of the payment basic data so no more than one concurrent offer is possible (any new offer would be rejected as there is one alive offer in the hidden order book). So if the scammer has to wait a full trade to start another one, maybe that would be deterring enough. We could even leave the hash in the hidden order book a bit longer if it is not too much overhead for the p2p network, so the scammer would be unable to start another trade for a long time, so chances that the he has been already discovered on the first payment are high.
For payment methods where the seller is not able to verify basic payment data from the buyer, we would have to leave it manual or to standirize some verification only if possible and popular (from the information harvested on the manual second stage), like for example if we see that keybase works very well.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/proposals/issues/268#issuecomment-734949642
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20201127/bed51098/attachment-0001.htm>
More information about the bisq-github
mailing list