[bisq-network/bisq] Encrypt or remove saved trader chats and trade data on local Bisq instances (#5396)
pazza
notifications at github.com
Mon Apr 5 22:40:49 CEST 2021
<!--
SUPPORT REQUESTS: This is for reporting bugs in the Bisq app.
If you have a support request, please join #support on Bisq's
Keybase team over at https://keybase.io/team/Bisq
-->
### Description
I have created this issue from the discussion on the Bisq community for forum [Is trader chat saved?](https://bisq.community/t/is-trader-chat-saved/10539/4).
Currently the following information is avlaiable on users local Bisq instances
- Unencrypted trader chats between themselves and peers
- Unencrypted trade data (names, account numbers, trade amounts etc) between themselves and peers
I am unsure what trade information is unencrypted on mediators' or arbitrators' Bisq instances.
Having trade chats and trade data saved on local Bisq instances is a security concern for both traders and everyone they have traded with.
Having trade chats and trade data saved on mediators' or arbitrators' Bisq instances is a security concern for everyone they have mediated / arbitrated.
Traders with lots of trades, mediators and arbitrators will end up being a centralized source of unencrypted data. This puts users of Bisq at risk.
#### Version
v1.6.2
### Steps to reproduce
open \Bisq\btc_mainnet\db\
- ClosedTrades
- FailedTrades
- MaiboxMessageList
There might be more. I have not checked all the files for unencrypted data.
### Expected behaviour
Chat and trade data to be encrypted.
Not sure if there should be a time limit for how long this data is kept?
### Actual behaviour
Chats and trade data are stored unencrypted.
### Screenshots
Taken from: https://bisq.community/t/is-trader-chat-saved/10539/14
```
SEPA���������:�
>XXXCENSORED_BANK COUNTRY CODE_XXX"�
XXXCENSORED_Full name_XXXeXXXCENSORED_IBAN_XXXXXXCENSORED_bic_XXX*AT*BE*BG*CH*CY*CZ*DE*DK*EE*ES*FI*FR*GB*GR*HR*HU*IE*IS*IT*LI*LT*LU*LV*MC*MT*NL*NO*PL*PT*RO*SE*SI*SKzH
salt at XXXCENSORED_XXX*XXXCENSORED_btcADRESS_XXX"�#{
"offerPayload": {
"id": "XXXCENSORED_TRADEID_XXX",
"date": XXXCENSORED_TIMESTAMP_XXX,
"ownerNodeAddress": {
"hostName": "XXXCENSORED_XXX.onion",
"port": 9999
},
"direction": "BUY",
"price": 0,
"marketPriceMargin": 0.005,
"useMarketBasedPrice": true,
"amount": 700000,
"minAmount": 300000,
"baseCurrencyCode": "BTC",
"counterCurrencyCode": "CHF",
"arbitratorNodeAddresses": [],
"mediatorNodeAddresses": [
{
"hostName": "apbp7ubuyezav4hy.onion",
"port": 9999
},
{
"hostName": "a56olqlmmpxrn5q34itq5g5tb5d3fg7vxekpbceq7xqvfl3cieocgsyd.onion",
"port": 9999
},
{
"hostName": "sjlho4zwp3gecspf.onion",
"port": 9999
}
],
"paymentMethodId": "SEPA",
"makerPaymentAccountId": "XXXCENSORED_XXX",
"offerFeePaymentTxId": "XXXCENSORED_XXX",
"countryCode": "XXXCENSORED_BANKCC_XXX",
"acceptedCountryCodes": [
"AT",
"BE",
"BG",
"CH",
"CY",
"CZ",
"DE",
"DK",
"EE",
"ES",
"FI",
"FR",
"GB",
"GR",
"HR",
"HU",
"IE",
"IS",
"IT",
"LI",
"LT",
"LU",
"LV",
"MC",
"MT",
"NL",
"NO",
"PL",
"PT",
"RO",
"SE",
"SI",
"SK"
],
"bankId": "XXXCENSORED_XXX",
"versionNr": "1.5.3",
"blockHeightAtOfferCreation": XXXCENSORED_XXX,
"txFee": XXXCENSORED_XXX,
"makerFee": 5000,
"isCurrencyForMakerFeeBtc": true,
"buyerSecurityDeposit": 600000,
"sellerSecurityDeposit": 600000,
"maxTradeLimit": 1000000,
"maxTradePeriod": XXXCENSORED_XXX,
"useAutoClose": false,
"useReOpenAfterAutoClose": false,
"lowerClosePrice": 0,
"upperClosePrice": 0,
"isPrivateOffer": false,
"extraDataMap": {
"capabilities": "0, 1, 2, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16",
"accountAgeWitnessHash": "XXXCENSORED_XXX"
},
"protocolVersion": 3
},
"tradeAmount": 300000,
"tradePrice": XXXCENSORED_XXX,
"takerFeeTxID": "XXXCENSORED_XXX",
"buyerNodeAddress": {
"hostName": "XXXCENSORED_XXX.onion",
"port": 9999
},
"sellerNodeAddress": {
"hostName": "XXXCENSORED_XXX.onion",
"port": 9999
},
"mediatorNodeAddress": {
"hostName": "sjlho4zwp3gecspf.onion",
"port": 9999
},
"isBuyerMakerAndSellerTaker": true,
"makerAccountId": "XXXCENSORED_XXX",
"takerAccountId": "XXXCENSORED_XXX",
"makerPaymentAccountPayload": {
"holderName": "XXXCENSORED_XXX",
"iban": "XXXCENSORED_XXX",
"bic": "XXXCENSORED_XXX",
"email": "",
"acceptedCountryCodes": [
"AT",
"BE",
"BG",
"CH",
"CY",
"CZ",
"DE",
"DK",
"EE",
"ES",
"FI",
"FR",
"GB",
"GR",
"HR",
"HU",
"IE",
"IS",
"IT",
"LI",
"LT",
"LU",
"LV",
"MC",
"MT",
"NL",
"NO",
"PL",
"PT",
"RO",
"SE",
"SI",
"SK"
],
"countryCode": "XXXCENSORED_XXX",
"paymentMethodId": "SEPA",
"id": "XXXCENSORED_XXX",
"maxTradePeriod": -1
},
"takerPaymentAccountPayload": {
"holderName": "XXXCENSORED_XXX",
"iban": "XXXCENSORED_XXX",
"bic": "XXXCENSORED_XXX",
"email": "",
"acceptedCountryCodes": [
"AT",
"BE",
"BG",
"CH",
"CY",
"CZ",
"DE",
"DK",
"EE",
"ES",
"FI",
"FR",
"GB",
"GR",
"HR",
"HU",
"IE",
"IS",
"IT",
"LI",
"LT",
"LU",
"LV",
"MC",
"MT",
"NL",
"NO",
"PL",
"PT",
"RO",
"SE",
"SI",
"SK"
],
"countryCode": "XXXCENSORED_XXX",
"paymentMethodId": "SEPA",
"id": "XXXCENSORED_XXX",
"maxTradePeriod": -1
},
"makerPayoutAddressString": "XXXCENSORED_XXX",
"takerPayoutAddressString": "XXXCENSORED_XXX",
"lockTime": 669272,
"refundAgentNodeAddress": {
"hostName": "3z5jnirlccgxzoxc6zwkcgwj66bugvqplzf6z2iyd5oxifiaorhnanqd.onion",
"port": 9999
}
}*@
```
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/issues/5396
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20210405/db0e2980/attachment-0001.htm>
More information about the bisq-github
mailing list