Add option to make trade 'reason' less obvious

[rexi1e]

Its pretty easy for a bank that has recognized the format of a Bisq trade "reason" to identify which its customers are trading bitcoin with Bisq.

Could you make an option for the user to pick a randomly-generated trade reason that's less obvious?

Maybe source a couple hundred reasons from Venmo's public data or something and then randomly pick form that, or something...I dunno

[henkvantijen]

It has been some time since I did a fiat transaction with Bisq. Was speaking from memory. (Use it for crypto-crypto only, these days). Sorry for the confusion. Agree, let's close the issue.

On Wed, 3 Feb 2021 at 11:57, Manuel notifications@github.com wrote:

like 377,26 euro/dollar

I think this is not possible in Bisq as ripcurlx points out. If this happened to you, please report.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/bisq-network/bisq/issues/2869#issuecomment-772420571, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHOU7G5XSP6JHDMIMNUKPDS5ET2VANCNFSM4HS7RAMQ .

[Jul3k]

I believe the decision to remove the trade ID as reason for payment actually reduced the security of the Bisq trade protocol. Let me explain a possible scenario that scammers performed on multiple platforms before and Bisq just became more vulnerable to:

1. A scammer accepts your BTC sell offer
2. He uses your banking information to place another sell offer with the same price on the internet. The sold goods can be completely different, a ring for example on Ebay.
3. The scammers offer is accepted by a second victim which performs the payment to your initial offer.
4. You receive the payment and confirm the release of bitcoin. The bitcoin are send to the scammer.
5. The second victim files a complaint because he never received a ring. He will then contact the police and sue you. In my jurisdiction (Germany), your lawyer might tell you: You received a payment with reason for payment ring. Since you did not deliver a ring, you will have to refund the victim. So you become the final victim.

(Even if you have a good lawyer, you will have a lawsuit with the second victim. The scammer is safe on an anonymous platform like Bisq)

EDIT: In my opinion the person placing the offer should have the decision on how much risk he is willing to take. As a seller the correct statement of the trade ID as reason for payment would provide additional security as it clearly assigns the payment to the trade. That way it will be harder for a person to reclaim the payment by stating it was unjustified. Also it makes it difficult for scammers because a mismatch in the reason for payment raises suspicion. With the current implementation the buyer can accept the offer before he agrees with the seller on the specification of a trade ID. Doing that over the trade chat is clearly not very practicable as the seller has to state his wish before the buyer initiates the payment and thus forces him to stay in front of the computer. Disagreements on the trade protocol will result in more meditations. If a seller wishes to opt for not having a trade ID, because he is afraid his bank will ban him, he should specify that when creating the offer. Forcing that change on everyone is illegitimate to me.

EDIT2: I am aware there is still the name of the bank account that needs to match. It happened to me a couple of times that people used the bank account of their girlfriend or a payment processor that did not state the name, so it was always good to have the trade ID as a second layer of confirmation. Also to prevent refunds it is safer to assign the payment to a trade.

[pazza83]

Previously to release BTC when trading using a bank payment details needed to match where; Account name, fiat amount, account number, reference

Now to release BTC when trading using a bank payment details needed to match where; Account name, fiat amount, account number

So all in all I do not think removing the trade ID being included compromises security.

In the example above of the ebay seller my thoughts are:

• It would not work as account name and account number would not match
• Even if it did work (seller releases payment to incorrect account name and number) then having a trade ID as a reference would likely not make a difference to the seller that is not concerned if other payment details match.

[dmos62]

Even if it did work (seller releases payment to incorrect account name and number) then having a trade ID as a reference would likely not make a difference to the seller that is not concerned if other payment details match.

That's a good point. I'd add that it's not uncommon for the account number to be incorrect. People sometimes assume that it doesn't matter which account they use to fulfil their side of the trade, not realising that technically they're breaking the trade agreement, which is grounds for losing their security deposit. I'd say that this happens because people don't realise that these seemingly little things are part of the security mechanism protecting the other party (and the other party might not realise it either). This is tangential to the discussion at hand, but I wanted to mention it because people following this are those likely to take this seriously too.

On Sun, Feb 7, 2021 at 11:16 PM pazza notifications@github.com wrote:

Previously to release BTC when trading using a bank payment details needed to match where; Account name, fiat amount, account number, reference

Now to release BTC when trading using a bank payment details needed to match where; Account name, fiat amount, account number

So all in all I do not think removing the trade ID being included compromises security.

In the example above of the ebay seller my thoughts are:

• It would not work as account name and account number would not match
• Even if it did work (seller releases payment to incorrect account name and number) then having a trade ID as a reference would likely not make a difference to the seller that is not concerned if other payment details match.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/bisq-network/bisq/issues/2869#issuecomment-774769292, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAUW6VGZSQ44QCJGQYYHPOTS537JLANCNFSM4HS7RAMQ .

[Jul3k]

There are banks (like mine) that do not show the account number of the sender for privacy reasons. Then the only chance to confirm a correct payment is by the name. I also believe now it is possible to make the names match.

1. A scammer looks for suitable BTC sell offers with fixed price
2. Places his fake offer matching the fixed price
3. If a victim accepts his fake offer he will have the name to create an payment account with matching names to accept the BTC offer

For the BTC seller it will then be impossible to notice that he fell for a scam and difficult to prove that he rightfully received the payment. This will make it likely that the money can be reclaimed. I am not saying that a trade ID would make it impossible to trick people but to my opinion it would make it a bit harder and also less likely that payments can be claimed back.

[Jul3k]

And to add another point. I does happen quite often that buyers accept multiple offers. I had buyers accept every single offer that I had open at that time (~10). Having the trade ID to keep track of which payments have been received was very useful then.

[pazza83]

I also have some bank accounts that do not show payee details. I think these are best avoided in Bisq as you cannot be sure the account that sent you the payment.

A scammer looks for suitable BTC sell offers with fixed price Places his fake offer matching the fixed price If a victim accepts his fake offer he will have the name to create an payment account with matching names to accept the BTC offer

I think this is a possible but likely improbable to succeed. All things would need to align to allow it to be successful.

• Trade with someone that cannot see their bank details
• Trade with someone they know the first and last name of and know that they will pay in a account of the same name
• A likely offer to be online with the amount of 0.01 BTC or less (buyer will not be able to create a signed account in time with one trade).
• Trade still online when they have their victim in place, or if they take the Bisq trade first they risk not completing their trade in time on the third party site.

Due to the above the scammer would be much more likely to lose their security deposit when trying this. The 0.006 BTC security deposit is a large proportion for new account under 30 days old, so I do not think the benefits vs risks would be worth it for the scammers.

The trade IDs do help with multiple offers, but no reason you cannot ask buyer to label multiple offers; 1, 2, 3 etc. Alternatively it just takes a little more checking to make sure you received the correct amounts. I am thinking of making offers at different amounts to make this easier eg 0.01, 0.095, 0.09 etc.

[Jul3k]

Okay. So lets plot this further and sorry for my criminal intent. When I look at the EUR/BTC SEPA offer book, I see plenty of people that have multiple offers (I know from the same onion address) with the same price (often 0.01 BTC) online over multiple days/weeks/months. I could choose possible victims and perform a trade with them once. I would use the correct name but wrong account number to find out if they complain and thus check if they can see my account number. Or I lookup the bank and check if they show the account number to customers which is even more secure. I would not even have to complete the trade. I could tell that my bank does not allow me to send money to their bank. Mediators will likely recommend to cancel the trade. So a scammer could do all that without much risk to loose his security deposit. A single seller with multiple offers could be used simultaneously, making a revenue >0.05 BTC per scam possible and the whole thing quite profitable.

I would personally fall into that category of a seller matching those criteria. Of course I could change my bank, but to be honest they are crypto friendly. Before I felt/was more secure with the trade ID specified. If the trade ID leads to people being banned because their banks see a violation of their terms and can match transactions to the Bisq protocol then maybe the trade ID should be more random in its nature to prevent that. Variable length, sometimes numerical/alphanum, containing dashes, dots, spaces, hashs ... could be used. My 2 cent.

[Conza88]

then maybe the trade ID should be more random in its nature to prevent that.

You can't get more random than it was.

The protocol change in communications has highlighted the "NO TRADE ID" element... what hasn't been as prominent is the:

"You are free to discuss via trader chat if an alternate "reason for payment" would be suitable to you both."

I think this needs to be highlighted more and its a mistake to not indicate this in conjunction with any comm's about "No Trade ID".

Because ULTIMATELY there is a choice now. You can as a SELLER specify what trade ID "reason" you would like to see in description. If you KNOW you can't see account number or name or something, then discussing and pondering some acceptable general 'reasons' would work. Have you done a trade with this person before? Be more cautious then about the possibilities of this scam. Don't release the BTC then.

As I've mentioned there are some other improvements that would help.

[Jul3k]

Have there been actual cases where the trade ID caused accounts to be banned? I do not see how this would be possible with a trade ID that does not have a defined structure to be matched against without plenty of "legal" payments also causing a ban. I am aware that the release note states that an alternate reason for payment can be specified. I don't agree on the point, that I as a seller have the possibility now to define the trade rules. The buyer can initiate the payment as soon as it is confirmed on the block chain. I would have to contact him before. Also I believe it is stated here that "responding to trade chats is always optional".

[pazza83]

Have there been actual cases where the trade ID caused accounts to be banned?

Did you see the discussion around closures of TransferWise accounts? I think it happened mostly on Keybase.

But essentially it seemed that TW was able to link Bisq trades together using the trade ID as a reference. This resulted in a number of Bisq users having their accounts closed. It is also what lead to this topic being reignited and the changes made to the latest release.

[Conza88]

Have there been actual cases where the trade ID caused accounts to be banned?

It's strongly suspected. Transferwise mass account deactivations. Above analyses for e.g. Spain, where approx 40% of standard descriptions are blank.

I don't agree on the point, that I as a seller have the possibility now to define the trade rules. The buyer can initiate the payment as soon as it is confirmed on the block chain. I would have to contact him before.

One proposal was having an "Alternate Trade ID" field that the seller could specify as maker, and then the taker could choose to use or not. That would be post taking offer. For a variety of reasons, it was shifted to no trade ID.

If offers were to specify BEFORE what trade ID they wanted to be used etc, I think that'd do far more to discourage offers being taken in the first place, with no possibility of providing feedback to maker (seller). "Hey, I want your offer but I don't like the TRADE ID you want me to use, it sucks etc."

At least post taking - there's more likelihood trade goes through in an acceptable way for both.

As a buyer, I often ask the seller before sending if they want me to use a reason or blank. Perhaps having a checkbox when making the offer "Please consult about 'reason for payment' before sending" would assist? That way it is known/communicated if maker just wants it sent asap and does not care about a reason for payment field... OR if they are bulk trader, want something in there.

Worst case though, taker sends fiat before discussing. Can just get him to chargeback/cancel it, and re-do.

[Jul3k]

No. I have missed that. I just can't wrap my head around how a bank would match a reason for payments to Bisq with a regex like: It can contain numerals, or letters and can be separated by dashes or dots or spaces at any position. This must also match every reason for payments ever stated.

[Conza88]

No. I have missed that. I just can't wrap my head around how a bank would match a reason for payments to Bisq with a regex like: It can contain numerals, or letters and can be separated by dashes or dots or spaces at any position. This must also match every reason for payments ever stated.

I suspect its likely volume that may initially trigger an investigation into an account - but then upon looking into the account, the banks/fintech see's there is a ton of other random numbers/letters transactions to all these other accounts. Super suspect. They then follow the trail and rope in everyone linked.

There were some that were only given a warning and likely had other transactions NOT with trade ID's but using the service for other stuff.

Ergo, by NOT displaying the "TRADE ID's" (random letters/numbers) but allowing for "real" / "no" "reason for payments" descriptions, it is ALL ELSE BEING EQUAL assumed to be harder for banks/fintech to assume these are decentralised exchange trade and thus more likely to go unnoticed/not deactivate in bulk.

Perhaps the volume trades by someone still triggers an investigation but if the response is "services rendered" or something like that, it makes it less likely they can rope in everyone else. Perhaps it has little impact. We will see. In any case, TW put through massive volumes very swiftly and was global liquidity - very suitable to Bisq. This is a pivot in that regard and hopefully it works. Or hopefully Strike Global / Lightning change the game and that becomes the standard lol.

[pazza83]

No. I have missed that. I just can't wrap my head around how a bank would match a reason for payments to Bisq with a regex like: It can contain numerals, or letters and can be separated by dashes or dots or spaces at any position. This must also match every reason for payments ever stated.

With TransferWise all payments where TW-TW.

TransferWise were aware of people using Bisq for payments either though it's promotion on Twitter or other social media, or a user contacting support for help with a payment for Bitcoin!

How to make a payment is documented here for all to see: https://bisq.wiki/TransferWise

TW-TW payments are not promoted heavily by TransferWise, therefore, it would not be hard for them to run a list of all payments made in a given period using this method and look for payment reference than would be indicative of Bisq Trade ID numbers.

TransferWise have no obligation to provide services to anyone, therefore, if they feel they are using their TransferWise account to trade BTC it is easy for them to warn or ban them. This is what happened. Over a couple of days at least a dozen Bisq users when warned or banned.

I also suspect Revolut has banned people based on a review of their accounts due to the Trade IDs.

[Jul3k]

If TW is so arbitrary in their banning of people, don't you think they will do the same when no reason for payment is specified? I looked at their business model and they have an interest in a balanced cash flow between countries in order to keep their own exchange fees low. I suspect it was this imbalance of cash flow that draw their attraction to Bisq and might also be the reason they banned people (not just because they hate bitcoin). They well continue to look for accounts showing a strange cash flow and users selling high volumes on Bisq will still trigger that. As you suspected before, if you have one big account that triggers investigation I do not think they will stop banning/warning all the people that traded with this account if every single transaction has no reason for payment. Anyway those are separate issues. For SEPA transfers it was certainly good to have the reason for payment field for the following reasons:

• The account number is not always visible so we have to rely on the name for verification
• Name and or account may not match because a different account is used to send money
• It makes associating payments to trades easier
• It makes charge backs harder
• It generates some information at the moment of accepting the offer which makes triangle attacks more difficult
• It might be less suspicious than having none. (I feel more likely to be investigated why I receive 10 payments a day without reason of payment, when they thought before "Ah, ok this guy is selling stuff on the internet".

[mpolavieja]

If you use bisq a lot with the same bank and receive / send a lot of payments, then you are a honeypot for the bank and sooner or later they will look at your activity, and probably link it to your trading peers. Centralization will always be a problem in any p2p protocol.

In the scam @Jul3k describes, while it would be true that tricking the buyer to include the trade-id into the payment reason makes the scam a bit harder, I don't think it would be that difficult.

IMO, having no payment reason is less suspicious as there are a lot of payments with no reason. Moreover, the anonimity set is much larger because a blank reason is fungible. The set of specific payment reasons is not fungible.

[mpolavieja]

I would like also to emphasize that including a reason for payment that tries to hide the transaction can be a problem. If you are not comfortable to disclose any kind information, the best option is always not to disclose it. Much better than trying to disguise that information with other information.

[pazza83]

If TW is so arbitrary in their banning of people, don't you think they will do the same when no reason for payment is specified?

I think the absence of the trade ID will make it harder, hopefully impossible, for them to link Bisq payments.

Anyway those are separate issues. For SEPA transfers it was certainly good to have the reason for payment field

I agree it was useful, but I think removing Trade ID is the better option to enable Bisq users to have a reduce risk of accounts being closed / frozen.