(This repository has been suggested in Matrix chat as a place to discuss this issue)
The issue
When setting up an account for National Bank Transfer for Brazil, one of the fields required by Bisq is "Cadastro de Pessoas Físicas" or CPF. This is the Brazilian equivalent of your social security number. This poses a privacy concern for Brazilian users, and at the same time is unnecessary for takers of BTC sell offers - the sender of the fiat transfer does not need to supply their CPF, only that of the receiver. Furthermore, to the best of my knowledge the fiat receiver cannot view the CPF of the sender in their bank transaction details, so it is not used to identify senders, the account number and full name of the sender (also required) already suffice. I.e. Bisq unnecessarily exposes sensitive information from offer takers to offer makers when an offer is taken (and before it is completed).
The taker can effectively bypass this issue by supplying a fake CPF, but the fact that the field is required and that trading rules mandate account information to be accurate discourages honest takers from doing this.
Proposed actions
I would propose one or a combination of the following actions to address this.
In Bisq client account setup screen, specifically for CPF and under National Bank Transfer, add a tooltip to the field mentioning that it does not need to be the actual value only if the account will solely be used for offer taking
Consider adding a note to the following wiki pages mentioning that for National Bank Transfer, Brazilian users need not supply their CPF if the account is only to be used for offer taking
(This repository has been suggested in Matrix chat as a place to discuss this issue)
The issue
When setting up an account for National Bank Transfer for Brazil, one of the fields required by Bisq is "Cadastro de Pessoas Físicas" or CPF. This is the Brazilian equivalent of your social security number. This poses a privacy concern for Brazilian users, and at the same time is unnecessary for takers of BTC sell offers - the sender of the fiat transfer does not need to supply their CPF, only that of the receiver. Furthermore, to the best of my knowledge the fiat receiver cannot view the CPF of the sender in their bank transaction details, so it is not used to identify senders, the account number and full name of the sender (also required) already suffice. I.e. Bisq unnecessarily exposes sensitive information from offer takers to offer makers when an offer is taken (and before it is completed).
The taker can effectively bypass this issue by supplying a fake CPF, but the fact that the field is required and that trading rules mandate account information to be accurate discourages honest takers from doing this.
Proposed actions
I would propose one or a combination of the following actions to address this.
This is in the same spirit as the following wiki page, which deems acceptable using a fake name and address for US Postal Money Order accounts used for offer taking: https://bisq.wiki/US_Postal_Money_Order#Setting_up_a_payment_account_in_Bisq