To write a spider web log post most privacy inwards Bisq has been already a long fourth dimension on my TODO list.
One argue why I postponed it for so long was that I tried to cook the weaknesses rather than to explicate such complicated materials to a broader (potentially non-technical) audience.
But equally nosotros nevertheless don't induce got the resources to cook the primary outcome (see department below most the BitcoinJ blossom filter) I desire to explicate the background of the outcome together with suggest the solution how y'all tin dismiss protect your privacy fifty-fifty inwards the presence of that existing weakness.
Beside that I desire to give an overview most unlike areas where privacy is relevant inwards Bisq.
I intend nosotros induce got already achieved a rattling high aeroplane of protection of user's privacy. We tin dismiss practise nevertheless improve together with are working on farther improvements.
But the primary finish of that article is to give those who bring privacy serious plenty background together with guide them how they tin dismiss larn out the most from Bisq.
Be warned, that spider web log post volition live on a chip technical. Privacy is a complex topic together with requires some basic agreement most how Bitcoin transactions work.
So let's larn started.
One expanse where privacy plays an of import purpose is how the information betwixt the peers are transferred.
Privacy inwards the P2P network
We usage Tor (hidden services) for the P2P network.
With Tor nosotros larn a rattling high aeroplane of privacy on the carry layer. So in that place are no IP addresses visible which could live on used to position a trader. As nosotros usage hidden services nosotros fifty-fifty don't induce got the outcome that the travel out nodes are a critical bottleneck inwards Tor.
In Bisq in that place are mainly 2 unlike types of messages:
- Broadcast messages (e.g. offers are broadcasted to all peers)
- Direct messages (e.g. 2 peers are communicating straight inwards the merchandise process)
In the source illustration the messages are non encrypted equally all users postulate to live on able to read the offers. The solely identifying information included inwards an offering is the onion address of the offer-maker. That is required to contact him when ane wants to bring the offer.
The direct messages are sent straight to the other peer together with are encrypted together with signed inwards Bisq. Beside that it is encrypted equally good on the Tor layer.
Though in that place are some things which needs to live on considered – fifty-fifty alongside Tor.
The repeated usage of the onion address carries a potential privacy concern: Onion addresses of offers together with trades could live on used to map together an identity.
But that privacy leak to the trading peer tin dismiss live on also seen equally a characteristic – together with is truly used equally such:
The modest picture on the correct of an offering entry or merchandise shows the onion address, whether y'all induce got traded already equally good equally the nr. of trades. This form of "P2P reputation" (only y'all larn the information most the information which y'all induce got anyway inwards the app from past times trades – in that place is no centralized information collection) tin dismiss live on useful to easily position traders alongside which ane has traded already.
You tin dismiss fifty-fifty tag a peer alongside arbitrary text similar "Fast trader" (this information is solely used inwards the orbit of your local application).
Edit peer info
Tooltip
There mightiness live on unlike opinions if the re-use of the onion address for all offers together with trades is positive (can live on used for reputation) or if it is considered negative inwards regards to privacy.
Future improvements
In hereafter versions nosotros desire to come inwards possible to reset your onion address (in the settings).
There mightiness live on some other choice that nosotros usage sort onion addresses for each offer. But that mightiness live on resources heavy equally multiple Tor circuits postulate to live on maintained, multiple hidden service published (takes most thirty sec. – that is the delay at the application startup) together with volition complicate code equally well. So this is non considered for the close future.
Beside that nosotros volition back upwards an optional GPG key which tin dismiss live on used for reputation.
In the adjacent version nosotros volition add together this already on the information layer, though it is non implemented yet inwards the UI. With that key nosotros could construct a reputation arrangement where a user tin dismiss proof alongside his signature that he is the originator of sure enough offers or trades if he wants to together with to whom he wants to.
That agency nosotros decouple the network ID alongside reputation together with users tin dismiss select if they desire to construct upwards a long term reputation at the terms of loss of some privacy to the trading peer or if they prefer to non usage reputation together with inwards illustration of network ID renewals the offers together with trades cannot live on associated to ane identity.
What tin dismiss y'all practise now?
For users who don't desire to connect potentially all their offers to ane identity it is recommended to create a novel information directory from fourth dimension to fourth dimension (you must non induce got opened upwards offers, trades or disputes) or to usage a computer programme declaration (e.g. –appName=Bisq-2) so a novel information directory alongside that given advert volition live on created together with y'all tin dismiss run multiple instances of Bisq inwards parallel which are completely unrelated (that setup is used past times developers equally well).
Summary
The usage of the network ID (onion address) mightiness live on seen equally privacy weakness but to induce got a long term ID is a requirement for reputation.
In hereafter nosotros volition decouple that past times using an optional GPG key for reputation together with enable renewal of the onion address.
Privacy inwards Fiat trades
When the users are trading Bitcoin alongside a national currency the transfer of the Fiat currency requires unremarkably some personally identifying data.
With a banking concern transfer it is typically the advert together with the banking concern line organisation human relationship number. With other payment methods it mightiness live on an e-mail address or telephone number (e.g. ClearXchange, Interac, Swish,…). Only alongside OKPay together with PerfectMoney an line organisation human relationship number lonely is sufficient. But fifty-fifty in that place the line organisation human relationship is unremarkably verified inwards the registration procedure at the payment provider so the fellowship knows the existent life identity behind that line organisation human relationship number.
It is of import to sympathise that only the trading peer volition come across that line organisation human relationship data (the advert inwards the illustration of a banking concern transfer) as good equally the arbitrator inwards illustration of a dispute. In all trades which are non disputed, the arbitrator has no access to this data. The line organisation human relationship information is solely stored locally on your computer.
The Fiat receiver needs to expose his banking concern information to the other peer, otherwise the Fiat sender could non transfer the money. The Fiat sender unremarkably also gets exposed past times the receiving banking concern equally most banks exhibit the advert together with banking concern line organisation human relationship nr. of the sender inwards the transaction history.
There is some other of import argue why nosotros commutation the line organisation human relationship information inwards both directions: There are some known social engineering scams where a BTC seller receives the Fiat money from a victim who got tricked into a buy at some Ebay-like platforms but the victim never receives the purchased good. The scammer gives the victim the banking concern line organisation human relationship nr. of the BTC seller, the BTC seller receives the Fiat together with and so releases the BTC to the scammer. After a few days the victim discovers that he got scammed, goes to the law together with likely requests a banking concern chargeback. The seller gets inwards problem to explicate that he was non the scammer together with likely accepts the chargeback to avoid to a greater extent than hassles.
Luckily that never happened at Bisq but nosotros postulate to live on careful non to attract such scammers. To protect against such fraud nosotros require the Fiat receiver to solely loose the BTC if the banking concern information inwards the Bisq application is matching alongside the information on his banking concern statement, otherwise he needs to opened upwards a dispute.
Planned improvements
The payment line organisation human relationship information (e.g. banking concern line organisation human relationship number together with advert inwards illustration of a banking concern transfer) could live on encrypted past times default when the information is exchanged alongside the arbitrator inwards illustration of a dispute. In most cases the arbitrator does non require the information so the traders privacy is improve protected. Only inwards those rare cases when the arbitrator needs the information for the dispute resolution procedure he tin dismiss asking the decrypted information from the trader.
Summary
The exposure of the banking concern line organisation human relationship information to the other peer (and arbitrator inwards illustration of a dispute) is a necessary requirement when a Fiat transfer is involved. In hereafter releases nosotros mightiness add together an improvement that the arbitrator does non come across the line organisation human relationship information past times default together with has to asking it from the trader if needed.
Avoiding money merge
The returned alter amount when funding an offering and/or merchandise equally good equally the funds y'all larn out from a completed merchandise are re-used for other trades if y'all select to usage the Bisq internal wallet. This connects the trades at the Bitcoin transaction graph level.
To avoid that, y'all postulate to fund each offering independently from an external wallet together with withdraw the funds at the terminate of the merchandise to an external wallet. Of course of didactics y'all postulate to bring tending that y'all don't leak your privacy alongside coin merge ane time again inwards the external wallet (you tin dismiss usage multiple external wallets equally good to brand that easier).
UI-wise that strategy is fully supported inwards Bisq (in fact it was the solely choice initially) but nosotros are aware that most people prefer the to a greater extent than convenient usage of the internal wallet to re-use bitcoins from ane merchandise for funding the adjacent trade. Unfortunately in that place is no adept solution to combine both convenience alongside privacy here.
To offering a tool (similar to money command inwards Bitcoin Core) to allow the user create upwards one's hear which unspent transaction outputs (UTXO) should live on used for funding an offering or merchandise mightiness assist to mitigate the problem. But in that place is some complexity together with difficulty involved to create upwards one's hear which UTXO to usage equally good the occupation that oftentimes y'all don't induce got plenty options to select from. So that approach does non aspect similar a viable strategy to solve that issue. It is a conceptual occupation from the agency how transactions are connected inwards a graph inwards Bitcoin.
Coinjoin is ane of the rattling few strategies to fighting that issue. We induce got stone oil plans to either add together Coinjoin to Bisq inwards future, integrate an external Coinjoin implementation inwards a user friendly mode or discovery some other solution alongside an automated merchandise to an Altcoin which has strong privacy protection built inwards at the protocol aeroplane similar Monero or Zcash.
Hopefully nosotros volition come across to a greater extent than privacy improvements similar Confidential transactions integrated to Bitcoin equally well.
Summary
If y'all desire strong privacy y'all postulate to fund each merchandise independently together with withdraw the funds from a completed merchandise to an external wallet where y'all induce got to bring tending to non merge the coins ane time again (which is non easy).
Privacy inwards the Bitcoin network
The connectedness to the Bitcoin network (we usage BitcoinJ which uses the SPV model) is past times default over Tor (we usage a mix of connections to clear-net total nodes which are passing the Tor travel out nodes together with total nodes running equally hidden services, thus never exiting the Tor network). The user tin dismiss exceed a computer programme declaration to usage a custom Bitcoin total node equally well. Alternatively a locally running Bitcoin node (localhost) tin dismiss live on used. The Bisq application discovers that local node automatically together with uses it equally the solely node for the Bitcoin network connection. So no configuration is required.
The users who don't run their ain total Bitcoin node are exposed to a severe privacy leak inherited from the broken BitcoinJ blossom filters12. I tried to cook the most critical flaws3 but unfortunately it turned out that it requires to a greater extent than attempt to cook that4. So the blossom filters are nevertheless leaking considerable information to total nodes (in illustration those are operated past times chain analysis companies spying on the network).
What is leaked: Influenza A virus subtype H5N1 spying total node volition discovery out quite easily that all the addresses created past times the hard disk wallet (about 1300) are from ane wallet (belongs to the same owner).
They don't come across the IP address equally nosotros usage Tor (with other BitcoinJ wallets fifty-fifty the IP address is leaked). If ane of those addresses is connected to the existent life identity of the user all the other addresses are de-anonymized equally good (derived from the fact that all come upwards from ane wallet – same owner).
Revealing a existent life identity tin dismiss hap easily if y'all usage ane of your wallet addresses for whatsoever service where y'all induce got to register alongside your ID (centralized exchanges, merchants,…). Even if y'all don't leak whatsoever Bisq address, alongside to a greater extent than sophisticated graph analysis using typical usage patterns (e.g. coin merge) it tin dismiss hap easier than expected that y'all lose your privacy.
So don't await privacy on the Bitcoin aeroplane unless y'all run your ain total node or y'all truly know what y'all are doing together with are aware of all the pitfalls.
We induce got some bounties opened upwards inwards that expanse together with nosotros consider this a high priority outcome which hopefully gets solved soon. Any developer experienced alongside BitcoinJ is rattling welcome to come inwards touching alongside us!
Unfortunately the blossom filters are broken also on the pattern level, but to cook the implementation flaws would give us at to the lowest degree some aeroplane of improvement (and homecoming the attempt for the spies higher equally good equally trim back the character of their information due to a higher score of incertitude – though in that place mightiness live on controversial opinions most that).
That said, y'all should non live on tempted to assume that the privacy problems of blossom filters are fixed after the BitcoinJ blossom filter implementation flaw is fixed.
To larn a novel blossom filter pattern implemented together with deployed to Bitcoin Core is unfortunately something nosotros cannot await to hap soon. There are a few interesting efforts inwards that management but I am non aware that anyone is working on that567.
But in that place is some other rattling promising solution on the horizon: To usage a Bitcoin Core node inwards SPV mode8. Jonas Schnelli is working on that together with nosotros consider to supersede BitcoinJ past times that equally presently it is production ready together with nosotros induce got plenty dev resources to implement it.
So what tin dismiss a user practise inwards the electrical flow province of affairs to larn a protection against those spying total nodes? As said initially the solely protection is to run your ain total node, either locally (then Bisq connects past times default to it) or y'all exceed the IP address to your node (or a trusted node y'all know) via a computer programme declaration (—btcNodes=[comma separated IP addresses]).
But it is of import to practise that already at the first startup together with always. One connectedness to earth Bitcoin network tin dismiss live on plenty that y'all larn connected to a spying node together with your privacy is leaked (only a novel information directory which creates a novel wallet volition assist together with so – inwards our GitHub wiki in that place are instructions how to practise that).
To communicate that complicated outcome past times displaying a popup at the source Bisq startup would live on besides confusing together with overstraining for most users.
One possible compromise mightiness live on to usage past times default a white-list of trusted total nodes. The user tin dismiss alter to run his ain local or remote total node, usage his ain listing of trusted nodes or usage earth Bitcoin network. As explained to a higher house it must already live on taken tending of at the source startup, so to usage earth network equally default would require a popup explaining the complex topic. To usage a white-list of trusted nodes compiled past times the Bisq developers introduces centralization together with trust issues. Though I intend that is less critical equally the user tin dismiss alter afterward to earth network without whatsoever damage, which is non truthful for the other management (first world together with so trusted nodes).
This is clearly controversial together with non an optimal solution at all, but mightiness live on preferable to the electrical flow nation where everyone is leaking potentially (and I assume to a high probability) their privacy. We induce got non decided to become that route yet, but it is inwards discussion.
Though equally said to a higher house a SPV Bitcoin node would live on likely the solution nosotros volition become mid-term together with that would solve that outcome anyway.
Summary: For achieving privacy protection on the Bitcoin network aeroplane y'all postulate to run your ain total node. We are trying to cook the implementation flaws inwards BitcoinJ but unfortunately blossom filters are already broken on the pattern aeroplane so nosotros volition never larn proper privacy alongside the electrical flow blossom filters (Bitcoin side). Alternatively nosotros could render a white-list of trusted total nodes together with usage that equally default instead of the connectedness to earth network. This is a problematic approach equally good together with nevertheless inwards discussion.
The mid-term finish is to usage a SPV Bitcoin node integrated inwards Bisq (similar similar nosotros usage the Tor binary). For the user that would live on transparent together with the usability comparable alongside the electrical flow BitcoinJ SPV model. That would non solely solve the blossom filter outcome but also other weaknesses of BitcoinJ's SPV model (e.g. no validation of consensus rules; inwards illustration of a hardfork alongside Bitcoin Unlimited it would follow automatically the longest prisoner of war chain).
Conclusion
Those who tending most privacy, bring the fourth dimension to sympathise the complex context 91011 together with are willing to bring the burden to run a total node equally good keeping the funding of trades independent to avoid money merge, tin dismiss usage Bisq alongside a rattling high aeroplane of privacy protection. The others are likely leaking their privacy already inwards many other areas equally good so Bisq does non truly brand their exposure worse.
This is non a satisfying province of affairs though equally nosotros desire to render privacy past times default inwards a user friendly manner. Convenience together with privacy are unfortunately oftentimes hard to combine. But nosotros volition proceed to run to discovery the best solutions to solve those electrical flow weaknesses.
With all that said nosotros induce got to emphasize that Bisq has already archived a rattling high aeroplane of privacy protection together with clearly outperforms whatsoever other Bitcoin exchange inwards that matter.
- No registration required. No centralized information collection.
- We usage Tor past times default for all network traffic. So your IP address never larn leaked!
- Our UI supports money merge avoidance.
- Bisq uses a hard disk wallet. No address re-use
- There volition live on hereafter improvements to decouple the network ID alongside an optional reputation key.
- Once nosotros tin dismiss usage a SPV Bitcoin Core node instead of BitcoinJ nosotros larn rid of the blossom filter problem.
Protection of privacy is non solely a core value of Bisq but nosotros come across it also equally a fundamental belongings of money to accomplish fungibility. Bitcoin together with the surrounding infrastructure (like exchanges) postulate to improve inwards that expanse so Bitcoin tin dismiss develop it's total potential equally audio money. Sound money for a audio society. Protection of privacy has to live on the default nation for all, non only a privilege for techies together with geeks.
America's founding fathers induce got been to a greater extent than aware of this than today's retarded politicians. As nosotros cannot await much back upwards from that side, let's construct our novel model equally nosotros intend it should aspect similar together with brand the retarded model obsolete.
References
[
Telegram Channel |
Original Article: ]