You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When you scan the QR code to fund your Bisq wallet, using the defaults, it sets a description of "Fund Bisq wallet"... or at least it does when you send from Mycellium.
Presumably this is done using the payment protocol, but it leaks information. That payment protocol transfer is clear text. Easily intercepted on the network. Correlation of metadata then lets an attacker know that you are using Bisq, and how much your wallet is funded by. If it is a big amount, you become a target.
I suggest that using the payment protocol becomes optional. Just a QR code of the receiving address should be the default setting.
The text was updated successfully, but these errors were encountered:
No that is not done with the payment protocol but the Bitcoin URI can contain a message, so it is just part of the QR code and only shared between Bisq and the scanning wallet.
Beside that you can copy / paste the address as well.
Ok - and using a QR code, that is not via the IP network. Good...
BUT - I would rather not have any description stored in my phone. Phones are insecure and subject to seizure/theft. Copy/paste does not work from a desktop (Bisq) to a phone. Only on the same device,
I have found a weird different solution.. Install Electrum and restore the Mycellium seed. Then you have a wallet that exists as a dual view. One on the phone, the other on the desktop - but just one wallet.
Still playing with that approach to see if there are any traps... but cut/paste to Electrum would work
When you scan the QR code to fund your Bisq wallet, using the defaults, it sets a description of "Fund Bisq wallet"... or at least it does when you send from Mycellium.
Presumably this is done using the payment protocol, but it leaks information. That payment protocol transfer is clear text. Easily intercepted on the network. Correlation of metadata then lets an attacker know that you are using Bisq, and how much your wallet is funded by. If it is a big amount, you become a target.
I suggest that using the payment protocol becomes optional. Just a QR code of the receiving address should be the default setting.
The text was updated successfully, but these errors were encountered: