Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question about Bisq's SPV bloom filtering algorithm and Monero full node #4570

Closed
scottcarter2020 opened this issue Sep 29, 2020 · 8 comments
Closed

Question about Bisq's SPV bloom filtering algorithm and Monero full node #4570

scottcarter2020 opened this issue Sep 29, 2020 · 8 comments
Labels
a:discussion re:Bitcoin re:privacy

Comments

@scottcarter2020
Copy link

Hello,

As far as I know, Bisq is using SPV bloom filtering algorithm.

By using SPV bloom filtering algorithm, I'm not trusting a third party, but I'm pretty much leaking all my information to blockchain analysis and surveillance companies.

What is the team official reply to this article, https://jonasnick.github.io/blog/2015/02/12/privacy-in-bitcoinj/ ?

And does Bisq use a Monero full node by default, as if not, there must be huge network level leaks on the Monero side too.

Thanks.
@boring-cyborg
Copy link

boring-cyborg bot commented Sep 29, 2020

Thanks for opening your first issue here!

Be sure to follow the issue template. Your issue will be reviewed by a maintainer and labeled for further action.

@chimp1984
Copy link
Contributor

chimp1984 commented Sep 29, 2020
edited

That paper and the bloom filter problematic is long know to Bisq devs. The main mitigation we did was that Bisq connects only to Bitcoin nodes operated by Bisq contributors (bonded roles). Of course there is still a trust issue, but Bisq contributors have a incentive to not sell off user data to chain analysis companies and hurting their own investment.
If users run a local unpruned node it automatically connects to that node only. This is the best option.

We investigated alternatives but at least back then (#1062 (comment)) there have not been any feasible candidate. Getting away from BitcoinJ is still a goal but resource/budget restrictions are a unfortunate reality we have to deal with as well.

See:
#1062
#414
#487

Regarding Monero:
I assume you refer to the auto-confirm feature. The exolorer nodes are hosted by Bisq contributors as well and they run full nodes.
Otherwise Bisq has nothing to do with the XMR blockchain. It is up the XMR trader to send XMR and check receipt.

@scottcarter2020
Copy link
Author

Thank you for your answer, chimp1984.

Regarding Bitcoin:

What kind of information I may leak if I configured Bisq to connect to my local node ?

Regarding Monero:

Could I configure Bisq to connect to my local node ?

What kind of information I may leak if I configured Bisq to connect to my local node ?

Thanks.

@cd2357
Copy link
Contributor

cd2357 commented Sep 29, 2020
edited

@scottcarter2020 There are two ways to connect to your own bitcoin node:

  1. run a local unpruned node on the same host as Bisq, and
  2. you can tell Bisq to only connect to one (or a list of) bitcoin nodes under your control, or that you trust. In this case, they don't have to run on the same host as Bisq. You can configure this under Settings > Network info > Bitcoin network.

Not sure what is leaked to the Bisq network if you use your own bitcoin node, I assume only the payout address and the trade-related transactions (pay deposit and fees tx, payout tx). And even then, I think this is only visible to the parties involved in the trade, plus evtl mediators. Someone with more knowledge here please correct me if I'm wrong.

@scottcarter2020
Copy link
Author

Thank you for your answer, cd2357.

Would like to hear from @chimp1984 again.

And what @wiz and @ripcurlx could say about this ?

@wiz
Copy link
Member

wiz commented Sep 30, 2020

You're welcome to use my Bitcoin nodes or block explorer website, but if privacy is a concern then I would you suggest to setup a Raspberry Pi at home to run your own Bitcoin or Monero nodes, and configure your Bisq node to use those instead.

@chimp1984
Copy link
Contributor

From BitcoinJ bloomfilter side you have the issues resolved if you use a loca node. In Bisq all network traffic goes over tor (only exception is in-app download but you dont need to use that).
The main issue remaining is to not link together all your trade on the blockchain by using outputs of one trade as input for the next. This is not as trivial to achieve if you dont seperate each trade at funding and withdrawing at the end.
So if you fund a bisq trade from external wallet with untainted coins (e.g. out of wasabi) and then when trade comleted to send it out again to wasabi or a separated wallet your trades are not connected on the blockchain.
But it is all relative, even if your trades get connected one can derive that one entity has traded x times on Bisq but does not know the identity as long you are not trading fiat where the peer will see your payment method data and thus get some link to your real life ID. But that is only visible to the peer. If you trade altcoins it depends on your behaviour on the altcoin chain as well how much the altcoin provides privacy. XMR is clearly the best in that regards.

Privacy is not a binary thing, and things get quickly pretty complex....

@cd2357
Copy link
Contributor

cd2357 commented Oct 13, 2020

@ManfredKarrer wrote a more comprehensive blog post about this some years ago: https://bisq.network/blog/privacy-in-bitsquare/

Closing this, as it's been answered.

@cd2357 cd2357 closed this as completed Oct 13, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
a:discussion re:Bitcoin re:privacy
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@wiz @cd2357 @chimp1984 @scottcarter2020