Banned payment accounts

[ghost]

Description

I was using debugger and saw a lot of records in filterManager.getFilter().getBannedPaymentAccounts(). Most of them contains sensitive data like email, username, phone etc. I'm pretty sure I didn't set them manually, so probably they were propagated via P2P network. It seems to be a security issue.

Version

1.8.6

Steps to reproduce

Not reproduceable via UI. Use debugger, stop somewhere where filterManager is available and check filterManager.getFilter().getBannedPaymentAccounts()

Expected behaviour

I'm not sure - propositions:

• remove banned payment accounts filtering at all,
• not propagate this data via P2P - only locally,
• use different field to recognize account (salt?) or use hashing to make this data anonymous

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[github-actions]

This issue has been automatically closed because of inactivity. Feel free to reopen it if you think it is still relevant.

[pazza83]

Hi a user has brought this up again.

@alvasw please can you let me know if a solution is feasible

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[pazza83]

Hi @jmacxx is this something you would be able to take on?

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[github-actions]

This issue has been automatically closed because of inactivity. Feel free to reopen it if you think it is still relevant.