Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clear payment account payload info from closed trades. #6001

Merged
merged 1 commit into from Feb 1, 2022
Merged

Clear payment account payload info from closed trades. #6001

merged 1 commit into from Feb 1, 2022

Conversation

ghost
Copy link

@ghost ghost commented Jan 28, 2022
edited by ghost
Loading

  • Removes sensitive payment account information and trader chat messages from closed trades and disputes.
  • User can specify in preferences how long to wait before the information is removed, defaults to 20 days.
  • The feature is enabled after the user clicks I UNDERSTAND shown in the dialog below.

Closes #5396

Screenshots:

image

Settings:

image

The highlighted payment account details get removed:

image

Trade contract showing payment account information removed.

image

image

Invocation:

The list of closed trades need to be occasionally evaluated to see if any are eligible for having their sensitive data cleared. This is primarily done at app initialization, but also is done periodically whenever a trade is added to the list shown in portfolio history. That is to handle the case of clients which do not restart daily.

Likewise, the list of dispute tickets is evaluated at initialization and also whenever a dispute ticket closed message is processed.

Whenever the evaluation is done, the following log messages are written:

INFO  b.c.t.ClosedTradableManager: checking closed trades eligibility for having sensitive data cleared 
INFO  b.c.s.dispute.DisputeManager: ArbitrationManager checking closed disputes eligibility for having sensitive data cleared 
INFO  b.c.s.dispute.DisputeManager: MediationManager checking closed disputes eligibility for having sensitive data cleared 
INFO  b.c.s.dispute.DisputeManager: RefundManager checking closed disputes eligibility for having sensitive data cleared

If any actions are taken, they are logged, for example:

INFO  b.c.trade.model.bisq_v1.Trade: cleared sensitive data from contract;contractAsJson; of trade rfvUYPIx 
INFO  b.core.support.dispute.Dispute: cleared sensitive data from chat messages; of dispute for trade IOAMZBWH

@pazza83
Copy link

pazza83 commented Jan 29, 2022

Hi @jmacxx thanks for sorting this out.

just checking trades in mediation and arbitration will not count as completed trades?

Assuming mediated trades are completed once payout occurs.

What about arbitrated trades? What point do these become completed after payment is made to donation address?

@pazza83
Copy link

pazza83 commented Jan 29, 2022
edited
Loading

Also just wondering how this would affect how a duplicate offer creation when a previous offer has had their payload info removed?

@ghost
Copy link
Author

ghost commented Jan 29, 2022

Answering your questions @pazza83 :

just checking trades in mediation and arbitration will not count as completed trades?
Assuming mediated trades are completed once payout occurs.

Correct, only trades that are Closed are considered.

What about arbitrated trades? What point do these become completed after payment is made to donation address?

Same, they transition to Closed once the arbitration ticket has been closed.

Also just wondering how this would affect how a duplicate offer creation when a previous offer has had their payload info removed?

No effect as offers do not contain account payloads or contracts, only trades do.

There's some work remaining to sanitize account payloads from closed dispute tickets which looks like the implementation will need refactoring, so moving this back into draft for a couple of days.

@ghost ghost marked this pull request as draft January 29, 2022 03:40
@pazza83
Copy link

pazza83 commented Jan 30, 2022

No effect as offers do not contain account payloads or contracts, only trades do.

Just so I am clear, I am assuming the payload is link to the local payment account (trading account) used to fund the trade?

When an offer moves to 'history' currently it still has the information associated to what payment account (trading account) was used to fund the trade associated to it. Will that still be the case once the payload has been cleared?

What I am getting at is once the trade contract details have been cleared, a local user should still not be able just to right click duplicate on a historic trade to see what local payment account (trading account) was used to fund the trade.

@ghost
Copy link
Author

ghost commented Jan 31, 2022

I think we still want to maintain the ability to duplicate an offer as it is quite frequently used.

Severing past offers' makerPaymentAccountId link to the account used would make duplicating an offer more of a multi-step process similar to offer entry, and is not what this PR is about.

What is being done here is removing counterparties personal information from each Bisq instance. Yes it also removes copies of your own personal information from trades, which is good too.

@ghost ghost marked this pull request as ready for review January 31, 2022 21:14
@ripcurlx ripcurlx added this to the v1.8.3 milestone Feb 1, 2022
ripcurlx
ripcurlx approved these changes Feb 1, 2022
View reviewed changes
Copy link
Contributor

@ripcurlx ripcurlx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK - Code changes are looking fine 👍

@ripcurlx ripcurlx merged commit 8a846c4 into bisq-network:master Feb 1, 2022
@pazza83 pazza83 mentioned this pull request Feb 10, 2022
Closed
This was referenced Feb 21, 2022
Closed
Merged
ripcurlx pushed a commit that referenced this pull request Feb 21, 2022
@ripcurlx
Get payment method ID from offerPayload.
2bdfa52 
Was getting an NPE with closed trades older than v1.7.0.
makerPaymentMethodId was new at that point (null for older trades).
makerPaymentAccountPayload can be null for trades where we have
removed account info for privacy reasons (see #6001).
The payment method ID can always be obtained from offerPayload.
@ripcurlx ripcurlx mentioned this pull request Feb 23, 2022
Closed
@ripcurlx
Copy link
Contributor

ripcurlx commented Feb 24, 2022
edited
Loading

Bildschirmfoto 2022-02-24 um 11 25 20

@jmacxx I think we should add an empty state to the chat popup if all messages have been deleted. Otherwise it looks like an error if someone doesn't remember this privacy feature. WDYT?

@ripcurlx
Copy link
Contributor

Bildschirmfoto 2022-02-24 um 11 25 20

@jmacxx I think we should add an empty state to the chat popup if all messages have been deleted. Otherwise it looks like an error if someone doesn't remember this privacy feature. WDYT?

The additional weird thing about this is that it was a mediation case from today which seems to have lost all chat messages. It only happened on this side of the dispute. The other side still has the messages. Also the arbitrator still sees the messages. Application setting is on the default 20 days.

@ripcurlx
Copy link
Contributor

I do see the expected logs e.g. for 30534

Feb.-09 11:12:16.044 [JavaFX Application Thread] INFO  b.c.s.d.Dispute: cleared sensitive data from contract;contractAsJson;chat messages; of dispute for trade 30534

But not for the recent trade 4900341, so I'm not sure how the chat messages were deleted.

@ripcurlx
Copy link
Contributor

Contract details are still available.

@ghost ghost mentioned this pull request Feb 24, 2022
Merged
@ghost
Copy link
Author

ghost commented Feb 24, 2022

But not for the recent trade 4900341, so I'm not sure how the chat messages were deleted.

I have not come across that issue before. I'm trying to reproduce it, so far not been able to.

I wonder if anything can be seen in your log when it removed the chat messages from 4900341? I would expect a log message about it.

ripcurlx pushed a commit that referenced this pull request Feb 25, 2022
@ripcurlx
Keep first dispute chat msg when clearing sensitive data.
3bc0964 
Fixes #6001 (comment)
ripcurlx
ripcurlx reviewed Feb 25, 2022
View reviewed changes
core/src/main/java/bisq/core/support/dispute/DisputeManager.java
Comment on lines +309 to +310
.filter(e -> e.isClosed())
.filter(e -> e.getTradeDate().toInstant().isBefore(safeDate))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe you want to use:

.filter(Dispute::isClosed)
.filter(e -> e.getOpeningDate().toInstant().isBefore(safeDate))

instead?

@ripcurlx
Copy link
Contributor

But not for the recent trade 4900341, so I'm not sure how the chat messages were deleted.

I have not come across that issue before. I'm trying to reproduce it, so far not been able to.

I wonder if anything can be seen in your log when it removed the chat messages from 4900341? I would expect a log message about it.

ah - I think I know what happened. I might have missed the log, but the trade I've put into mediation was already quite old. So at the moment when the dispute was closed, all chat messages were cleared as you are using the trade date instead of the dispute opening date. See https://github.com/bisq-network/bisq/pull/6001/files#r814853854

@ghost ghost mentioned this pull request Feb 25, 2022
Merged
@pazza83
Copy link

pazza83 commented Mar 12, 2022

Tested this and it works well. Many thanks.

@ghost ghost mentioned this pull request Apr 4, 2022
Merged
This was referenced Jul 6, 2022
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.8.3
Development

Successfully merging this pull request may close these issues.

Encrypt or remove saved trader chats and trade data on local Bisq instances
2 participants
@pazza83 @ripcurlx