bisq icon indicating copy to clipboard operation
bisq copied to clipboard

Published 20 hours ago verified publisher icon bisq-network

Solicitation for Feedback After Trade Could Lead to Information Leak to Google

Open qxotk opened this issue 4 years ago • 11 comments

Description

When a trade completes, there is a popup soliciting feedback from the trade participant. Choosing to give that feedback opens a new browser window with a link to a Google Form.

The link that opened when I chose this option today had the form:

h t t p s : // docs.google.com / forms/ d / e/ 1FAIpQLSczA...51664090416 (link URL purposefully obscured/incomplete)

It seems to me as a user of Bisq that it would not be aligned with the mission of Bisq to use tools from Google, a service that I believe does not commit to a reasonable amount of privacy when their (fake) "Free" tools are used.

In addition to the above, if a user allows themselves to be contacted, and they input an email address into the form, then this information would also be revealed to Google.

Version

v1.6.5

Steps to reproduce

Unfortunately, I am not able to run another transaction at this time to verify exactly this experience. Perhaps there is a testnet mode for Bisq, in which case it might be possible to reproduce without making an actual transaction.

Expected behaviour

Feedback is provided to Bisq team via secure private communication.

Actual behaviour

Feedback is provided via a 3rd party service that does not guarantee privacy.

Screenshots

Not available at this time (sorry, I wasn't about this at the time of my transaction).

Device or machine

Mac mini (Mid 2011); macOS High Sierra Version 10.13.6; Firefox 89.0 (64-bit)

Additional info

None.

qxotk avatar Jun 20 '21 03:06 qxotk

Thanks for opening your first issue here!

Be sure to follow the issue template. Your issue will be reviewed by a maintainer and labeled for further action.

boring-cyborg[bot] avatar Jun 20 '21 03:06 boring-cyborg[bot]

I apologize in advance for not previously reading through the full discussion on the Feedback feature before posting this. I am going to go back there now and read through it - as it seems that Google Forms was not necessarily the original first choice for that feature, here: https://github.com/bisq-network/bisq/issues/1584

qxotk avatar Jun 20 '21 03:06 qxotk

Having read the full comments on the issue, I see acknowledgement that Google Forms are less privacy-respecting, and that they have better editing capability.

Perhaps a solution to the issue as I have stated it might be to have text or a popup that informs the user that they are being redirected to a Google Form - and that even though the link says it's on bisq.network - they are being redirected away from Bisq.

Another thought - and I have no experience with the code, have no idea if this is even feasible - perhaps the secure chat mechanism for trading partners could be re-used to send feedback securely to some destination - perhaps the moderator of the transaction?

Further, I am that guy that typed in his email address when asked for contact after submitting feedback...I just love Bisq so much (and being somewhat new to Bisq...I went for it, so there - I am that guy.

In my opinion this kind of request is an opportunity for a less-savvy user (like me) to possibly do themselves harm...

To give users an opportunity to leak their personal information seems misaligned with the mission of Bisq.

qxotk avatar Jun 20 '21 04:06 qxotk

Yes, probably a good time to re-visit the alternative options to Google Forms and re-place the link in the website mapping.

ripcurlx avatar Jun 22 '21 14:06 ripcurlx

Here is one suggestion for starters: https://blocksurvey.io/

EDIT: I will create a demo and post it in the comments here for reference.

~~I have not used them yet, but willing to create a sample setup as a demo for the Bisq community.~~

qxotk avatar Jun 22 '21 14:06 qxotk

Is anyone using the info provided from the current Google form?

pazza83 avatar Jun 28 '21 00:06 pazza83

PLEASE DO NOT POST SENSITIVE INFORMATION TO THE DEMO SURVEY BELOW.

Here is a demo survey using blocksurvey.io:

https://blocksurvey.io/survey/1FJ7wP5betrAfdmKV7jaQPveZPRvbWSqAE/05fb6f4d-e011-492a-b0a3-0696bb31ae42

I am the only person with access to the clear-text results - as results are encrypted end-to-end and not accessible to blocksurvey.io

qxotk avatar Jun 28 '21 20:06 qxotk

Is anyone using the info provided from the current Google form?

In the past I provided a compilation for everyone, but recently I only review them myself every now and then to read some quality user feedback.

ripcurlx avatar Jun 29 '21 07:06 ripcurlx

https://cryptpad.sethforprivacy.com/ https://apps.nextcloud.com/apps/forms

apemithrandir avatar Mar 23 '22 01:03 apemithrandir

If someone is providing a more privacy friendly form, it shouldn't be a problem to adapt the link https://bisq.network/survey.

ripcurlx avatar Mar 24 '22 09:03 ripcurlx

Who is looking at the actual form data? Feedback?

I would be keen to do a review.

Conza88 avatar Mar 29 '22 00:03 Conza88

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] avatar Sep 23 '23 00:09 github-actions[bot]

This issue has been automatically closed because of inactivity. Feel free to reopen it if you think it is still relevant.

github-actions[bot] avatar Sep 30 '23 00:09 github-actions[bot]