[WIP] UI of trust (for fiat trades) #80
Comments
|
Maybe better to not use any terminology which includes an rating/evaluation as we can never know if the measurements really led to a 100% trust score... Maybe better to have some categories which associate trust but don't explicit state it like "newby/junior traders", senior trader,... or the gold, silver, bronze categories...? |
|
Yes, trust score might be a little bit misleading. Actually it is more about account verification. The higher the percentage the higher is the probability that the actual account owner is using its own account. Using junior, senior,.. might be misleading as well, as it is just a matter of time and some trades to reach this different levels. Bronze, silver, gold are more neutral from my perspective and could work for our system.
|
|
@pedromvpg So the badge should have sub-icons for:
Maybe the account age could be part of it as in @ripcurlx suggestion with empty, half filled, filled shilds? On rollover/click we should display a small tooltip/popup with all relevant info:
For more background info about the signing see #78. |
|
I like the badges. Only gripe is bronze looks to similar to gold, on my screen. Could we have another badge to explicitly indicate payment accounts that aren't affected by these limitations? Something to indicate which offers can be completed immediately (such a badge could probably be used for DEMO offers too). Would be critical for new users to see what they can do immediately, I think. Would be a good idea too, I think, to have these same badges show in the payment account creation screen so the user can make the connection between offer terms and payment accounts without having to read a lot of documentation. Small idea...maybe we use "account ownership" with degrees of confidence instead of "account verification" since we're not really doing any verification (also 'verification' sounds somewhat final and authoritative, but we don't want to convey that). Might make the intentions of these mechanisms clearer to users. |
|
I am afraid the badges simplify too much. I suggest that a numerical score, even if it looks uglier is better. For example in Localbitcoins you have 2 numbers: nº of trades, % successful.
We could show 4-5 scores for a payment account, for example:
If this messes up the UI too much, maybe it could be graphically summarized but then shown in a popup, mouseover or similar. Most importantly the focus should be on giving users tools and information that they can decide to use to increase security. Not on making decisions for them. So the makers/takers could use filters based on these parameters. The problem with any restrictions imposed by us is that it requires management, whereas user-empowering tools can adapt to circumstances in many different countries, situations and payment methods. For example you might even be willing to use a high-chargeback-risk payment method if it has been in use for over 6 months and the amount is small... or you might be willing to trade with a very new account if the security deposit is very high. |
Fully agree. Just a couple of comments. If #93 is approved then 1. and 4. would be the same. Regarding 5, I believe a forced delay has been discarded because of implementation difficulties (or at least it is stalled for now), instead in #93 it has been suggested to increase the time period only for trades with new accounts so the BTC seller is free to decide on his own to confirm immediately or wait several days after receiving the fiat payment. IMO it would be wise to wait at least 4 or 5 working days for first payments, so if a chargeback occurs within those days it can be easily solved without any harm for the seller and the victim of the stolen account. But that´s what I would do (unless some kind of 2FA is available, in that case it could be reasonable to confirm immediately after 2FA verifying the buyer) So maybe a 12 day limit could be set where the fiat payment must be sent within the first 5 days, so if the buyer pays quickly the trade can be completed in 6 or 7 days, and if he pays late it will take 12 days |
I believe with just the above 3 parameters you can prevent most frauds. It would be very hard for a scammer to reach a high score on all 3 unless it's a insanely patient long con with a low payout. A stolen bank account could be old... but it is unlikely to have been used for many trades. An account used for chargebacks is unlikely to last long. A fake bank account cannot be very active without risking detection.... I know that... |
Agree, but the problem is with new accounts. Both scammers and honest users with new accounts will have very poor 1. and 3. |
For the fiat part of the trade, the only way I can think of trusting the trade is real is that the seller is somehow a trusted user. The next step would be to disseminate that information in a verifiable way and without compromising privacy. If not technically possible, this parameter could be substituted with p2p ratings / whitelisting like the one you proposed in another thread (similar to linkedin) . I like that approach very much. |
Couldn't the buyer, seller (and arbitrator?) sign something to certify that the trade was completed successfully with the same private keys used for the security deposit transaction? It is on the Bitcoin blockchain after all... |
The problem is if the buyer and the seller are the same person (the scammer), he would be transferring BTC to himself and not transferring any fiat at all, and the arbitrator has no way to verify if the fiat trade took place or not without asking for evidence. But if we depart from a base of trusted users who would be the only allowed to trigger account age for new users, we can have a reasonable comfort that those fiat trades between old sellers and new buyers are real. IMO, for a scammer it will be extremely deterring to fully expose a stolen account for a very small quantity. And even if he is reckless and exposes the account, chances are he will be caught quickly and the harm can be totally avoided or in the worst case the harm will be very small. However, I am aware this approach is only possible on mature markets where Bisq has a fairly large base of old payment accounts. For new markets such as India or China another approach is needed, or maybe at the beginning any user will be able to trigger account age of any other user until the market is mature enough and then this verifying ability could be limited for older accounts. |
|
Closing as complete. |
To make it as painful as possible for scammers to use Bisq for turning stolen bank accounts into BTC following proposals are in discussion right now:
This proposal should discuss how we communicate these anti-scam strategies from a UI perspective. The UI should be flexible enough to support additional strategies that will be implemented in the future and should hide the complexity as much as possible to the user. Still it shouldn't give the user the false sense of security at the same time.
We could hide the complexity of the different anti-scam strategies by splitting it up into:
0% new account, 100% fulfilling all conditions currently defined. If we introduce new conditions in the future the current score can be reduced again until the new condition is fulfilled as well.
To tackle this problem I think it makes sense to look at this problem from two sides:
BTC Seller
To be able to prevent getting scammed I want to be able to:
As a maker:
As a taker:
BTC Buyer
As the risk being scammed as a buyer is nearly zero, the use-cases for a buyer are more about how to increase their trust score and to reduce the time until payout.
To increase my trust score I should start trading as soon as possible. For that I should create accounts for all my payment methods I might want to use in the future right now to start account aging. I need to understand that there is no total risk score for my onion address or me as a user, but a different risk score for each of my payment methods.
As a maker:
To increase the probability of my offers to get taken I can:
As a taker:
The buyer is dependent on the limitations set by the seller.
User flows to be changed
Payment account creation
Create Buy BTC offer
Create Sell BTC offer
Take Buy BTC offer
Take Sell BTC offer
Trade Process
App Start
Although this proposal is WIP it is important to get feedback especially on terminology (trust score,..) and the different use cases as soon as possible so we are not missing anything essential or failing to communicate it properly. I'll update this proposal with screenshots and more detailed concepts for each section over the next couple of days.
The text was updated successfully, but these errors were encountered: