Really important topic to be aware of
join the conversation! https://github.com/RoboSats/robosats/discussions/1746
Discussion
Hmmm
Here is a thought to consider. In the payment provider chat asked the buyer to open a private chat with in you Bisq2 to confirm order details. This should eliminate the third party.
The Robosats chat is already encrypted and peer-to-peer. Opening an other channel does not stop the scammer from just forwarding any request the seller makes to the real buyer.
If the real owner of the BTC and the person parting with their fiat, had way to confirm the transaction details prior pulling trigger this would prevent the man in the middle scam.
If I'm understanding correctly. Person A (the scammer) accepts the Robosats offer and then immediately opens an Bisq2 offer of the same.
Once the Bisq2 offer is accepted the payment details are forwarded to the Robosats offer. In the End, Person A gets the Bitcoin and the other 2 parties get rugged.
Just seems that this is possible because the two parties have zero chance to communicate prior to committing to the transaction.
So what I'm suggesting is rely on a non-Robosats encrypted p2p chat to confirm the transaction.
Using only the order ID (a five digit number, no "rs") in the reference is obscure enough.
Should it become a general instruction to include it?
That would make the payer double check and provide verification to the seller that the buyer is part of the same transaction.
Also the order ID itself could be made to be random length letters and / or numbers so it is not a consistent pattern risking censorship.