Pages:
Author

Topic: PeachBitcoin.com | P2P Bitcoin Exchange 🍑 #kycfree - page 6. (Read 2892 times)

legendary
Activity: 2212
Merit: 7064
Tor and open-source code are an absolute must for me. Robosats does have a 'F2F' option, by the way. You can even enter a custom payment option yourself.
Even if Peach may have more features, privacy should always be number 1 priority. But I guess it could be a good alternative to CEX for mobile users who don't own a computer that runs Tor Browser.
Yes that is exactly the reason why I like what Peach is doing.
There are much more mobile users than computer users today, especially in third world countries, so growth potential is much bigger.
If I had the option to choose I would always use desktop solution with Tor, something like Bisq or Robosats is good for that.

Why limited? I'm really interested to understand why this needs to be an app. Maybe I will just install it in an emulator and have a look myself.
It's limited for The Bitcoin Company (and their cards), and I don't know why, maybe because it's still in early beta phase.
I have no idea how thsi would work for Peach Bitcoin.

Their Google Play page says they collect the in-app messages, crash logs, diagnostics, and device identifiers. Such an identifier would let them connect your trades, whereas reloading Robosats will give you a completely fresh, unlinked identity.
Well yeah, that is what you get when you install most of the google and iOS apps, but I am not sure if the same happens with direct APK file.
It's certainly a good to read Terms & Conditions and Privacy Policy page before using Peach:
https://peachbitcoin.com/privacy-policy/
https://peachbitcoin.com/terms-and-conditions/
hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
Right now, I believe Robosats may honestly be a more private option, since you use it through Tor and it receives no 'device information' like a mobile app, doesn't deliver notifications through centralized Google / Apple servers and so on.
Yeah but I don't think you can use Robosats for meetups and trading face to face for cash, plus I think there are much more options in Peach compared to Robosats.
I think adding support for Tor would be a good idea for Peach, and maybe Robosats and Peach Bitcoin can work together in future.
Tor and open-source code are an absolute must for me. Robosats does have a 'F2F' option, by the way. You can even enter a custom payment option yourself.
Even if Peach may have more features, privacy should always be number 1 priority. But I guess it could be a good alternative to CEX for mobile users who don't own a computer that runs Tor Browser.

In theory Peach could alter create web app with limited functionality, like The Bitcoin Company did with their no-kyc cards.
Why limited? I'm really interested to understand why this needs to be an app. Maybe I will just install it in an emulator and have a look myself.

Communication is done within Peach app and I think it's encrypted, so I don't think there is anything connected with phone numbers.
Their Google Play page says they collect the in-app messages, crash logs, diagnostics, and device identifiers. Such an identifier would let them connect your trades, whereas reloading Robosats will give you a completely fresh, unlinked identity.



Be aware that 'encrypted in transit' merely refers to the usage of HTTPS (TLS). When the data reaches the server, it is in the clear again. If you're unlucky, they might use Cloudflare, so those folks will have a copy of the data as well. As long as there is no end-to-end encryption in place.
Usually people use E2E as a selling point and plaster it all over the place, which I haven't seen on the pretty Peach Bitcoin website yet.



One good thing I did notice is that they use a Let's Encrypt TLS certificate for their website at least, instead of Cloudflare.
legendary
Activity: 2212
Merit: 7064
Right now, I believe Robosats may honestly be a more private option, since you use it through Tor and it receives no 'device information' like a mobile app, doesn't deliver notifications through centralized Google / Apple servers and so on.
Yeah but I don't think you can use Robosats for meetups and trading face to face for cash, plus I think there are much more options in Peach compared to Robosats.
I think adding support for Tor would be a good idea for Peach, and maybe Robosats and Peach Bitcoin can work together in future.
In theory Peach could alter create web app with limited functionality, like The Bitcoin Company did with their no-kyc cards.

Well, mobile phone numbers are nowadays often tied to real identities using KYC. So if this communication is not encrypted end-to-end without backdoors or implementation flaws, a three-letter agency could knock at Peach's door, fetch a copy of their data, map phone numbers to identities and end up with a nice list of 'suspicious P2P Bitcoin investors'.
Communication is done within Peach app and I think it's encrypted, so I don't think there is anything connected with phone numbers.
My biggest complain to Peach is that source code needs to be released as open source, for code encryption to be inspected for bugs and exploits.

legendary
Activity: 1862
Merit: 5154
**In BTC since 2013**
Well, mobile phone numbers are nowadays often tied to real identities using KYC. So if this communication is not encrypted end-to-end without backdoors or implementation flaws, a three-letter agency could knock at Peach's door, fetch a copy of their data, map phone numbers to identities and end up with a nice list of 'suspicious P2P Bitcoin investors'.

A non-insignificant number of governments nowadays push the narrative that striving for privacy, trying to avoid KYC and using P2P exchanges instead, for instance, is suspicious / criminal behavior or criminally motivated.

I'm not saying no, I'm just giving an example of a use case. It is also complicated now to explain how the app works. You can still use VPN to access the app, and not use VPN when paying. But, they would have to be investigating someone specifically, to be able to draw those conclusions. And it should be noted that there are payment methods that are only available in each country, being the users of that country to know how to use it in the best possible way. But, I'm not saying it's impossible.

Almost any P2P method has elements that can be unidentifiable. Unless both people meet and hand money to each other.

Now, Peach has to create (if she hasn't already created) a way for the data not to be stored, at least for a long time.
hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
The question now arises is how the app stores this type of communication. Whether it's point to point or not. But that, I can no longer answer. On the other hand, as there is no kyc, it is difficult to obtain a court order to present the data. Whose data, if they don't identify anyone?

Looking at my example. Even if the seller has problems with the law, the only information they have is the transfer of money via mobile phone. A system widely used among friends and family to pay for group meals, so little to no indication that it has anything to do with BTC.
Well, mobile phone numbers are nowadays often tied to real identities using KYC. So if this communication is not encrypted end-to-end without backdoors or implementation flaws, a three-letter agency could knock at Peach's door, fetch a copy of their data, map phone numbers to identities and end up with a nice list of 'suspicious P2P Bitcoin investors'.

A non-insignificant number of governments nowadays push the narrative that striving for privacy, trying to avoid KYC and using P2P exchanges instead, for instance, is suspicious / criminal behavior or criminally motivated.
legendary
Activity: 1862
Merit: 5154
**In BTC since 2013**
How exactly do they 'process the payment methods outside the platform'? In the next sentence you say that it's a means of communication.

So I assume that you send the other party your payment information (which often includes your real name) if you are selling BTC through the application's communication system, right?

Just trying to understand..

Then it will depend on the method used as a means of payment.

For example, when I tested it, I used a payment method that simply indicates the mobile number to send the money. In that sense, the seller sent me a mobile number, to which I sent the money. I gave the indication in the app that I sent the money, and a few minutes later the seller indicated that he received it, and the BTC was transferred.

The question now arises is how the app stores this type of communication. Whether it's point to point or not. But that, I can no longer answer. On the other hand, as there is no kyc, it is difficult to obtain a court order to present the data. Whose data, if they don't identify anyone?

Looking at my example. Even if the seller has problems with the law, the only information they have is the transfer of money via mobile phone. A system widely used among friends and family to pay for group meals, so little to no indication that it has anything to do with BTC.
hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
If we had open-source client code, I could easily check if users' name and payment details are properly encrypted and only visible to their trading partner, for instance.

There is no username, just an ID assigned by the app. Yes it's a username, but it's not the person's name. And the payment methods are all processed outside the platform, the platform being just a means of communication between the parties.

I am speaking from my experience. Either way I understand the concerns.
How exactly do they 'process the payment methods outside the platform'? In the next sentence you say that it's a means of communication.

So I assume that as a seller, you send the other party your fiat payment information (which often includes your real name) through the application's communication system, right?

Just trying to understand.
legendary
Activity: 1862
Merit: 5154
**In BTC since 2013**
If we had open-source client code, I could easily check if users' name and payment details are properly encrypted and only visible to their trading partner, for instance.

There is no username, just an ID assigned by the app. Yes it's a username, but it's not the person's name. And the payment methods are all processed outside the platform, the platform being just a means of communication between the parties.

I am speaking from my experience. Either way I understand the concerns.
hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
Just from a UX standpoint, I'm interested to know whether the application will need to stay online for the trade offer to remain online (like on bisq). Else how do you deal with smartphone apps' limited background-running capabilities?

I don't know how to answer that, but I can comment on the analysis I did.

The only permission the app requests on Android is notifications and camera access (which I'm denied). Notifications are only for the person to be notified when an offer match occurs (at least they were the only ones I received).

Therefore, it concludes that the offer is online, without the need for the app to run in the background.
So there is already one issue here: notifications on Android are delivered through Firebase FCM, which is a centralized Google service. On iOS, they are delivered through APNS - which is the same thing by Apple. In the worst case, iOS users' notifications are actually managed through Firebase and delivered by APNS; so both companies get to know the contents of their notifications.

If the application does not need to run in the background and you can still find a trade partner, I assume there is a centralized server somewhere that keeps offers online. This could be both a central point of failure as well as a privacy concern, especially if the application doesn't connect to it through Tor. Is anything known about this? Otherwise, the server could easily gather and store IP addresses and transaction details, such as payment methods and names.



Depending on the details, this could be almost as bad as a centralized exchange when it comes to privacy.

If we had open-source client code, I could easily check if users' name and payment details are properly encrypted and only visible to their trading partner, for instance. Or whether the Tor connection exists / is set up properly. Best-case would be a serverless, decentralized architecture like what's used in bisq.

Right now, I believe Robosats may honestly be a more private option, since you use it through Tor and it receives no 'device information' like a mobile app, doesn't deliver notifications through centralized Google / Apple servers and so on.
legendary
Activity: 1862
Merit: 5154
**In BTC since 2013**
Just from a UX standpoint, I'm interested to know whether the application will need to stay online for the trade offer to remain online (like on bisq). Else how do you deal with smartphone apps' limited background-running capabilities?

I don't know how to answer that, but I can comment on the analysis I did.

The only permission the app requests on Android is notifications and camera access (which I'm denied). Notifications are only for the person to be notified when an offer match occurs (at least they were the only ones I received).

Therefore, it concludes that the offer is online, without the need for the app to run in the background.
hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
Interesting, I just re-discovered this due to your post.. Wink I do appreciate more P2P trading options, and the website design is definitely pretty and appealing.

But do you know what's missing on your webpage? A big, bold GitHub (or other VCS) icon. Or am I just blind?

While I do understand that with a mobile app, you can appeal to a mass audience, I believe many Bitcoiners will prefer to run such software on desktop and / or in browser. Especially if you don't compile the mobile app yourself, there's no way to really know what kinds of data it collects about you / your device and where it sends such data.

Just from a UX standpoint, I'm interested to know whether the application will need to stay online for the trade offer to remain online (like on bisq). Else how do you deal with smartphone apps' limited background-running capabilities?
legendary
Activity: 2212
Merit: 7064
I mean, looking at liquid.network I can barely see any transaction, and besides Blockstream's wallet I don't any major wallet integrating it (I may just be ignorant, tho). Of course it's always nice to see support for different technologies and someone has to go first, but as a startup with limited resources, you may want to think twice before doing it.
You can literally see transactions happening all the time on mempool explorer, it's not like BTC mainnet for sure, but I am not expecting it to ever be like that.
As for wallets I know ledger hardware wallet is supporting Liquid chain, they have app and it works connected with Green wallet, and we also have Jade hardware wallet with full support.
I don't know any other wallets supporting Liquid chain yet, but many centralized exchanges are supporting it.
One good thing about Liquid (and I don't like federated blabla blockstream) is the fact we can use confidential transactions, and enter/exit stable coins much easier.
F2b
hero member
Activity: 2141
Merit: 926
- We are thinking of integrating LBTC (with an integrated swapping service).
I'm not really familiar with Liquid so my opinion isn't worth much, but I guess it all depends on the demand there is for it. Have you got requests from users to integrate it?
I mean, looking at liquid.network I can barely see any transaction, and besides Blockstream's wallet I don't any major wallet integrating it (I may just be ignorant, tho). Of course it's always nice to see support for different technologies and someone has to go first, but as a startup with limited resources, you may want to think twice before doing it.

From what I understand swapping between BTC and L-BTC is also holding adoption back. As someone not familiar with Liquid, my point of view is that it should be as transparent / seamless as submarine swaps on Lightning, with very small fees and of course no KYC. But I don't know if that's realistic.

I'm sure you have already thought about integrating Lightning, but I'd like to mention it once again, as it's probably the most used scaling solution today. Also, that's more of a personal thing, but for some reason I tend to use desktop wallets for on-chain transactions and mobile wallet for Lightning ones, and since Peach is a mobile app...
In more concrete terms, I think Peach is great for onboarding newcommers. And I think we tend to onboard people with Lightning wallets, as they usually start with small amounts and most bitcoiners are familiar with this technology.
That being said, Liquid would also work for that use-case... if it was actually used.

Edit: one drawback with Lightning tho, is that you would likely need to implement a custodial solution.

Why would you implement support for a permissioned federation when you have options like Lightning and Monero available to you?
Indeed, that's another concern. (Although scaling Bitcoin is most a matter of compromises.)
Lightning is quite concentrated around a few companies, but at least the protocol is open and anyone can run their node and choose the people who they want to open channels with.
legendary
Activity: 2268
Merit: 18771
- We are thinking of integrating LBTC (with an integrated swapping service).
Why would you implement support for a permissioned federation when you have options like Lightning and Monero available to you?

I am expecting developers to disable ordinals junk spam in next bitcoin updates
I doubt it very much. There is nothing even close to consensus about this on the mailing list, and even if there was, it would likely take months of discussion on GitHub before a viable pull request was ready to be merged.
legendary
Activity: 2212
Merit: 7064
I would like to add that we are also concerned about the current situation around the Ordinals, as this has caused us a lot of inconvenience. We are realists and we perfectly understand that in the absence of a softfor, this can happen again (thank God, now the mempool has unloaded a little).
I am expecting developers to disable ordinals junk spam in next bitcoin updates, and if some degens want to fork off (again) let them do it.

- We are thinking of integrating LBTC (with an integrated swapping service).
This is a good idea, but only if BTC to L-BTC swap is done without any kyc procedure or extra complicated steps.
You can also consider adding Lightning Network as alternative for lower amounts or when transaction fees are high again.
newbie
Activity: 9
Merit: 45
First of all, I want to say that I really like your answers guys, but I have run out of opportunity to like you!

I would like to add that we are also concerned about the current situation around the Ordinals, as this has caused us a lot of inconvenience. We are realists and we perfectly understand that in the absence of a softfor, this can happen again (thank God, now the mempool has unloaded a little).

- We are thinking of integrating LBTC (with an integrated swapping service).

I would be grateful if you would share your opinion on this in a more detailed form.  Smiley
legendary
Activity: 2212
Merit: 7064
I'm still confused with the meetups. Roll Eyes
You can find all the details on their website and contact them for more information/explanation.
Every communication before meeting is done over the app, and locations are popping up everywhere in Europe, but there is still lot of room for growth and improvement.

Found another two pieces of information in Peach Telegram channel that I believe are relevant for archiving purposes (and to better understand how Peach is going):
Is that PeachBTC telegram group available for everyone or only for beta testers because title sounds confusing?
Encrypting bank details is cool but we don't know what type of encryption they used and I will have my doubts until they release open source code and someone verifies encryption is good.
I prefer meetings because you don't need to share many personal details over app.
legendary
Activity: 1148
Merit: 3117
Found another two pieces of information in Peach Telegram channel that I believe are relevant for archiving purposes (and to better understand how Peach is going):

Regarding how the app manages the encrypted bank details that are used in the app when a SEPA Payment is made:


Secondly, as per Steph announcement (who I assume runs the OP account) today, Peach has surpassed the millionth CHF volume traded (which equals to roughly 45 BTC as of now). For a project that started in September of 2022[1][2], I find this amount awesome and it makes be believe that P2P adoption has a good future ahead.

[1]https://nitter.it/proofofsteph/status/1565355174599737344
[2]https://nitter.it/peachbitcoin/status/1565626429504733184
legendary
Activity: 1148
Merit: 3117
...

I'm still confused with the meetups. Roll Eyes

When you go to the event, all the folks are supposed to be a Peach Bitcoin user? Or random bitcoiners groups are listed at peachbitcoin.com/for-meetups? I mean the group that goes to the restaurant to talk BTC.
And I may perhaps find a PeachBitcoin user?...
You can find more information regarding meetups here[1] @LeGaulois. As far as I'm aware the concept is to be seen as a partnership - if an organization is having a Bitcoin meetup for numerous reasons (to talk about certain aspects of the technology for example) they can get in touch with Peach and also provide the option for whoever is attending the meeting to exchange cash for bitcoin using Peach wallet as a safe "heaven" that promotes the exchange. You can already select the option of "Cash" whenever you use the app, but whenever you are near a Bitcoin meetup that has partnered with Peach, you will also get alerted that you can do a cash exchange physically (and, more importantly, in a safe environment that meetups provides).

The company also provides some cool merchandise to help promote the service and it also shares 1% of the trading volume with the organization body of the meetup[1]:
Quote
What’s in it for the meetup organizers?

Meetup organizers play an important role in the Peach cash trade: they are the ones who will need to explain how Peach works, and will be the point of contact for anyone using the feature during the meetup.

To thank & compensate the organizers for this, we give back three things:

  • 1% of the volume traded. Important note: we will give back 1% only to the meetup organizers that can be subject to receive donations. Some meetups, due to their status or organization, will not be able receive it.
  • Peach merch
  • Visibility for the meetup on the Peach app.
To directly answer your question: Not all Bitcoin meetups will have a partnership with Peach Bitcoin (especially in the current early stages of the service, but this will surely improve long term). Whenever you're in doubt just look up into the application and see if there's a nearby meetup hosting this service and, when you're there, just look out for these[2][3][4] signs and you'll know you're in the right place.

[1]https://peachbitcoin.com/blog/peach-for-meetups/
[2]https://nitter.it/peachbitcoin/status/1649172239432949762
[3]https://nitter.it/einundzwanzigBS/status/1648725294709080066
[4]https://nitter.it/itsTomekK/status/1646848369078198274
legendary
Activity: 1862
Merit: 5154
**In BTC since 2013**
When you go to the event, all the folks are supposed to be a Peach Bitcoin user? Or random bitcoiners groups are listed at peachbitcoin.com/for-meetups? I mean the group that goes to the restaurant to talk BTC.
And I may perhaps find a PeachBitcoin user?...

From the list I've seen, I think that random groups can also be listed in the app.
The idea is for the user to choose to make the payment when meeting the person. The app being the escrow service.
Pages:
Jump to: