That would be very, very bad! I've never seen any website that publishes all transaction data, and within EU it could even be a GDPR violation.
I assume any exchange keeps trade and transaction data forever, and if they ever need to provide it, they can dig it up.
TL;DR: don't do it. You'll scare away your customers.
Thanks for the candid feedback. Just to make things clear, we would never publish personal information (emails, etc). What we would do is use email + some random salt to generate a hash for each user and then, for each incoming deposit or withdraw, we would publish this hash.
It's still bad: if I trade something with someone, they'll know some of my Bitcoin addresses. If I then use that address to deposit to your site, they'll easily know I use your service (but they could probably figure that out through
WalletExplorer.com too. What's worse, is if they can trace
all my other transactions to and from your service too, after which they can know many more of my addresses. Not only that, they'll also know exactly how much I've deposited and withdrawn for as long as I've used the service. Exchanges don't do that either. Let's compare it with a bank: it's okay for the bank to see who I pay, but it's not okay to
sell/publish/use this data.
So no personal data involved! (and no GDPR violation for sure)
Bitcoin addresses could be considered personal data too (although I'm not sure about this).
One reason I thought this was OK is because in the long-term I want to make our exchange work with decentralized custody. Fully decentralized exchanges have a lot of problems with latency, front-running and large fees (or spreads) that are really hard to solve. So I think we can get the best out of both worlds with centralized order matching + decentralized custody and setlement.
In this model, traders would make deposits and receive withdraws from smart contracts, and everybody would be able to easily link deposits and withdraws, so that I why I thought this lack of privacy would not be a big issue for most users.
If it's an on-chain necessity, that's different from volunteering to publish the data.
After this explanation, do you still feel that this is a bad idea? If so, can you elaborate on what exactly do you think is bad or will scare users away?
Yes, it's still bad. It's not necessary, and it reduces privacy. Privacy is great, but the moment you lose it, you'll never get it back.
It will be a centrally controlled database, meaning you can put anything you want in there, so anyone accused of anything could just deny it and government won't have conclusive evidence. Or you could be bribed to change something.
Also, we if wanted to publish daily balances we could have a full proof of funds! Everyone would be able to check that we have as much funds as the sum of all balances because everyone would be to see the their own balance associated with their own user hash in a public ledger, and they would be able to see that our cold storage address contains at least the sum of all balances listed there.
For proof of funds, I'd stick to the cold storage with a signed message. Hot wallets shouldn't hold a large portion of total funds, so no need to proof every last satoshi.
I wanted to test it, but I now get this:
Login Error: We cannot find a valid account with this credentials
Are you sure you didn't forgot your password? We only store a hash of your password, so we have a limited ability to debug that. We are being able to access our own accounts just fine.
I didn't forget the password. It works again now (same as vv181), without resetting it.