add preference to clear sensitive data after days

woodser · woodser · commit 8d7023512e32 · 2025-07-15T10:21:23.000-04:00
diff --git a/core/src/main/java/haveno/core/api/CoreTradesService.java b/core/src/main/java/haveno/core/api/CoreTradesService.java
@@ -189,7 +189,6 @@ void closeTrade(String tradeId) {
         verifyTradeIsNotClosed(tradeId);
         var trade = getOpenTrade(tradeId).orElseThrow(() ->
                 new IllegalArgumentException(format("trade with id '%s' not found", tradeId)));
-        log.info("Keeping funds received from trade {}", tradeId);
         tradeManager.onTradeCompleted(trade);
     }
 
diff --git a/core/src/main/java/haveno/core/trade/Contract.java b/core/src/main/java/haveno/core/trade/Contract.java
@@ -261,18 +261,12 @@ public boolean isMyRoleMaker(PubKeyRing myPubKeyRing) {
     }
 
     public boolean maybeClearSensitiveData() {
-        return false; // TODO: anything to clear?
+        return false; // nothing to clear
     }
 
     // edits a contract json string
     public static String sanitizeContractAsJson(String contractAsJson) {
-        return contractAsJson
-                .replaceAll(
-                        "\"takerPaymentAccountPayload\": \\{[^}]*}",
-                        "\"takerPaymentAccountPayload\": null")
-                .replaceAll(
-                        "\"makerPaymentAccountPayload\": \\{[^}]*}",
-                        "\"makerPaymentAccountPayload\": null");
+        return contractAsJson; // nothing to sanitize because the contract does not contain the payment account payloads
     }
 
     public void printDiff(@Nullable String peersContractAsJson) {
diff --git a/core/src/main/java/haveno/core/trade/Trade.java b/core/src/main/java/haveno/core/trade/Trade.java
@@ -1584,11 +1584,24 @@ private void clearProcessData() {
 
     public void maybeClearSensitiveData() {
         String change = "";
+        if (contract != null && contract.maybeClearSensitiveData()) {
+            change += "contract;";
+        }
+        if (processModel != null && processModel.maybeClearSensitiveData()) {
+            change += "processModel;";
+        }
+        if (contractAsJson != null) {
+            String edited = Contract.sanitizeContractAsJson(contractAsJson);
+            if (!edited.equals(contractAsJson)) {
+                contractAsJson = edited;
+                change += "contractAsJson;";
+            }
+        }
         if (removeAllChatMessages()) {
             change += "chat messages;";
         }
         if (change.length() > 0) {
-            log.info("cleared sensitive data from {} of trade {}", change, getShortId());
+            log.info("Cleared sensitive data from {} of {} {}", change, getClass().getSimpleName(), getShortId());
         }
     }
 
diff --git a/core/src/main/java/haveno/core/trade/protocol/ProcessModel.java b/core/src/main/java/haveno/core/trade/protocol/ProcessModel.java
@@ -326,6 +326,17 @@ void witnessDebugLog(Trade trade) {
         getAccountAgeWitnessService().getAccountAgeWitnessUtils().witnessDebugLog(trade, null);
     }
 
+    public boolean maybeClearSensitiveData() {
+        boolean changed = false;
+        for (TradePeer tradingPeer : getTradePeers()) {
+            if (tradingPeer.getPaymentAccountPayload() != null || tradingPeer.getContractAsJson() != null) {
+                tradingPeer.setPaymentAccountPayload(null);
+                tradingPeer.setContractAsJson(null);
+                changed = true;
+            }
+        }
+        return changed;
+    }
 
     ///////////////////////////////////////////////////////////////////////////////////////////
     // Delegates
diff --git a/core/src/main/java/haveno/core/user/Preferences.java b/core/src/main/java/haveno/core/user/Preferences.java
@@ -109,8 +109,8 @@ public boolean isUseTorForXmr() {
     ));
 
     public static final boolean USE_SYMMETRIC_SECURITY_DEPOSIT = true;
-    public static final int CLEAR_DATA_AFTER_DAYS_INITIAL = 99999; // feature effectively disabled until user agrees to settings notification
-    public static final int CLEAR_DATA_AFTER_DAYS_DEFAULT = 60; // used when user has agreed to settings notification
+    public static final int CLEAR_DATA_AFTER_DAYS_DEFAULT = 60; // used with new instance or when existing user has agreed to settings notification
+    public static final int CLEAR_DATA_AFTER_DAYS_DISABLED = 99999; // feature effectively disabled until existing user agrees to settings notification
 
 
     // payload is initialized so the default values are available for Property initialization.
@@ -309,6 +309,10 @@ private void setupPreferences() {
             setIgnoreDustThreshold(600);
         }
 
+        if (prefPayload.getClearDataAfterDays() < 1) {
+            setClearDataAfterDays(Preferences.CLEAR_DATA_AFTER_DAYS_DISABLED);
+        }
+
         // For users from old versions the 4 flags a false but we want to have it true by default
         // PhoneKeyAndToken is also null so we can use that to enable the flags
         if (prefPayload.getPhoneKeyAndToken() == null) {
diff --git a/core/src/main/java/haveno/core/user/PreferencesPayload.java b/core/src/main/java/haveno/core/user/PreferencesPayload.java
@@ -122,7 +122,7 @@ public final class PreferencesPayload implements PersistableEnvelope {
     private String takeOfferSelectedPaymentAccountId;
     private double securityDepositAsPercent = getDefaultSecurityDepositAsPercent();
     private int ignoreDustThreshold = 600;
-    private int clearDataAfterDays = Preferences.CLEAR_DATA_AFTER_DAYS_INITIAL;
+    private int clearDataAfterDays = Preferences.CLEAR_DATA_AFTER_DAYS_DISABLED;
     private double securityDepositAsPercentForCrypto = getDefaultSecurityDepositAsPercent();
     private int blockNotifyPort;
     private boolean tacAcceptedV120;
diff --git a/core/src/main/resources/i18n/displayStrings.properties b/core/src/main/resources/i18n/displayStrings.properties
@@ -1337,6 +1337,7 @@ setting.preferences.notifyOnPreRelease=Receive pre-release notifications
 setting.preferences.resetAllFlags=Reset all \"Don't show again\" flags
 settings.preferences.languageChange=To apply the language change to all screens requires a restart.
 settings.preferences.supportLanguageWarning=In case of a dispute, please note that arbitration is handled in {0}.
+setting.preferences.clearDataAfterDays=Clear sensitive data after (days)
 settings.preferences.editCustomExplorer.headline=Explorer Settings
 settings.preferences.editCustomExplorer.description=Choose a system defined explorer from the list on the left, and/or \
   customize to suit your own preferences.
@@ -1346,6 +1347,15 @@ settings.preferences.editCustomExplorer.name=Name
 settings.preferences.editCustomExplorer.txUrl=Transaction URL
 settings.preferences.editCustomExplorer.addressUrl=Address URL
 
+setting.info.headline=New data-privacy feature
+settings.preferences.sensitiveDataRemoval.msg=To protect the privacy of yourself and other traders, Haveno intends to \
+  remove sensitive data from old trades. This is particularly important for fiat trades which may include bank \
+  account details.\n\n\
+  The threshold for data removal can be configured on this screen via the field "Clear sensitive data after (days)".  \
+  It is recommended to set it as low as possible, for example 60 days.  That means trades from more than 60 \
+  days ago will have sensitive data cleared, as long as they are completed.  Completed trades are found in the \
+  Portfolio / History tab.
+
 settings.net.xmrHeader=Monero network
 settings.net.p2pHeader=Haveno network
 settings.net.onionAddressLabel=My onion address
diff --git a/desktop/src/main/java/haveno/desktop/main/settings/preferences/PreferencesView.java b/desktop/src/main/java/haveno/desktop/main/settings/preferences/PreferencesView.java
@@ -39,6 +39,7 @@
 import haveno.core.payment.payload.PaymentMethod;
 import haveno.core.payment.validation.XmrValidator;
 import haveno.core.trade.HavenoUtils;
+import haveno.core.user.DontShowAgainLookup;
 import haveno.core.user.Preferences;
 import haveno.core.user.User;
 import haveno.core.util.FormattingUtils;
@@ -111,7 +112,7 @@ public class PreferencesView extends ActivatableViewAndModel<GridPane, Preferenc
     private int gridRow = 0;
     private int displayCurrenciesGridRowIndex = 0;
     private InputTextField ignoreTradersListInputTextField,
-            autoConfRequiredConfirmationsTf, autoConfServiceAddressTf, autoConfTradeLimitTf, /*referralIdInputTextField,*/
+            autoConfRequiredConfirmationsTf, autoConfServiceAddressTf, autoConfTradeLimitTf, clearDataAfterDaysInputTextField,
             rpcUserTextField, blockNotifyPortTextField;
     private PasswordTextField rpcPwTextField;
 
@@ -135,7 +136,7 @@ public class PreferencesView extends ActivatableViewAndModel<GridPane, Preferenc
     private ObservableList<TradeCurrency> tradeCurrencies;
     private InputTextField deviationInputTextField;
     private ChangeListener<String> deviationListener, ignoreTradersListListener,
-            rpcUserListener, rpcPwListener, blockNotifyPortListener,
+            rpcUserListener, rpcPwListener, blockNotifyPortListener, clearDataAfterDaysListener,
             autoConfTradeLimitListener, autoConfServiceAddressListener;
     private ChangeListener<Boolean> deviationFocusedListener;
     private final boolean displayStandbyModeFeature;
@@ -184,6 +185,24 @@ public void initialize() {
 
     @Override
     protected void activate() {
+        String key = "sensitiveDataRemovalInfo";
+        if (DontShowAgainLookup.showAgain(key) &&
+                (preferences.getClearDataAfterDays() == 0 ||
+                preferences.getClearDataAfterDays() == Preferences.CLEAR_DATA_AFTER_DAYS_DISABLED)) { // existing users must agree to new feature
+            new Popup()
+                    .headLine(Res.get("setting.info.headline"))
+                    .backgroundInfo(Res.get("settings.preferences.sensitiveDataRemoval.msg"))
+                    .actionButtonText(Res.get("shared.iUnderstand"))
+                    .onAction(() -> {
+                        DontShowAgainLookup.dontShowAgain(key, true);
+                        // user has acknowledged, enable the feature with a reasonable default value
+                        preferences.setClearDataAfterDays(Preferences.CLEAR_DATA_AFTER_DAYS_DEFAULT);
+                        clearDataAfterDaysInputTextField.setText(String.valueOf(preferences.getClearDataAfterDays()));
+                    })
+                    .closeButtonText(Res.get("shared.cancel"))
+                    .show();
+        }
+
         // We want to have it updated in case an asset got removed
         allCryptoCurrencies = FXCollections.observableArrayList(CurrencyUtil.getActiveSortedCryptoCurrencies(filterManager));
         allCryptoCurrencies.removeAll(cryptoCurrencies);
@@ -207,7 +226,7 @@ protected void deactivate() {
     ///////////////////////////////////////////////////////////////////////////////////////////
 
     private void initializeGeneralOptions() {
-        int titledGroupBgRowSpan = displayStandbyModeFeature ? 7 : 6;
+        int titledGroupBgRowSpan = displayStandbyModeFeature ? 8 : 7;
         TitledGroupBg titledGroupBg = addTitledGroupBg(root, gridRow, titledGroupBgRowSpan, Res.get("setting.preferences.general"));
         GridPane.setColumnSpan(titledGroupBg, 1);
 
@@ -257,14 +276,30 @@ private void initializeGeneralOptions() {
             }
         };
 
+        // clearDataAfterDays
+        clearDataAfterDaysInputTextField = addInputTextField(root, ++gridRow, Res.get("setting.preferences.clearDataAfterDays"));
+        IntegerValidator clearDataAfterDaysValidator = new IntegerValidator();
+        clearDataAfterDaysValidator.setMinValue(1);
+        clearDataAfterDaysValidator.setMaxValue(Preferences.CLEAR_DATA_AFTER_DAYS_DISABLED);
+        clearDataAfterDaysInputTextField.setValidator(clearDataAfterDaysValidator);
+        clearDataAfterDaysListener = (observable, oldValue, newValue) -> {
+            try {
+                int value = Integer.parseInt(newValue);
+                if (!newValue.equals(oldValue)) {
+                    preferences.setClearDataAfterDays(value);
+                }
+            } catch (Throwable ignore) {
+            }
+        };
+
         if (displayStandbyModeFeature) {
             // AvoidStandbyModeService feature works only on OSX & Windows
             avoidStandbyMode = addSlideToggleButton(root, ++gridRow,
                     Res.get("setting.preferences.avoidStandbyMode"));
         }
 
         useSoundForNotifications = addSlideToggleButton(root, ++gridRow,
-                Res.get("setting.preferences.useSoundForNotifications"));
+                Res.get("setting.preferences.useSoundForNotifications"), -5); // TODO: why must negative value be used to place toggle consistently?
     }
 
     private void initializeSeparator() {
@@ -613,6 +648,7 @@ private void activateGeneralOptions() {
         ignoreTradersListInputTextField.setText(String.join(", ", preferences.getIgnoreTradersList()));
         /* referralIdService.getOptionalReferralId().ifPresent(referralId -> referralIdInputTextField.setText(referralId));
         referralIdInputTextField.setPromptText(Res.get("setting.preferences.refererId.prompt"));*/
+        clearDataAfterDaysInputTextField.setText(String.valueOf(preferences.getClearDataAfterDays()));
         userLanguageComboBox.setItems(languageCodes);
         userLanguageComboBox.getSelectionModel().select(preferences.getUserLanguage());
         userLanguageComboBox.setConverter(new StringConverter<>() {
@@ -672,6 +708,7 @@ public Country fromString(String string) {
 
         ignoreTradersListInputTextField.textProperty().addListener(ignoreTradersListListener);
         //referralIdInputTextField.textProperty().addListener(referralIdListener);
+        clearDataAfterDaysInputTextField.textProperty().addListener(clearDataAfterDaysListener);
     }
 
     private void activateDisplayCurrencies() {
@@ -805,6 +842,7 @@ private void deactivateGeneralOptions() {
         deviationInputTextField.focusedProperty().removeListener(deviationFocusedListener);
         ignoreTradersListInputTextField.textProperty().removeListener(ignoreTradersListListener);
         //referralIdInputTextField.textProperty().removeListener(referralIdListener);
+        clearDataAfterDaysInputTextField.textProperty().removeListener(clearDataAfterDaysListener);
     }
 
     private void deactivateDisplayCurrencies() {

Original file line number	Diff line number	Diff line change
`@@ -189,7 +189,6 @@ void closeTrade(String tradeId) {`
`189`	`189`	`verifyTradeIsNotClosed(tradeId);`
`190`	`190`	`var trade = getOpenTrade(tradeId).orElseThrow(() ->`
`191`	`191`	`new IllegalArgumentException(format("trade with id '%s' not found", tradeId)));`
`192`		`- log.info("Keeping funds received from trade {}", tradeId);`
`193`	`192`	`tradeManager.onTradeCompleted(trade);`
`194`	`193`	`}`
`195`	`194`
Original file line number	Diff line number	Diff line change
`@@ -261,18 +261,12 @@ public boolean isMyRoleMaker(PubKeyRing myPubKeyRing) {`
`261`	`261`	`}`
`262`	`262`
`263`	`263`	`public boolean maybeClearSensitiveData() {`
`264`		`- return false; // TODO: anything to clear?`
	`264`	`+ return false; // nothing to clear`
`265`	`265`	`}`
`266`	`266`
`267`	`267`	`// edits a contract json string`
`268`	`268`	`public static String sanitizeContractAsJson(String contractAsJson) {`
`269`		`- return contractAsJson`
`270`		`- .replaceAll(`
`271`		`- "\"takerPaymentAccountPayload\": \\{[^}]*}",`
`272`		`- "\"takerPaymentAccountPayload\": null")`
`273`		`- .replaceAll(`
`274`		`- "\"makerPaymentAccountPayload\": \\{[^}]*}",`
`275`		`- "\"makerPaymentAccountPayload\": null");`
	`269`	`+ return contractAsJson; // nothing to sanitize because the contract does not contain the payment account payloads`
`276`	`270`	`}`
`277`	`271`
`278`	`272`	`public void printDiff(@Nullable String peersContractAsJson) {`