Regarding privacy on Bisq:
One side is always BTC, so we inherit all the on-chain privacy issues of Bitcoin.
One can get full privacy with enough care and avoiding mixing fiat trades with altcoin trades. Most fiat payment methods leak real life ID to the trade peer (e.g. required full name for a bank transfer), so you have to be aware that you are not anonymous to at least that person. So if one trades both fiat and altcoins in the same app there are several areas where one leaks over the identity potentially leaked at the fiat side to the altcoin side. Beside the on-chain privacy issue on Bitcoin (which can be avoided if every trade is isolated and a CoinJoin made in between) there are a few other issues as the onion address stays the same and the signature and encryption key as well. Those keys form then a kind of global identity and can link offers and trades. There are plans to fix that but creating for each offer and trade a new onion address will have it resource limitations, so there is no perfect solution known yet for that.
So how to get full privacy?
- Use a dedicated Bisq app for each trade
- Fund the wallet from CoinJoined funds
- Once trade is completed send BTC funds to a CJ again
- For next trade use a fresh data directory so no keys/onions are leaking from first trade/offer to next
- Know how to avoid privacy loss on the altcoin side
One can run multiple Bisq apps with custom app names, all is isolated in a dedicated data directory.
I assume for most users such a setup comes with too much inconvenience, time delay and miner fee costs. So if privacy is already weakened on the BTC blockchain side, all the rest has to be seen in relation to that. Also as the Fiat on/off ramp is core use case and mission of Bisq and privacy is inherently weakened by the involvement of banks or payment processors all the rest has to be seen under that context as well. There are some more private payment forms like Face to Face but that has very low volume.
To trade only altcoins (which do not have traces from KYC exchanges) and not doing a fresh setup for each trade might leak that one entity has done those trades but as long that cluster is not connected to a real life entity it has less relevance.
Beside all that, Bisq is not audited in depth from security/privacy researchers (though we got some medium light audits) so there might be some technical issue beside the known ones and the conceptual ones (fiat/bank transfer).