Pages:
Author

Topic: Trezor AOPP Integration - page 3. (Read 744 times)

legendary
Activity: 2212
Merit: 7064
February 01, 2022, 10:46:13 AM
#33
I'm not going to use a wallet which makes it easier for governments to control and monitor their citizens.
Me neither.
I was surprised to see Blue wallet on that list, and I like how it worked as a mobile wallet, but I won't recommend it anymore.
Nobody asked customers and regular users if they want to have this anti-privacy feature or not, they just want to kiss ass of governments, now they should suffer.

I'm certain they will. But again, hardware wallets shouldn't be actively helping them to do so.
It's not just related with hardware wallets, and this can easily expand to all mobile wallet if there wasn't such a big negative reaction from people.
I am sure that soon all binance supported wallet will rush to apply for aopp as soon as possible, like Safepal hardware wallet or Trust Wallet.
Maybe they are not focused on desktop wallets so much, so I hope Electrum wallet won't do that ever :/
We should seriously consider traveling without any (visible) bitcoin wallets cross border, just to be extra safe.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
February 01, 2022, 09:26:41 AM
#32
It shouldn't be a case of "The government are going to oppress you, but we will make that oppression as smooth as possible". It should be a case of "We do not agree with this oppression and we will fight against it", much like the Bitonic exchange we discussed above did.
Okay, so it would be more about showing unwillingness to aid in the oppression than actively trying to prevent it. Sounds good to me!
legendary
Activity: 2268
Merit: 18748
February 01, 2022, 08:52:06 AM
#31
Just like you could use AOPP to prove ownership of an address to a centralized KYC exchange, you could manually use the normal signing feature to prove ownership of an address to a centralized KYC exchange.
Sure, but signing something with a key is integral to how bitcoin works and there is no possible way to get rid of it. This AOPP is completely optional and unnecessary, and bitcoin will work just fine without it. Also, go check out https://aopp.group/. The whole page talks about how they are doing it to comply with government regulations. "We're not the bad guys, we just want to make it as easy as possible for you to submit to this intrusive nonsense." I don't care if that's the case - I'm not going to use a wallet which makes it easier for governments to control and monitor their citizens.

Also people are going to continue linking themselves with their addresses, if their law demands it and I'm telling you how: the exchanges will explain them how to manually sign those messages and manually send them over.
I'm certain they will. But again, hardware wallets shouldn't be actively helping them to do so. It shouldn't be a case of "The government are going to oppress you, but we will make that oppression as smooth as possible". It should be a case of "We do not agree with this oppression and we will fight against it", much like the Bitonic exchange we discussed above did.

TL;DR: I think at most, we can hope that wallets send like a 'message'. A symbolic statement that they don't agree with privacy invasion and don't actively support it. But really preventing it - they can't.
Again, I agree, but signalling they are against something bad which is going to happen anyway is still far preferable to aiding it along.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
January 31, 2022, 09:09:20 PM
#30
Newsflash: exchanges are linking addresses to names without AOPP as well...

=> am I missing something here or is this AOPP outrage really all for nothing?
Of course exchanges are linking addresses to your real name, and of course they are employing (or even owning) blockchain analysis companies to deanonymize you as much as possible. Everyone knows that, and people like me who are disgusted at that avoid using centralized exchanges. What I don't expect is that kind of privacy invasion to spill over in to my wallet, software or hardware.
I get your point; though technically, the feature itself is not necessarily only usable for privacy invasion. In fact, on this level, you already have privacy invading 'features' that are 'spilled over' into all of your wallets in a way, since you can sign messages with them.

Just like you could use AOPP to prove ownership of an address to a centralized KYC exchange, you could manually use the normal signing feature to prove ownership of an address to a centralized KYC exchange.

Also people are going to continue linking themselves with their addresses, if their law demands it and I'm telling you how: the exchanges will explain them how to manually sign those messages and manually send them over. (I think this was the way to go before AOPP existed, actually). If we remove signing features, they will require of people to send them freaking pictures of themselves with their ID card and wallet in hand or something. Or they will be forced to use wallets made by the exchange (see Coinbase wallet).

Since we cannot and should not remove the signing functionality from wallets, the Swiss people will probably gain nothing from this AOPP 'removal' and just lose a bit of convenience. Unfortunately, I don't think having to manually sign a message will make them switch to a non-KYC exchange. Maybe, with more and more difficulties added (performing KYC is already a PITA usually), they will indeed start looking for alternatives. Just non-commercial decentralized stuff usually doesn't have the budget to get top spots on search engines, I guess...

And even if AOPP doesn't directly invade my privacy, or indeed is only an optional feature, I will not support any wallet which signals that they are going to be complicit in centralized exchanges trying to destroy the very nature of bitcoin.
This I totally understand and totally agree with.

But if we are just going to shrug our shoulders at every small invasion of our privacy, then we will get there eventually. They will just keeping pushing more and more until our privacy is all but gone.
I'm 100% with you on this!


TL;DR: I think at most, we can hope that wallets send like a 'message'. A symbolic statement that they don't agree with privacy invasion and don't actively support it. But really preventing it - they can't.
legendary
Activity: 2268
Merit: 18748
January 30, 2022, 10:26:29 AM
#29
Newsflash: exchanges are linking addresses to names without AOPP as well...

=> am I missing something here or is this AOPP outrage really all for nothing?
Of course exchanges are linking addresses to your real name, and of course they are employing (or even owning) blockchain analysis companies to deanonymize you as much as possible. Everyone knows that, and people like me who are disgusted at that avoid using centralized exchanges. What I don't expect is that kind of privacy invasion to spill over in to my wallet, software or hardware. And even if AOPP doesn't directly invade my privacy, or indeed is only an optional feature, I will not support any wallet which signals that they are going to be complicit in centralized exchanges trying to destroy the very nature of bitcoin.

They can't destroy our privacy in one fell swoop. If they turned around tomorrow and said every bitcoin address must be linked to someone via KYC or be blacklisted by every exchange, service, node, miner, etc., then (hopefully!) the community would revolt. But if we are just going to shrug our shoulders at every small invasion of our privacy, then we will get there eventually. They will just keeping pushing more and more until our privacy is all but gone. Because let's be frank - the hideous scenario I've just described is the end goal for the government if they can't shutdown bitcoin entirely.
legendary
Activity: 2212
Merit: 7064
January 30, 2022, 10:13:46 AM
#28
am I missing something here or is this AOPP outrage really all for nothing?
People usually tend to react in the last minute with serious stuff and I think this was serious, but people won this battle for now.
Let me be clear, no regulators or governments can't do shit if enough people refuse to comply with them and obey their more and more crazy rules, regulations and taxes.
Same thing with AOPP, it's one tiny thing now, but it could grow into something much more dangerous if people didn't rise their voices.
Imagine that even AOPP website had to remove all wallets, and two wallets are removing direct AOPP protocol after just few days of complains.
If your country have some stupid rules like AOPP, protest  and complain about that, don't just obey like a good little slave.

Totalitarians and ones aspiring to become that, can definitely make it hard to use cryptocurrencies; I agree. Especially stuff like Monero starts to be more and more 'criminalized'. It's a pity, but at a certain point, you can't solve the issues technologically. You can use a VPN - they can ban VPNs. You can use Tor - they can ban Tor. You see, this goes ad absurdum. In the end Bitcoiners will move out and create their own state or something. LOL!
This is the only way, but it's not that simple and most people are to lazy for this, they always want someone else to create something for them.
I think there was several attempts for creating city states on water, even theymos talked about this, but I haven't seen any real steps towards this.
Yes, there are some semi-states in neutral zones like Liberland, but they are not really free if you dive and research deeper about them.
For now best experiment we have (and it's not perfect) is El Salvador with bitcoin legal tender, but we need to go step further.

hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
January 30, 2022, 09:54:03 AM
#27
In theory, without AOPP, you could argue that the address they sent 1BTC to, doesn't belong to you.
In reality, nobody will believe that you're wiring an exchange $30,000 in exchange for them sending 1BTC to an address you have no control over, right?
It happens: How to lose your Bitcoins with CTRL-C CTRL-V.
I'm pretty sure these exchanges have it somewhere in their ToS (or could add it) that you agree that you verify the address is correct (alone for liability reasons), that it's your full responsibility to make sure you have control over it and will be able to access the funds after hitting withdraw. So non-deniability of CTRL+C/V mistake is also possible through ToS and without AOPP. No AOPP != privacy, needless to say.

Quote
=> am I missing something here or is this AOPP outrage really all for nothing?
My fear is this is only the start. Next, you'll be asked to explain who you sent your coins to.
That makes sense; I guess the best solution (as has always been - no newsflash) remains P2P over Tor, and mining (though obviously they can come after miners as well, as we have seen in China). In the end, this starts to get more into a 'Politics' topic (authoritarian regimes wanting to control everything) rather than 'Hardware wallets'. Grin

So the best practice stays what it has always been: receive your funds, mix them, then do whatever you want.
I read a long time ago already the Netherlands wanted to assume anyone who uses a mixer is a criminal. I don't think they've managed to pull that off yet, but they would if they could.
Totalitarians and ones aspiring to become that, can definitely make it hard to use cryptocurrencies; I agree. Especially stuff like Monero starts to be more and more 'criminalized'. It's a pity, but at a certain point, you can't solve the issues technologically. You can use a VPN - they can ban VPNs. You can use Tor - they can ban Tor. You see, this goes ad absurdum. In the end Bitcoiners will move out and create their own state or something. LOL!

No honestly, the peoples of the world really need to understand data privacy and stop voting for idiots that want to incriminate them for wanting what I consider a basic human right - privacy. It's really a political issue.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
January 30, 2022, 09:48:52 AM
#26
In theory, without AOPP, you could argue that the address they sent 1BTC to, doesn't belong to you.
In reality, nobody will believe that you're wiring an exchange $30,000 in exchange for them sending 1BTC to an address you have no control over, right?
It happens: How to lose your Bitcoins with CTRL-C CTRL-V.

So the best practice stays what it has always been: receive your funds, mix them, then do whatever you want.
I read a long time ago already the Netherlands wanted to assume anyone who uses a mixer is a criminal. I don't think they've managed to pull that off yet, but they would if they could.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
January 30, 2022, 09:36:01 AM
#25
I believe in future we will see a lot of those initiatives. They are trying to control and to give a name for each address with balance. But they can't. At least for now, we still have significant privacy
How do you have more privacy if you only give the exchange your address compared to giving it and signing a message with it?
From my understanding, the only difference is (plausible?) deniability.

In theory, without AOPP, you could argue that the address they sent 1BTC to, doesn't belong to you.
In reality, nobody will believe that you're wiring an exchange $30,000 in exchange for them sending 1BTC to an address you have no control over, right?

So the best practice stays what it has always been: receive your funds, mix them, then do whatever you want.
Newsflash: exchanges are linking addresses to names without AOPP as well...

=> am I missing something here or is this AOPP outrage really all for nothing?
I mean, sure, some wallets are removing the functionality again, but it's just that: a functionality. You can also just not use it. I mean, you could put your real name, address and phone number in your Bitcointalk account, but you don't have to. There's a choice...



Governments will try to obligate exchanges to do so. About trezor, my advice is: buy a ledger pr just ignore their software and use electrum
Oh gosh please no. As if there were only two wallet companies in existence? And how do you go from 'Trezor has an issue' to 'Get this closed source non-durable thing whose company seems super shady lately'? I'd rather recommend checking out this list of open-source hardware wallets and making a choice from there. Also, another newsflash: you can use the Trezor without AOPP!
legendary
Activity: 2212
Merit: 7064
January 30, 2022, 09:02:26 AM
#24
AOPP integration is much deeper topic and I didn't want to comment anything about this topic for few days because I saw huge complains towards Trezor and I expected them to change their decision.
Aopp.group is now only related to Switzerland but there is a danger that other countries may adopt this system if manufacturers and developers accept their protocol.
Problem is that it's not only Trezor who was involved with AOPP and other wallets both software and hardware.

BitBox hardware wallet by Shiftcrypto (they are from Switzerland)

This is how BitBox simply explained how Address Ownership Proof Protocol (AOPP) works:
https://shiftcrypto.support/help/en-us/15-other/178-what-is-the-address-ownership-proof-protocol-aopp



I took this screenshot few days ago and I can't find it again on their aopp.group website (they removed wallets section from main page)
but you can see that Blue wallet is also working with them with few other wallets.

Sparrow Software Wallet was on that list but they are also removing AOPP in next release after receiving many complains from people:
https://github.com/sparrowwallet/sparrow/commit/c81f3d9f5d1cbe2a9be93f2f3e86e85bf91efe42

I don't know anything about Edge, Mt Pelerin, Relai and Aktionariat, but we should keep an eye on them.




legendary
Activity: 2268
Merit: 18748
January 29, 2022, 03:33:20 PM
#23
ProtonMail's privacy policy stated they would do exactly what they did long before they did it. It sucks for the user in question, but they should have been aware of what they were signing up to and taken steps to mitigate that risk, which would have been as simple as using Tor. No company, service, or software can possibly guarantee 100% privacy or anonymity, and so signing up to any email provider, VPN, or similar and thinking that that is job done is stupid.

Here's a post I made about the ProtonMail issue a few months ago:

the fact that proton mail more or less gave up the ID of a user.
I think it's worth expanding on this a little. ProtonMail received a legally binding request from Swiss federal authorities which they were unable to challenge. They had no IP logs to provide, but were forced to start collecting IP logs after receiving the request or shutdown completely and face criminal charges themselves for acting illegally. It has always been spelled out quite clearly in their Transparency Report that they would have to comply with legally binding requests from Swiss law enforcement, which is exactly what happened here. Here is an archived copy of their Transparency Report from way before this incident that says all that: https://archive.is/pCZ03

Quote
Therefore, ProtonMail only complies to two types of orders: (1) orders from the Swiss authorities and (2) foreign requests that have been duly instructed and validated by Swiss authorities through an international legal assistance procedure and determined to be in compliance with Swiss law.

In addition to the items listed in our privacy policy, in extreme criminal cases, ProtonMail may also be obligated to monitor the IP addresses which are being used to access the ProtonMail accounts which are engaged in criminal activities. Under no circumstances will ProtonMail be able to provide the contents of end-to-end encrypted messages sent on ProtonMail.

If the user in question had used Tor, they would not be in this situation. Interestingly, also a VPN would have been sufficient in this scenario since Swiss law does not permit VPN providers to log IP addresses in the same way it allows email providers to log IP addresses.

So yeah, it's shit for the individual in question, but ProtonMail were only behaving in the way they said they would. But having said all that, I still wouldn't trust a third party provider not to decrypt your information (or at least try to) if they were forced to. Tor and PGP should be a must.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
January 29, 2022, 02:23:51 PM
#22
I just have an impression that mentioned companies build different image.
Isn't that the same with virtually all companies? Google doesn't do evil, right? And Coca-Cola means happyness while McDonalds is fast. People in general are too naive.
legendary
Activity: 952
Merit: 1385
January 29, 2022, 02:18:31 PM
#21
I agree with all you wrote, I just have an impression that mentioned companies build different image.
And of course it is difficult blame someone base on someone’s else impression;)
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
January 29, 2022, 02:12:33 PM
#20
And then you see that Proton is not as anonymous as you expected and quietly changes it's privacy policy:
https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/
I've read about that case, and as far as I know Protonmail did exactly as they said in their Terms: they have to follow the law of their country. Being an activist, it's dumb and unnecessary to let your email provider know your IP address. There's a reason Protonmail is available on protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion.

Quote
In other words - you build your brand and then you suddenly change your rules, do 180 turn.
What other option than complying with national laws do they have? They're not above the law in their country. All they can do is choose a jurisdiction that matches the level of privacy they want to offer as closely as possible.
legendary
Activity: 952
Merit: 1385
January 29, 2022, 01:21:10 PM
#19
Quote
it does reveal some questionable thought processes and direction of the Trezor team.
Isn't it simply about money? They thought they could get more users by adding AOPP, so they did it. Then they realized existing users won't like it, so they removed it again.
Wait until they realize how much they can earn selling IP and address data to chain spying companies!

I have a strange feeling that something has changed recently. Maybe some forces has started pushing, maybe some companies decided to change their profile.

And then you see that Proton is not as anonymous as you expected and quietly changes it's privacy policy:
https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/

And then the same story with NordVPN which for years stated that they are zero logs company:
First VPNlab.net is closed (https://www.europol.europa.eu/media-press/newsroom/news/unhappy-new-year-for-cybercriminals-vpnlabnet-goes-offline) and then:
https://www.pcmag.com/news/nordvpn-actually-we-do-comply-with-law-enforcement-data-requests
As
Quote
NordVPN operates under the jurisdiction of Panama and will not comply with requests from foreign governments and law enforcement agencies. We are 100% committed to our zero-logs policy – we never log the activities of our users to ensure their ultimate privacy and security.
becames:
Quote
NordVPN operates under the jurisdiction of Panama and will only comply with requests from foreign governments and law enforcement agencies if these requests are delivered according to laws and regulations. We are 100% committed to our zero-logs policy – to ensure users’ ultimate privacy and security, we never log their activity unless ordered by a court in an appropriate, legal way.

In other words - you build your brand and then you suddenly change your rules, do 180 turn.

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
January 29, 2022, 09:48:39 AM
#18
And they'll tax you on funds you don't longer own, such as bitcoin held by lost wallets or lost private keys? That seems ridiculous.
No, they'll tax you (retroactively) when you find back your keys after 20 years.

Quote
it does reveal some questionable thought processes and direction of the Trezor team.
Isn't it simply about money? They thought they could get more users by adding AOPP, so they did it. Then they realized existing users won't like it, so they removed it again.
Wait until they realize how much they can earn selling IP and address data to chain spying companies!
hero member
Activity: 776
Merit: 557
January 29, 2022, 09:29:39 AM
#17
I don't think that's going to do much good. For the wealth tax for instance they can go back 5 years, and if funds are abroad they'll go back 12 years.
And they'll tax you on funds you don't longer own, such as bitcoin held by lost wallets or lost private keys? That seems ridiculous.
It would be ridiculous how can they require INCOME tax or CAPITAL GAIN tax on something that you have not earned? It would be theft and not tax. For what reason are hardware wallets which are suppose to the best interest  for peoples security allowing this to happen without any resistance? If they are suppose to be the most secure then privacy is part of security.

I don't think that's going to do much good. For the wealth tax for instance they can go back 5 years, and if funds are abroad they'll go back 12 years.
And they'll tax you on funds you don't longer own, such as bitcoin held by lost wallets or lost private keys? That seems ridiculous.

Or it might be true that they introduced it because they thought some people could find it useful, and the rest (those who aren't affected) wouldn't care.
I'm sure some people would find it useful if they could upload their KYC documents to their Trezor and then just connect up their Trezor every time a new exchange asks for KYC and it sends it all off for them. And some people will find it useful that Ledger are letting them complete KYC to link a crypto debit card directly to their hardware wallet. Doesn't mean these things are good ideas or that they should be introduced simply because some people might benefit. Hardware wallets should not be implementing features (and therefore indicating support for such features) which help to reduce privacy or security.

It's good that they are removing this, but it does reveal some questionable thought processes and direction of the Trezor team.
This always is what happens they convince you that you need these things make them streamlined and then people do not resist! Im tired  of our privacy getting destroyed because without any compensation I think if the companies want to violate my privacy they should be dropping their fees because of it but no they still charge the same amount and and require more intrusive information from me

It's good that they are removing this, but it does reveal some questionable thought processes and direction of the Trezor team.
I lost my faith in them. Are there any others which care about users?
legendary
Activity: 2268
Merit: 18748
January 29, 2022, 06:47:12 AM
#16
I don't think that's going to do much good. For the wealth tax for instance they can go back 5 years, and if funds are abroad they'll go back 12 years.
And they'll tax you on funds you don't longer own, such as bitcoin held by lost wallets or lost private keys? That seems ridiculous.

Or it might be true that they introduced it because they thought some people could find it useful, and the rest (those who aren't affected) wouldn't care.
I'm sure some people would find it useful if they could upload their KYC documents to their Trezor and then just connect up their Trezor every time a new exchange asks for KYC and it sends it all off for them. And some people will find it useful that Ledger are letting them complete KYC to link a crypto debit card directly to their hardware wallet. Doesn't mean these things are good ideas or that they should be introduced simply because some people might benefit. Hardware wallets should not be implementing features (and therefore indicating support for such features) which help to reduce privacy or security.

It's good that they are removing this, but it does reveal some questionable thought processes and direction of the Trezor team.
legendary
Activity: 2730
Merit: 7065
January 29, 2022, 02:49:13 AM
#15
If the "AOPP integration" part it's just going to be an "optional feature" from Trezor's side, I don't see it as a bad thing...
I think this quote from their recent blog post answers your question:

They changed their mind. But they are contracting themselves.
Contradicting?

First they say that they are against regulations such as AOPP.
...
But a few lines later, they say that they discussed that subject for almost a year with no opposition, and they did not expected any  Huh
...
How come you didn't expect any opposition if you are against this kind of regulation in the first place? The opposition should have come from inside
I see it as give the people what they want. More precisely, give them what they need if they are from Switzerland. This might be just a PR stunt from Trezor saying we are good guys, and we did it for your benefit. Or it might be true that they introduced it because they thought some people could find it useful, and the rest (those who aren't affected) wouldn't care. Seeing the negative comments that came with the AOPP Integration, they changed their mind.

At the end of their blog post, they state that even after they remove AOPP, everything it does can still be achieved with the Sign & Verify feature.   
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
January 28, 2022, 12:15:15 PM
#14

They changed their mind. But they are contracting themselves.

First they say that they are against regulations such as AOPP.

Quote
We underestimated how this feature would be received, and we are against the regulations that concern AOPP. Adopting AOPP was a small step toward improving usability for a portion of our customers with restricted access to bitcoin. It was not a step taken due to any external pressure, regulatory or otherwise, and no similar implementations are planned.

But a few lines later, they say that they discussed that subject for almost a year with no opposition, and they did not expected any  Huh

Quote
The question of whether we should support AOPP had been discussed publicly for almost a year with no opposition.
...
Our company operates with maximum transparency and we did not expect this feature to be controversial.

How come you didn't expect any opposition if you are against this kind of regulation in the first place? The opposition should have come from inside.
Pages:
Jump to: