Topic: Trezor AOPP Integration - page 3. (Read 689 times)

Me neither.
I was surprised to see Blue wallet on that list, and I like how it worked as a mobile wallet, but I won't recommend it anymore.
Nobody asked customers and regular users if they want to have this anti-privacy feature or not, they just want to kiss ass of governments, now they should suffer.

It's not just related with hardware wallets, and this can easily expand to all mobile wallet if there wasn't such a big negative reaction from people.
I am sure that soon all binance supported wallet will rush to apply for aopp as soon as possible, like Safepal hardware wallet or Trust Wallet.
Maybe they are not focused on desktop wallets so much, so I hope Electrum wallet won't do that ever :/
We should seriously consider traveling without any (visible) bitcoin wallets cross border, just to be extra safe.

Okay, so it would be more about showing unwillingness to aid in the oppression than actively trying to prevent it. Sounds good to me!

Sure, but signing something with a key is integral to how bitcoin works and there is no possible way to get rid of it. This AOPP is completely optional and unnecessary, and bitcoin will work just fine without it. Also, go check out https://aopp.group/. The whole page talks about how they are doing it to comply with government regulations. "We're not the bad guys, we just want to make it as easy as possible for you to submit to this intrusive nonsense." I don't care if that's the case - I'm not going to use a wallet which makes it easier for governments to control and monitor their citizens.

I'm certain they will. But again, hardware wallets shouldn't be actively helping them to do so. It shouldn't be a case of "The government are going to oppress you, but we will make that oppression as smooth as possible". It should be a case of "We do not agree with this oppression and we will fight against it", much like the Bitonic exchange we discussed above did.

Again, I agree, but signalling they are against something bad which is going to happen anyway is still far preferable to aiding it along.

I get your point; though technically, the feature itself is not necessarily only usable for privacy invasion. In fact, on this level, you already have privacy invading 'features' that are 'spilled over' into all of your wallets in a way, since you can sign messages with them.

Just like you could use AOPP to prove ownership of an address to a centralized KYC exchange, you could manually use the normal signing feature to prove ownership of an address to a centralized KYC exchange.

Also people are going to continue linking themselves with their addresses, if their law demands it and I'm telling you how: the exchanges will explain them how to manually sign those messages and manually send them over. (I think this was the way to go before AOPP existed, actually). If we remove signing features, they will require of people to send them freaking pictures of themselves with their ID card and wallet in hand or something. Or they will be forced to use wallets made by the exchange (see Coinbase wallet).

Since we cannot and should not remove the signing functionality from wallets, the Swiss people will probably gain nothing from this AOPP 'removal' and just lose a bit of convenience. Unfortunately, I don't think having to manually sign a message will make them switch to a non-KYC exchange. Maybe, with more and more difficulties added (performing KYC is already a PITA usually), they will indeed start looking for alternatives. Just non-commercial decentralized stuff usually doesn't have the budget to get top spots on search engines, I guess...

This I totally understand and totally agree with.

I'm 100% with you on this!


TL;DR: I think at most, we can hope that wallets send like a 'message'. A symbolic statement that they don't agree with privacy invasion and don't actively support it. But really preventing it - they can't.

Of course exchanges are linking addresses to your real name, and of course they are employing (or even owning) blockchain analysis companies to deanonymize you as much as possible. Everyone knows that, and people like me who are disgusted at that avoid using centralized exchanges. What I don't expect is that kind of privacy invasion to spill over in to my wallet, software or hardware. And even if AOPP doesn't directly invade my privacy, or indeed is only an optional feature, I will not support any wallet which signals that they are going to be complicit in centralized exchanges trying to destroy the very nature of bitcoin.

They can't destroy our privacy in one fell swoop. If they turned around tomorrow and said every bitcoin address must be linked to someone via KYC or be blacklisted by every exchange, service, node, miner, etc., then (hopefully!) the community would revolt. But if we are just going to shrug our shoulders at every small invasion of our privacy, then we will get there eventually. They will just keeping pushing more and more until our privacy is all but gone. Because let's be frank - the hideous scenario I've just described is the end goal for the government if they can't shutdown bitcoin entirely.

People usually tend to react in the last minute with serious stuff and I think this was serious, but people won this battle for now.
Let me be clear, no regulators or governments can't do shit if enough people refuse to comply with them and obey their more and more crazy rules, regulations and taxes.
Same thing with AOPP, it's one tiny thing now, but it could grow into something much more dangerous if people didn't rise their voices.
Imagine that even AOPP website had to remove all wallets, and two wallets are removing direct AOPP protocol after just few days of complains.
If your country have some stupid rules like AOPP, protest  and complain about that, don't just obey like a good little slave.

This is the only way, but it's not that simple and most people are to lazy for this, they always want someone else to create something for them.
I think there was several attempts for creating city states on water, even theymos talked about this, but I haven't seen any real steps towards this.
Yes, there are some semi-states in neutral zones like Liberland, but they are not really free if you dive and research deeper about them.
For now best experiment we have (and it's not perfect) is El Salvador with bitcoin legal tender, but we need to go step further.

I'm pretty sure these exchanges have it somewhere in their ToS (or could add it) that you agree that you verify the address is correct (alone for liability reasons), that it's your full responsibility to make sure you have control over it and will be able to access the funds after hitting withdraw. So non-deniability of CTRL+C/V mistake is also possible through ToS and without AOPP. No AOPP != privacy, needless to say.

That makes sense; I guess the best solution (as has always been - no newsflash) remains P2P over Tor, and mining (though obviously they can come after miners as well, as we have seen in China). In the end, this starts to get more into a 'Politics' topic (authoritarian regimes wanting to control everything) rather than 'Hardware wallets'.

Totalitarians and ones aspiring to become that, can definitely make it hard to use cryptocurrencies; I agree. Especially stuff like Monero starts to be more and more 'criminalized'. It's a pity, but at a certain point, you can't solve the issues technologically. You can use a VPN - they can ban VPNs. You can use Tor - they can ban Tor. You see, this goes ad absurdum. In the end Bitcoiners will move out and create their own state or something. LOL!

No honestly, the peoples of the world really need to understand data privacy and stop voting for idiots that want to incriminate them for wanting what I consider a basic human right - privacy. It's really a political issue.

It happens: How to lose your Bitcoins with CTRL-C CTRL-V.

I read a long time ago already the Netherlands wanted to assume anyone who uses a mixer is a criminal. I don't think they've managed to pull that off yet, but they would if they could.

How do you have more privacy if you only give the exchange your address compared to giving it and signing a message with it?
From my understanding, the only difference is (plausible?) deniability.

In theory, without AOPP, you could argue that the address they sent 1BTC to, doesn't belong to you.
In reality, nobody will believe that you're wiring an exchange $30,000 in exchange for them sending 1BTC to an address you have no control over, right?

So the best practice stays what it has always been: receive your funds, mix them, then do whatever you want.
Newsflash: exchanges are linking addresses to names without AOPP as well...

=> am I missing something here or is this AOPP outrage really all for nothing?
I mean, sure, some wallets are removing the functionality again, but it's just that: a functionality. You can also just not use it. I mean, you could put your real name, address and phone number in your Bitcointalk account, but you don't have to. There's a choice...

---

Oh gosh please no. As if there were only two wallet companies in existence? And how do you go from 'Trezor has an issue' to 'Get this closed source non-durable thing whose company seems super shady lately'? I'd rather recommend checking out this list of open-source hardware wallets and making a choice from there. Also, another newsflash: you can use the Trezor without AOPP!

AOPP integration is much deeper topic and I didn't want to comment anything about this topic for few days because I saw huge complains towards Trezor and I expected them to change their decision.
Aopp.group is now only related to Switzerland but there is a danger that other countries may adopt this system if manufacturers and developers accept their protocol.
Problem is that it's not only Trezor who was involved with AOPP and other wallets both software and hardware.

BitBox hardware wallet by Shiftcrypto (they are from Switzerland)

This is how BitBox simply explained how Address Ownership Proof Protocol (AOPP) works:
https://shiftcrypto.support/help/en-us/15-other/178-what-is-the-address-ownership-proof-protocol-aopp



I took this screenshot few days ago and I can't find it again on their aopp.group website (they removed wallets section from main page)
but you can see that Blue wallet is also working with them with few other wallets.

Sparrow Software Wallet was on that list but they are also removing AOPP in next release after receiving many complains from people:
https://github.com/sparrowwallet/sparrow/commit/c81f3d9f5d1cbe2a9be93f2f3e86e85bf91efe42

I don't know anything about Edge, Mt Pelerin, Relai and Aktionariat, but we should keep an eye on them.

ProtonMail's privacy policy stated they would do exactly what they did long before they did it. It sucks for the user in question, but they should have been aware of what they were signing up to and taken steps to mitigate that risk, which would have been as simple as using Tor. No company, service, or software can possibly guarantee 100% privacy or anonymity, and so signing up to any email provider, VPN, or similar and thinking that that is job done is stupid.

Here's a post I made about the ProtonMail issue a few months ago:

Isn't that the same with virtually all companies? Google doesn't do evil, right? And Coca-Cola means happyness while McDonalds is fast. People in general are too naive.

I agree with all you wrote, I just have an impression that mentioned companies build different image.
And of course it is difficult blame someone base on someone’s else impression;)

I've read about that case, and as far as I know Protonmail did exactly as they said in their Terms: they have to follow the law of their country. Being an activist, it's dumb and unnecessary to let your email provider know your IP address. There's a reason Protonmail is available on protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion.

What other option than complying with national laws do they have? They're not above the law in their country. All they can do is choose a jurisdiction that matches the level of privacy they want to offer as closely as possible.

I have a strange feeling that something has changed recently. Maybe some forces has started pushing, maybe some companies decided to change their profile.

And then you see that Proton is not as anonymous as you expected and quietly changes it's privacy policy:
https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/

And then the same story with NordVPN which for years stated that they are zero logs company:
First VPNlab.net is closed (https://www.europol.europa.eu/media-press/newsroom/news/unhappy-new-year-for-cybercriminals-vpnlabnet-goes-offline) and then:
https://www.pcmag.com/news/nordvpn-actually-we-do-comply-with-law-enforcement-data-requests
As
becames:

In other words - you build your brand and then you suddenly change your rules, do 180 turn.

No, they'll tax you (retroactively) when you find back your keys after 20 years.

Isn't it simply about money? They thought they could get more users by adding AOPP, so they did it. Then they realized existing users won't like it, so they removed it again.
Wait until they realize how much they can earn selling IP and address data to chain spying companies!

It would be ridiculous how can they require INCOME tax or CAPITAL GAIN tax on something that you have not earned? It would be theft and not tax. For what reason are hardware wallets which are suppose to the best interest  for peoples security allowing this to happen without any resistance? If they are suppose to be the most secure then privacy is part of security.

This always is what happens they convince you that you need these things make them streamlined and then people do not resist! Im tired  of our privacy getting destroyed because without any compensation I think if the companies want to violate my privacy they should be dropping their fees because of it but no they still charge the same amount and and require more intrusive information from me

I lost my faith in them. Are there any others which care about users?

And they'll tax you on funds you don't longer own, such as bitcoin held by lost wallets or lost private keys? That seems ridiculous.

I'm sure some people would find it useful if they could upload their KYC documents to their Trezor and then just connect up their Trezor every time a new exchange asks for KYC and it sends it all off for them. And some people will find it useful that Ledger are letting them complete KYC to link a crypto debit card directly to their hardware wallet. Doesn't mean these things are good ideas or that they should be introduced simply because some people might benefit. Hardware wallets should not be implementing features (and therefore indicating support for such features) which help to reduce privacy or security.

It's good that they are removing this, but it does reveal some questionable thought processes and direction of the Trezor team.

I think this quote from their recent blog post answers your question:

Contradicting?

I see it as give the people what they want. More precisely, give them what they need if they are from Switzerland. This might be just a PR stunt from Trezor saying we are good guys, and we did it for your benefit. Or it might be true that they introduced it because they thought some people could find it useful, and the rest (those who aren't affected) wouldn't care. Seeing the negative comments that came with the AOPP Integration, they changed their mind.

At the end of their blog post, they state that even after they remove AOPP, everything it does can still be achieved with the Sign & Verify feature.   

They changed their mind. But they are contracting themselves.

First they say that they are against regulations such as AOPP.


But a few lines later, they say that they discussed that subject for almost a year with no opposition, and they did not expected any 


How come you didn't expect any opposition if you are against this kind of regulation in the first place? The opposition should have come from inside.