Author

Topic: Trezor AOPP Integration (Read 758 times)

legendary
Activity: 2212
Merit: 7064
February 13, 2022, 02:50:46 PM
#73
I'm not sure it's fair to say it is "based on Chromium"...
And if they are using OS provided rendering, then this probably also means it won't have a Linux release any time soon. And they will probably have very limited support for extensions such as uBlock Origin.
I don't think Bromite will ever create any browser version for desktop operating system, not for Linux, Windows or Mac... they are focused only on mobile devices,
and even on their website they are claiming to be Chromium fork so I won't argue with that:
https://www.bromite.org/

So highly unlikely to tempt me away from my Firefox/Tor combo.
Are you really so stuck with Mozilla even after they announced partnership with Meta aka Facebook for creating better ''privacy'' for users Tongue
It's time to move on from Firefox browser and use some forks, or maybe even creating something totally new.
Next thing we can expect from Mozilla is probably some new monster Frankenstein browser.

Let's get back to AOPP topic guys.
Any news for that or everyone abandoned the ship?  Cheesy




legendary
Activity: 1148
Merit: 3117
February 13, 2022, 08:32:04 AM
#72
I'm not sure it's fair to say it is "based on Chromium"; probably more accurate to say it's based on Blink for Windows or WebKit for Mac. Disappointing they aren't using Gecko, though.
Yup, I might have mistyped the "based" section, they seem to use those sources for their browser, even though I wasn't able to find an official confirmation of it though. It's shocking to see that so many browser engines went dead ever since the first conception of NCSA Mosaic engine. This website[1] really gives us a shocking overview of the current "era" for browser engines and, regarding Gecko, they do have this "interesting" entry:
And if they are using OS provided rendering, then this probably also means it won't have a Linux release any time soon. And they will probably have very limited support for extensions such as uBlock Origin. So highly unlikely to tempt me away from my Firefox/Tor combo.
You're also right - as of now no mention of a Linux release was made according to my research on their official media accounts/interviews. The same interview (from Verge) tells us that:
Quote
The browser is currently in a closed beta test on macOS, but a tweet from Weinberg hints that DuckDuckGo is getting it ready for Windows as well. There’s no word on when the desktop browser will become publicly available.
ItsFossNews[2] seems to support my findings since the report also claims that Linux users are still unsure if the browser will eventually be launched for them...

[1]https://eylenburg.github.io/browser_engines.htm
[2]https://news.itsfoss.com/duckduckgo-desktop-browser/
legendary
Activity: 2268
Merit: 18775
February 13, 2022, 07:47:38 AM
#71
According to a recent interview[2] from Allison Johnson - Senior Communications Manager at DDG - it's based on Chromium on a rendering level
I'm not sure it's fair to say it is "based on Chromium"; probably more accurate to say it's based on Blink for Windows or WebKit for Mac. Disappointing they aren't using Gecko, though. And if they are using OS provided rendering, then this probably also means it won't have a Linux release any time soon. And they will probably have very limited support for extensions such as uBlock Origin. So highly unlikely to tempt me away from my Firefox/Tor combo.
legendary
Activity: 1148
Merit: 3117
February 12, 2022, 07:59:13 PM
#70
Only on Firefox on Android, as far as I am aware. Last time I checked mobile Chrome does not support any extensions at all.
I think that Bromite browser, that is open source Chromium fork, has some integrated adblocker, it's not exactly UblockerOrigin but it get's the job done most of the time.
It does have an integrated adblocker, but you are also free to add and create your own custom list[1]. I've been using it for a while now (after using Firefox Nightly for a couple of months) and so far so good.

Not entirely true... because DuckDuckGo have their own Privacy Browser for mobile devices, but I am not exactly sure if it is based on Chromium, on Mozilla Firefox, or on something else.
According to a recent interview[2] from Allison Johnson - Senior Communications Manager at DDG - it's based on Chromium on a rendering level:
Quote
“macOS and Windows both now offer website rendering APIs (WebView/WebView2) that any application can use to render a website. That’s what we’ve used to build our app on desktop,” Allison Johnson, the senior communications manager at DuckDuckGo, explained in a statement to The Verge.

“Instead, we’re building the desktop app from the ground up around the OS-provided rendering APIs. This means that anything beyond website rendering (e.g., tabs & bookmark management, navigation controls, passwords etc.) we have to build ourselves.”

[1]https://www.bromite.org/custom-filters
[2]https://www.theverge.com/2021/12/21/22848133/duckduckgo-browser-pc-mac-beta-privacy-default-settings
legendary
Activity: 2730
Merit: 7065
February 12, 2022, 04:08:07 AM
#69
New features are Anchor links for highlighting specific section and new custom home screen:
Anchor links can be very useful for websites with a lot of content because clicking on a button or an image takes you to that particular section of the page. I wonder in what parts of the Trezor Suite that would be needed? Maybe some sorts of explanations. When entering and dealing with transaction data, there isn't that much that needs to be entered.   
legendary
Activity: 2212
Merit: 7064
February 09, 2022, 02:06:55 PM
#68
I just notice that Trezor pre-released new version of Trezor Suite app that can be installed if you opted-in and enabled their Early Access Program, and they removed AOPP already!
They listed removal of AOPP as improvement  Cheesy and they also improved QR code support making them bigger, they improved navigation and made other minor improvements.
New features are Anchor links for highlighting specific section and new custom home screen:
https://github.com/trezor/trezor-suite/releases/tag/v22.2.1

I would like to clarify that you're still mixing up stuff: Chrome is a browser. DuckDuckGo is a search engine.
Not entirely true... because DuckDuckGo have their own Privacy Browser for mobile devices, but I am not exactly sure if it is based on Chromium, on Mozilla Firefox, or on something else.
DDG mobile browser is not my favorite and I think there are much better options out there, at least for android phones.
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
February 08, 2022, 08:05:38 PM
#67
Another example, I often share Satoshis smart contract escrow proposal thread from here. If you search “Satoshi bitcointalk escrow” on DDG it’s not even on the first page. Search for it on chrome and it comes up very first link.
I would like to clarify that you're still mixing up stuff: Chrome is a browser. DuckDuckGo is a search engine. You can obviously run Firefox browser with DDG as default search engine and if you feel you're not getting good results, do the occasional Google search. From within Firefox.
A browser is not bound to a specific search engine usually - and if it is, you probably should switch browser, seriously.

In fact, one of my favourite DDG features is that you can temporarily switch search engine just with some small edits to your search query.
For example, you can just type 'satoshi bitcointalk escrow !g' and it would redirect you to a google search of that term. Or, if you want to use Google search for a query, but with some sort of proxy in between, there is the '!sp' option (StartPage) which will basically give Google results without having to visit Google.

Even for other reasons it's pretty cool; e.g. you can usually append an i to search for images. 'random coin i want !spi' would search on StartPage for 'random coin i want'.

All of these 'bangs' can be found here.

Let's get back on topic with AOPP, and let me say that I am not sure how exactly initiated it's creation, but it's nothing more than signing a message and connecting it with person identity.
I think this bad idea is dead after reaction from people, but I am sure regulators will try again with some new ''revolutionary'' tool soon.
While I'm not keeping my hopes up, it would be great if the community as a whole learned a lesson with this AOPP catastrophe; in that we all should have noticed the sneaky introduction of it and implementation into most (also many quite good) wallets and 'protested' back then and there. I'm not sure what exactly started the recent outrage, but it is clear it should have happened way earlier. Hopefully this will be a lesson and our 'response' will be much quicker in the future.
legendary
Activity: 2212
Merit: 7064
February 08, 2022, 12:05:49 PM
#66
Only on Firefox on Android, as far as I am aware. Last time I checked mobile Chrome does not support any extensions at all.
I think that Bromite browser, that is open source Chromium fork, has some integrated adblocker, it's not exactly UblockerOrigin but it get's the job done most of the time.
There is also DuckDuckGo Privacy Browser with their own ad-blocker but I don't like how it's working.
I can't speak much about iOS phones, and I think that apple messed up a lot of things in that front.
legendary
Activity: 2268
Merit: 18775
February 08, 2022, 11:54:04 AM
#65
I think this bad idea is dead after reaction from people, but I am sure regulators will try again with some new ''revolutionary'' tool soon.
I'm sure they will try again with the exact same tool, but rebranded to "message signing UX streamlining" or something similar.

Is this something that can be used on mobile? I will definitely download this for my laptop and desktop when I get home.
Only on Firefox on Android, as far as I am aware. Last time I checked mobile Chrome does not support any extensions at all.

It doesn't work on iOS since every browser on iOS is really just Safari in disguise and only allows the installation of Apple extensions. There are less good alternatives you can use on iOS.
legendary
Activity: 2212
Merit: 7064
February 08, 2022, 11:53:44 AM
#64
Is this something that can be used on mobile? I will definitely download this for my laptop and desktop when I get home.  
There are some mobile browsers with ublockorigin integrated, but you can use something called Blokada5 for your phone, this is probably the best ad-blocker for Andoid smartphones.
Blocks ads and trackers in all apps/browsers, and you don't need to root or jailbreak your phone... best of all it's free open source app.
Don't forget to do your own research before installing anything on your phone:
https://blokada.org/
legendary
Activity: 2282
Merit: 3014
February 08, 2022, 11:06:17 AM
#63
-snip-
Sure, I agree that DDG search results often aren't quite as good as Google's, but the Google search engine is quite distinct from the Chrome browser. No reason you can't use Google search on Firefox. And if you want to take it to the next level, then you can use something like https://www.startpage.com, which searches Google privately on your behalf and returns you the results without any tracking or other nonsense. I always use this when I'm looking for bitcointalk threads since I agree DDG just doesn't index them well at all. Or go a step further and use https://searx.me, which does the same thing of searching other search engines privately for you, but you can build a profile (or multiple different profiles) specifying which search engines to search.

Great info thanks for sharing.  You're right I should just be using the browser inside of DDG or FF instead of using Chrome.  I guess I didn't think that there really was a difference, but this makes sense.


Google is far better in quite a few ways but I’ll provide some examples. I’m a coin collector so when trying to search for coins by name, chrome will return FAR better/more efficient results than anything else. That includes just the normal search and the photo search option.
I would be careful with doing that. Google will gladly advertise phishing sites and display them on top of the search results with an ad notification next to the name. That practice has led people to lose their money or credentials by logging in to fake sites pretending to be legitimate ones. We have seen that with exchanges, software wallets, and other services relating to cryptocurrencies.  

Thanks for the heads up.  I think I do a pretty good job of trying to avoid that kind of stuff, but I'm not Mr Robot and I'm sure I'm far from perfect.  Will be careful with this going forward.

Regardless of which browser or search engine you use, there is no excuse for not using uBlock Origin which will completely remove these scammy ads. You'll find links for installation for Firefox, Chrome, Edge, Safari, and Opera on their sites below.

Website: https://ublockorigin.com/
GitHub: https://github.com/gorhill/uBlock

The only browser you shouldn't be using it on is Tor, unless you know what you are doing and understand the privacy risks which come alongside installing additional extensions to Tor. (Although it is worth pointing out that Tor on Tails comes bundled with uBlock Origin already installed, so as long as you leave it on default settings then you will still have a reasonably sized anonymity set.)

Is this something that can be used on mobile? I will definitely download this for my laptop and desktop when I get home. 
legendary
Activity: 2212
Merit: 7064
February 06, 2022, 04:07:04 PM
#62
Regardless of which browser or search engine you use, there is no excuse for not using uBlock Origin which will completely remove these scammy ads. You'll find links for installation for Firefox, Chrome, Edge, Safari, and Opera on their sites below.
I have been using uBlock origin for many years, so much that I mostly got used to browsing web without any ads, so recently I had to use one ''normal'' computer for a short time, and it was unbearable.
I really don't understand how people can watch youtube or browse website with all that shut popping out all the time.
As for internet search engines, DDG is not the only alternative for google bigbrother, you can try brave search, qwant, startpage, searx, and even yandex search is much better than Gsearch.
Imagine earning bitcoin sats while browing internet... maybe some smart developer can create alternative search engine like this.

Let's get back on topic with AOPP, and let me say that I am not sure how exactly initiated it's creation, but it's nothing more than signing a message and connecting it with person identity.
I think this bad idea is dead after reaction from people, but I am sure regulators will try again with some new ''revolutionary'' tool soon.


legendary
Activity: 2268
Merit: 18775
February 06, 2022, 02:56:45 PM
#61
Regardless of which browser or search engine you use, there is no excuse for not using uBlock Origin which will completely remove these scammy ads. You'll find links for installation for Firefox, Chrome, Edge, Safari, and Opera on their sites below.

Website: https://ublockorigin.com/
GitHub: https://github.com/gorhill/uBlock

The only browser you shouldn't be using it on is Tor, unless you know what you are doing and understand the privacy risks which come alongside installing additional extensions to Tor. (Although it is worth pointing out that Tor on Tails comes bundled with uBlock Origin already installed, so as long as you leave it on default settings then you will still have a reasonably sized anonymity set.)
legendary
Activity: 2730
Merit: 7065
February 06, 2022, 02:46:37 PM
#60
Google is far better in quite a few ways but I’ll provide some examples. I’m a coin collector so when trying to search for coins by name, chrome will return FAR better/more efficient results than anything else. That includes just the normal search and the photo search option.
I would be careful with doing that. Google will gladly advertise phishing sites and display them on top of the search results with an ad notification next to the name. That practice has led people to lose their money or credentials by logging in to fake sites pretending to be legitimate ones. We have seen that with exchanges, software wallets, and other services relating to cryptocurrencies.   
legendary
Activity: 2268
Merit: 18775
February 06, 2022, 12:39:33 PM
#59
-snip-
Sure, I agree that DDG search results often aren't quite as good as Google's, but the Google search engine is quite distinct from the Chrome browser. No reason you can't use Google search on Firefox. And if you want to take it to the next level, then you can use something like https://www.startpage.com, which searches Google privately on your behalf and returns you the results without any tracking or other nonsense. I always use this when I'm looking for bitcointalk threads since I agree DDG just doesn't index them well at all. Or go a step further and use https://searx.me, which does the same thing of searching other search engines privately for you, but you can build a profile (or multiple different profiles) specifying which search engines to search.
legendary
Activity: 2282
Merit: 3014
February 06, 2022, 12:16:33 PM
#58
It’s great that these browsers are trying to do a good job of making things more private, but there’s a reason I still use chrome at times, it’s a million times better than anything else and it’s not even close.
Genuine question: In what way is it better? I use Firefox and Tor. Obviously Tor has the usual drawbacks, speed issues, etc., but that is the price you pay for using Tor. Firefox, on the other hand, is both fast and secure and way less resource intensive than Chrome in my experience. Chrome seems to eat RAM like there's no tomorrow.

DuckDuckGo is a search engine, like Google's search engine.
DuckDuckGo have a privacy focused browser app on both Android and iOS, and are currently working on a desktop version too.

And yeah, DDG probably is better than Firefox out-of-the-box, but Firefox provides far more customization and tweaking which allow you to make it very strong from a privacy point of the view if that is your goal, even on mobile versions. Or for desktop go with the LibreWolf fork of Firefox which has all these tweaks already implemented for you.

Thanks for the info. Google is far better in quite a few ways but I’ll provide some examples. I’m a coin collector so when trying to search for coins by name, chrome will return FAR better/more efficient results than anything else. That includes just the normal search and the photo search option. Another example, I often share Satoshis smart contract escrow proposal thread from here. If you search “Satoshi bitcointalk escrow” on DDG it’s not even on the first page. Search for it on chrome and it comes up very first link. Just a couple examples. Believe me I don’t like using Chrome, but often it’s necessary. I mean there’s a reason it’s by far the most used browser right.
legendary
Activity: 2268
Merit: 18775
February 05, 2022, 03:58:55 PM
#57
It’s great that these browsers are trying to do a good job of making things more private, but there’s a reason I still use chrome at times, it’s a million times better than anything else and it’s not even close.
Genuine question: In what way is it better? I use Firefox and Tor. Obviously Tor has the usual drawbacks, speed issues, etc., but that is the price you pay for using Tor. Firefox, on the other hand, is both fast and secure and way less resource intensive than Chrome in my experience. Chrome seems to eat RAM like there's no tomorrow.

DuckDuckGo is a search engine, like Google's search engine.
DuckDuckGo have a privacy focused browser app on both Android and iOS, and are currently working on a desktop version too.

And yeah, DDG probably is better than Firefox out-of-the-box, but Firefox provides far more customization and tweaking which allow you to make it very strong from a privacy point of the view if that is your goal, even on mobile versions. Or for desktop go with the LibreWolf fork of Firefox which has all these tweaks already implemented for you.
legendary
Activity: 2730
Merit: 7065
February 05, 2022, 12:59:47 PM
#56
So it’s just all about better privacy? Isn’t DuckDuck Go better than Firefox just off the bat though? It’s great that these browsers are trying to do a good job of making things more private, but there’s a reason I still use chrome at times, it’s a million times better than anything else and it’s not even close. I just wish the others could catch up a little.
Firefox is an internet browser just like Google Chrome. DuckDuckGo is a search engine, like Google's search engine. The Chrome browser is faster, but that speed has privacy implications. If your anonymity is your #1 concern, Google Chrome and all Google services aren't the way to go to maintain that.
legendary
Activity: 2282
Merit: 3014
February 05, 2022, 12:18:21 PM
#55
What's up with Brave, bad service? I have it and use it sometimes...thought it was pretty legit but what do i know!
I take major issues with how it is run. While marketing themselves as this magic bullet of privacy and anti-tracking, they accept money from companies such as Facebook and Twitter to whitelist their trackers. They still serve ads, just ads that they get paid for instead of other people, and in doing so inject their code in to every single website you visit to remove the native ads and replace them with their own, which is a security risk. They secretly hijack your browser and auto-redirect URLs you enter to include their referral codes. They accept a lot of money from Binance to inject Binance widgets in to the browser and to share your data with Binance. And don't even get me started on how a "privacy" browser can be asking its users for KYC.

All in all, it's probably better than Chrome, but it's far inferior to Firefox in terms of security and privacy. They do a lot of shady stuff behind the scenes, accepting money to sell out on both the privacy and the security of their users, while outright lying in their advertising and marketing.

Appreciate the explanation. Was certainly not aware of any of this.


All in all, it's probably better than Chrome, but it's far inferior to Firefox in terms of security and privacy. They do a lot of shady stuff behind the scenes, accepting money to sell out on both the privacy and the security of their users, while outright lying in their advertising and marketing.
I heard Chromium ('degoogled') should be a good choice as well, but I don't really like the idea of using it myself.

I use firefox as well.

I recently added up these settings to get a better privacy experience in firefox. They called it hardening firefox. This guides helps to prevent telemetry and a few configurations which harms our privacy in the default firefox configuration.
https://chrisx.xyz/blog/yet-another-firefox-hardening-guide/

So it’s just all about better privacy? Isn’t DuckDuck Go better than Firefox just off the bat though? It’s great that these browsers are trying to do a good job of making things more private, but there’s a reason I still use chrome at times, it’s a million times better than anything else and it’s not even close. I just wish the others could catch up a little.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
February 05, 2022, 06:39:10 AM
#54
True, but it's possible some company bet there's less resistance if they implement it in secret rather than announce that they'll implement it.
Unless they're getting paid to implement it, I don't think they'll have any reason to add a feature in secret. Who's going to use it if they don't know it exists?
legendary
Activity: 2268
Merit: 18775
February 05, 2022, 04:01:40 AM
#53
Maybe there are more wallets but they haven't publicly announced their support. Seeing the shit they had to take once it became known who did it, the next step could be to try and implement it in secret without telling anyone about it.
I've checked the GitHubs of all the wallets I use and have found no mention of it, which is reassuring. Implementing it in secret isn't really going to work, since the user will either have to choose to activate it to approve a certain address for an exchange, or will link their wallet to the exchange to have the exchange do it for them, in which case it will be obvious what is happening in the background. They might be able to add it to their wallet in secret, but everyone will know it is there as soon as they are presented with the option to start using it.
legendary
Activity: 2730
Merit: 7065
February 05, 2022, 03:39:35 AM
#52
Now that Trezor, BlueWallet, and Sparrow Wallet are all removing support, that leaves only BitBox, correct?
Among the popular wallets, yes, BitBox is the one that still hasn't turned its back on AOPP. But there are also less-known service providers like Bittr and Pocket, or Aktionariat (whatever that is). Maybe there are more wallets but they haven't publicly announced their support. Seeing the shit they had to take once it became known who did it, the next step could be to try and implement it in secret without telling anyone about it. Especially if they are already closed-source.     
legendary
Activity: 2268
Merit: 18775
February 04, 2022, 10:11:44 AM
#51
Isn't Mozilla doing something similar with Firefox like Brave, behind the scenes? They even returned google as their default search option Cheesy
Yeah, I've been less and less impressed with some of the decisions being made by Mozilla as time goes on, not least of a company supposedly focused on privacy, security, and self ownership of your data deciding to no longer accept cryptocurrency donations.

Samourai Wallet has stated they will not be implementing AOPP and gave a long list of reasons why.
A great point made by Samourai:

Quote
That is nonsense and by buying into this system you are legitimizing the concept that self custody requires permission & compliance.

Requiring that a bank or exchange gives you permission to hold your own coins means, by definition, that said bank or exchange can refuse to give you permission to hold your own coins. This is the exact opposite of what bitcoin stands for, and by supporting AOPP you are supporting this nonsense.

Now that Trezor, BlueWallet, and Sparrow Wallet are all removing support, that leaves only BitBox, correct? And considering they helped to design it I can't see them removing support for it any time soon.

Good job to the community for speaking out so loudly against this privacy invading nonsense. Now you just need to stop using centralized exchanges altogether! Tongue
legendary
Activity: 2730
Merit: 7065
February 04, 2022, 08:52:08 AM
#50
Blue wallet also removed AOPP integration:
Many developers are now afraid of losing customers because of the shitstorm AOPP caused.

Samourai Wallet has stated they will not be implementing AOPP and gave a long list of reasons why.

The mobile lightning wallet Zeus has said the following about AOPP:
Quote
We'd rather nuke our app than support something harmful to Bitcoin like AOPP.
Source: https://twitter.com/ZeusLN/status/1486788819198218241

Blockstream also doesn't want it.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
February 03, 2022, 11:21:20 AM
#49
Getting back to AOPP, what do you guys think will be next hardware wallet to make AOPP integration? Maybe Ledger is next?
I know Keystone wallet is strongly against it and they even had 10% discount code for seven days using Coupon code NoAOPP  Wink
https://nitter.kavin.rocks/KeystoneWallet/status/1486817891202654211

after the disastrous reception of Trezor's implementation of AOPP, which they were basically forced to rollback, i doubt Ledger or any other hardware wallet will freely implement it.

I think they will only do such implementation if forced by legislation. My guess.


edit:
Blue wallet also removed AOPP integration:
https://twitter.com/bluewalletio/status/1486805550608392194
legendary
Activity: 2212
Merit: 7064
February 03, 2022, 10:32:21 AM
#48
All in all, it's probably better than Chrome, but it's far inferior to Firefox in terms of security and privacy. They do a lot of shady stuff behind the scenes, accepting money to sell out on both the privacy and the security of their users, while outright lying in their advertising and marketing.
Isn't Mozilla doing something similar with Firefox like Brave, behind the scenes? They even returned google as their default search option Cheesy
If you want more privacy open source browser than try using Librewolf that is fork of Firefox, and for real privacy just use Tor browser.

By the way; I just wanted to see if there were any news about Passport v2 and found out that apparently @zherbert and his team have a very strong stance against AOPP, basically saying what we concluded in this topic earlier: it's technically just a shortcut to signing messages (which Passport can do), but they don't want to implement it because of the 'symbolic' of not agreeing to make deanonymizing users easy.
Getting back to AOPP, what do you guys think will be next hardware wallet to make AOPP integration? Maybe Ledger is next?
I know Keystone wallet is strongly against it and they even had 10% discount code for seven days using Coupon code NoAOPP  Wink
https://nitter.kavin.rocks/KeystoneWallet/status/1486817891202654211
legendary
Activity: 2268
Merit: 18775
February 03, 2022, 08:38:05 AM
#47
I heard Chromium ('degoogled') should be a good choice as well, but I don't really like the idea of using it myself.
If you really need to use a Chromium based browser for some testing or some broken website which won't work otherwise, then Ungoogled Chromium or Bromite for Android are probably your best bet. But no matter how much tweaking you do of Chromium, you will never be able to remove all the deeply embedded crap from Google.

I recently added up these settings to get a better privacy experience in firefox. They called it hardening firefox. This guides helps to prevent telemetry and a few configurations which harms our privacy in the default firefox configuration.
There are lots of different tools you can use to harden Firefox. Probably the most comprehensive one is to download and use the Arkenfox profile: https://github.com/arkenfox/user.js. If you want something more specific, then you can use this tool to build a custom profile suited to your needs: https://ffprofile.com/. There are also forks of Firefox with a lot of hardening built in, such as: https://librewolf.net/.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
February 03, 2022, 06:40:02 AM
#46
All in all, it's probably better than Chrome, but it's far inferior to Firefox in terms of security and privacy. They do a lot of shady stuff behind the scenes, accepting money to sell out on both the privacy and the security of their users, while outright lying in their advertising and marketing.
I heard Chromium ('degoogled') should be a good choice as well, but I don't really like the idea of using it myself.

I use firefox as well.

I recently added up these settings to get a better privacy experience in firefox. They called it hardening firefox. This guides helps to prevent telemetry and a few configurations which harms our privacy in the default firefox configuration.
https://chrisx.xyz/blog/yet-another-firefox-hardening-guide/
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
February 03, 2022, 06:10:45 AM
#45
All in all, it's probably better than Chrome, but it's far inferior to Firefox in terms of security and privacy. They do a lot of shady stuff behind the scenes, accepting money to sell out on both the privacy and the security of their users, while outright lying in their advertising and marketing.
I heard Chromium ('degoogled') should be a good choice as well, but I don't really like the idea of using it myself.

By the way; I just wanted to see if there were any news about Passport v2 and found out that apparently @zherbert and his team have a very strong stance against AOPP, basically saying what we concluded in this topic earlier: it's technically just a shortcut to signing messages (which Passport can do), but they don't want to implement it because of the 'symbolic' of not agreeing to make deanonymizing users easy.
Man, in my search for a new hardware wallet, Passport are really making it hard not to like them. I just wish they would remove all the unnecessary and risky bloatware they fill their device up with. I'll never buy one unless they do.
I feel the same; but I have to be cautious not to sound like a Passport shill, lol. Though I can always point people to my review, that I think did criticize everything that's wrong / bad about it. Excited to see what changes will be in the v2 and of course going to review it sooner or later as well..
legendary
Activity: 2268
Merit: 18775
February 03, 2022, 04:56:13 AM
#44
What's up with Brave, bad service? I have it and use it sometimes...thought it was pretty legit but what do i know!
I take major issues with how it is run. While marketing themselves as this magic bullet of privacy and anti-tracking, they accept money from companies such as Facebook and Twitter to whitelist their trackers. They still serve ads, just ads that they get paid for instead of other people, and in doing so inject their code in to every single website you visit to remove the native ads and replace them with their own, which is a security risk. They secretly hijack your browser and auto-redirect URLs you enter to include their referral codes. They accept a lot of money from Binance to inject Binance widgets in to the browser and to share your data with Binance. And don't even get me started on how a "privacy" browser can be asking its users for KYC.

All in all, it's probably better than Chrome, but it's far inferior to Firefox in terms of security and privacy. They do a lot of shady stuff behind the scenes, accepting money to sell out on both the privacy and the security of their users, while outright lying in their advertising and marketing.

By the way; I just wanted to see if there were any news about Passport v2 and found out that apparently @zherbert and his team have a very strong stance against AOPP, basically saying what we concluded in this topic earlier: it's technically just a shortcut to signing messages (which Passport can do), but they don't want to implement it because of the 'symbolic' of not agreeing to make deanonymizing users easy.
Man, in my search for a new hardware wallet, Passport are really making it hard not to like them. I just wish they would remove all the unnecessary and risky bloatware they fill their device up with. I'll never buy one unless they do.
legendary
Activity: 2730
Merit: 7065
February 03, 2022, 04:34:50 AM
#43
I took this screenshot few days ago and I can't find it again on their aopp.group website (they removed wallets section from main page)...
It was there, I saw it as well. They might have removed the wallets section, but they forgot something else. If you click on 'Ecosystem', you will see some quotes and feedback from wallet developers on what they have to say about AOPP. That's almost the same thing because they posted which companies those people work for. Smiley
 
Right now, we have BlueWallet, bittr, BitBox, Pocket, Aktionariat, 21 Analytics.
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
February 02, 2022, 04:59:51 PM
#42
In conclusion, it seems to me that many in here (I'm guilty of this as well! Roll Eyes) have been using wallets with AOPP withing the last year without noticing it.
Yeah but we can't actually follow all the updates coming out all the time for various crypto wallets, and people don't pay much attention and they just click update button, especially tiktok short attention span generation.
I was following reactions for BitBox hardware wallet and people are not happy at all about this, but developers don't have any intention to remove full support for AOPP.
To be honest, I am from now on going to carefully read the release notes of the wallets I'm using, for sure. It's much better than noticing it like a year later as in this case.

Let this be a lesson to better verify what we are actually installing and continue supporting when updating our wallets..
I'm pretty sure I've read the "Trezor Suite's January update" before I installed it, but for some reason, I didn't pay enough attention to that feature until ChiBitCTy created this thread [SMH].
Yeah, that's exactly what I mean. Grin Somehow people collectively noticed just now that half the wallets around have incorporated AOPP in their products.



By the way; I just wanted to see if there were any news about Passport v2 and found out that apparently @zherbert and his team have a very strong stance against AOPP, basically saying what we concluded in this topic earlier: it's technically just a shortcut to signing messages (which Passport can do), but they don't want to implement it because of the 'symbolic' of not agreeing to make deanonymizing users easy.
Our concern is if this is just a first step towards more surveillance. Next up might be to require KYC for all UTXOs associated with the transfer, or something like that.

It's a slippery slope, and if we all just blindly comply with this, we set the groundwork for more pain.

Just wanted to put this out here.. Smiley
legendary
Activity: 2968
Merit: 3406
Crypto Swap Exchange
February 02, 2022, 04:46:05 PM
#41
I'm honestly wondering how it was introduced in the first place without anyone noticing, and the big negative reaction only coming in January 2022.
~Snipped~
This may sound like I'm trying to defend Trezor [I'm not, even though I'm using one of their products] but to be fair, Trezor added that feature just "two weeks ago"...

Let this be a lesson to better verify what we are actually installing and continue supporting when updating our wallets..
I'm pretty sure I've read the "Trezor Suite's January update" before I installed it, but for some reason, I didn't pay enough attention to that feature until ChiBitCTy created this thread [SMH].
legendary
Activity: 2282
Merit: 3014
February 02, 2022, 04:10:51 PM
#40
I am sure that soon all binance supported wallet will rush to apply for aopp as soon as possible, like Safepal hardware wallet or Trust Wallet.
Surprised it isn't on the Brave homepage yet. Tongue

What's up with Brave, bad service? I have it and use it sometimes...thought it was pretty legit but what do i know!
legendary
Activity: 2212
Merit: 7064
February 02, 2022, 03:33:38 PM
#39
They should implement this shit on the web3nftdefimetamask stuff if they haven't done so yet. It will be welcomed with open arms and no pesky privacy concerns.
It's dEcEntTraLisEd technology wallet so they must add support asap Cheesy
Just wait for WorldEconomicForum to approve that, they have Aya Miyaguchi as one of Executive Director of eth foundation, just on the left side of mr. V. Buterin.


ethereum.foundation/about/board/

In conclusion, it seems to me that many in here (I'm guilty of this as well! Roll Eyes) have been using wallets with AOPP withing the last year without noticing it.
Yeah but we can't actually follow all the updates coming out all the time for various crypto wallets, and people don't pay much attention and they just click update button, especially tiktok short attention span generation.
I was following reactions for BitBox hardware wallet and people are not happy at all about this, but developers don't have any intention to remove full support for AOPP.
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
February 01, 2022, 08:38:24 PM
#38
It's not just related with hardware wallets, and this can easily expand to all mobile wallet if there wasn't such a big negative reaction from people.
I'm honestly wondering how it was introduced in the first place without anyone noticing, and the big negative reaction only coming in January 2022.
For instance, BlueWallet introduced it in April 2021, almost a year ago.


Sparrow also added it in spring last year.


ShiftCrypto added it in August 2021.

In conclusion, it seems to me that many in here (I'm guilty of this as well! Roll Eyes) have been using wallets with AOPP withing the last year without noticing it. Let this be a lesson to better verify what we are actually installing and continue supporting when updating our wallets..
legendary
Activity: 3654
Merit: 8909
https://bpip.org
February 01, 2022, 12:20:55 PM
#37
~

We're at peak cancel culture apparently. A business deal falls apart - yep, that's because people just want you cancelled for no reason whatsoever, definitely not because your sleazy useless "service" is not wanted or needed. What a bunch of petulant children.

They should implement this shit on the web3nftdefimetamask stuff if they haven't done so yet. It will be welcomed with open arms and no pesky privacy concerns.
legendary
Activity: 2268
Merit: 18775
February 01, 2022, 12:06:09 PM
#36
I am sure that soon all binance supported wallet will rush to apply for aopp as soon as possible, like Safepal hardware wallet or Trust Wallet.
Surprised it isn't on the Brave homepage yet. Tongue

-snip-
Pretty disgusting. But I guess that's to be expected from a company called "21 Analytics" whose entire purpose is to deanonymize you, your addresses, and your transactions, and report all that information to the government. This nonsense about cancel-culture just proves they haven't listened to the community at all or taken onboard literally any of the things people have been saying.

Their GitLab reveals a lot behind their thought processes:

https://gitlab.com/aopp/address-ownership-proof-protocol/-/issues/11 - It used to refer widely to banks. Good thing they changed that to the less offensive "VASP".
https://gitlab.com/aopp/address-ownership-proof-protocol/-/issues/10#note_524146131 - Should we change the name to "control" rather than "ownership". CTO - no, we need to keep it as accessible as possible for lawyers in every jurisdiction in the world.

Quote
And we see ourselves as a vital part of this community.
Hahaha what? A vital part? Bitcoin will do just fine without your stupid protocol, thanks very much.
legendary
Activity: 2212
Merit: 7064
February 01, 2022, 11:59:33 AM
#35
...
Just look at their ridiculous definition of their own AOPP service...
Most exchanges, even centralized with strict kyc don't ask from users some special knowledge for withdrawing coins.
It's simple click of a button and entering your wallet address... I don't see anything complicated there that would need simplification.
Even signing a message is not a big deal with simple instructions, many forum members did it here and they are not experts with some super-secret hidden knowledge.

Quote
AOPP is designed to simplify the user experience of non-expert users who are dealing with difficulties withdrawing their funds from exchanges to their own wallets.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
February 01, 2022, 11:42:01 AM
#34
Also, go check out https://aopp.group/. The whole page talks about how they are doing it to comply with government regulations. "We're not the bad guys
This (which I only read through Tor, of course) is funny:
Quote
Why Did Some Wallets Remove AOPP Support?

Upon pressure on social media some wallets have decided to remove AOPP support.

We are surprised that those wallets don’t deem their users capable of judging by themselves if they want to use AOPP. We can also imagine that fear of the cancel-culture has contributed to those decisions.

The end result is that their users cannot easily withdraw onto their own wallet and will likely keep their coins custodial.
There's absolutely no technical reason a user cannot withdraw without this. They're offering a solution waiting for a problem that has to be created by either governments or exchanges.

It gets even better:
Quote
Is This What Satoshi Has Envisioned?

AOPP is our contribution to empower users to easily hold their coins on their own wallets.
I can't even begin to explain how wrong this is. To hold Bitcoin in your own wallet you don't need AOPP, you don't need centralized services, and you don't need government approval!

Maybe they should read again what Satoshi actually wrote. Just the first sentence is enough:
Satoshi Nakamoto

Abstract. A purely peer-to-peer version of electronic cash would allow online
payments to be sent directly from one party to another without going through a
financial institution.
I'll emphasize:
Quote
without going through a financial institution
legendary
Activity: 2212
Merit: 7064
February 01, 2022, 10:46:13 AM
#33
I'm not going to use a wallet which makes it easier for governments to control and monitor their citizens.
Me neither.
I was surprised to see Blue wallet on that list, and I like how it worked as a mobile wallet, but I won't recommend it anymore.
Nobody asked customers and regular users if they want to have this anti-privacy feature or not, they just want to kiss ass of governments, now they should suffer.

I'm certain they will. But again, hardware wallets shouldn't be actively helping them to do so.
It's not just related with hardware wallets, and this can easily expand to all mobile wallet if there wasn't such a big negative reaction from people.
I am sure that soon all binance supported wallet will rush to apply for aopp as soon as possible, like Safepal hardware wallet or Trust Wallet.
Maybe they are not focused on desktop wallets so much, so I hope Electrum wallet won't do that ever :/
We should seriously consider traveling without any (visible) bitcoin wallets cross border, just to be extra safe.
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
February 01, 2022, 09:26:41 AM
#32
It shouldn't be a case of "The government are going to oppress you, but we will make that oppression as smooth as possible". It should be a case of "We do not agree with this oppression and we will fight against it", much like the Bitonic exchange we discussed above did.
Okay, so it would be more about showing unwillingness to aid in the oppression than actively trying to prevent it. Sounds good to me!
legendary
Activity: 2268
Merit: 18775
February 01, 2022, 08:52:06 AM
#31
Just like you could use AOPP to prove ownership of an address to a centralized KYC exchange, you could manually use the normal signing feature to prove ownership of an address to a centralized KYC exchange.
Sure, but signing something with a key is integral to how bitcoin works and there is no possible way to get rid of it. This AOPP is completely optional and unnecessary, and bitcoin will work just fine without it. Also, go check out https://aopp.group/. The whole page talks about how they are doing it to comply with government regulations. "We're not the bad guys, we just want to make it as easy as possible for you to submit to this intrusive nonsense." I don't care if that's the case - I'm not going to use a wallet which makes it easier for governments to control and monitor their citizens.

Also people are going to continue linking themselves with their addresses, if their law demands it and I'm telling you how: the exchanges will explain them how to manually sign those messages and manually send them over.
I'm certain they will. But again, hardware wallets shouldn't be actively helping them to do so. It shouldn't be a case of "The government are going to oppress you, but we will make that oppression as smooth as possible". It should be a case of "We do not agree with this oppression and we will fight against it", much like the Bitonic exchange we discussed above did.

TL;DR: I think at most, we can hope that wallets send like a 'message'. A symbolic statement that they don't agree with privacy invasion and don't actively support it. But really preventing it - they can't.
Again, I agree, but signalling they are against something bad which is going to happen anyway is still far preferable to aiding it along.
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
January 31, 2022, 09:09:20 PM
#30
Newsflash: exchanges are linking addresses to names without AOPP as well...

=> am I missing something here or is this AOPP outrage really all for nothing?
Of course exchanges are linking addresses to your real name, and of course they are employing (or even owning) blockchain analysis companies to deanonymize you as much as possible. Everyone knows that, and people like me who are disgusted at that avoid using centralized exchanges. What I don't expect is that kind of privacy invasion to spill over in to my wallet, software or hardware.
I get your point; though technically, the feature itself is not necessarily only usable for privacy invasion. In fact, on this level, you already have privacy invading 'features' that are 'spilled over' into all of your wallets in a way, since you can sign messages with them.

Just like you could use AOPP to prove ownership of an address to a centralized KYC exchange, you could manually use the normal signing feature to prove ownership of an address to a centralized KYC exchange.

Also people are going to continue linking themselves with their addresses, if their law demands it and I'm telling you how: the exchanges will explain them how to manually sign those messages and manually send them over. (I think this was the way to go before AOPP existed, actually). If we remove signing features, they will require of people to send them freaking pictures of themselves with their ID card and wallet in hand or something. Or they will be forced to use wallets made by the exchange (see Coinbase wallet).

Since we cannot and should not remove the signing functionality from wallets, the Swiss people will probably gain nothing from this AOPP 'removal' and just lose a bit of convenience. Unfortunately, I don't think having to manually sign a message will make them switch to a non-KYC exchange. Maybe, with more and more difficulties added (performing KYC is already a PITA usually), they will indeed start looking for alternatives. Just non-commercial decentralized stuff usually doesn't have the budget to get top spots on search engines, I guess...

And even if AOPP doesn't directly invade my privacy, or indeed is only an optional feature, I will not support any wallet which signals that they are going to be complicit in centralized exchanges trying to destroy the very nature of bitcoin.
This I totally understand and totally agree with.

But if we are just going to shrug our shoulders at every small invasion of our privacy, then we will get there eventually. They will just keeping pushing more and more until our privacy is all but gone.
I'm 100% with you on this!


TL;DR: I think at most, we can hope that wallets send like a 'message'. A symbolic statement that they don't agree with privacy invasion and don't actively support it. But really preventing it - they can't.
legendary
Activity: 2268
Merit: 18775
January 30, 2022, 10:26:29 AM
#29
Newsflash: exchanges are linking addresses to names without AOPP as well...

=> am I missing something here or is this AOPP outrage really all for nothing?
Of course exchanges are linking addresses to your real name, and of course they are employing (or even owning) blockchain analysis companies to deanonymize you as much as possible. Everyone knows that, and people like me who are disgusted at that avoid using centralized exchanges. What I don't expect is that kind of privacy invasion to spill over in to my wallet, software or hardware. And even if AOPP doesn't directly invade my privacy, or indeed is only an optional feature, I will not support any wallet which signals that they are going to be complicit in centralized exchanges trying to destroy the very nature of bitcoin.

They can't destroy our privacy in one fell swoop. If they turned around tomorrow and said every bitcoin address must be linked to someone via KYC or be blacklisted by every exchange, service, node, miner, etc., then (hopefully!) the community would revolt. But if we are just going to shrug our shoulders at every small invasion of our privacy, then we will get there eventually. They will just keeping pushing more and more until our privacy is all but gone. Because let's be frank - the hideous scenario I've just described is the end goal for the government if they can't shutdown bitcoin entirely.
legendary
Activity: 2212
Merit: 7064
January 30, 2022, 10:13:46 AM
#28
am I missing something here or is this AOPP outrage really all for nothing?
People usually tend to react in the last minute with serious stuff and I think this was serious, but people won this battle for now.
Let me be clear, no regulators or governments can't do shit if enough people refuse to comply with them and obey their more and more crazy rules, regulations and taxes.
Same thing with AOPP, it's one tiny thing now, but it could grow into something much more dangerous if people didn't rise their voices.
Imagine that even AOPP website had to remove all wallets, and two wallets are removing direct AOPP protocol after just few days of complains.
If your country have some stupid rules like AOPP, protest  and complain about that, don't just obey like a good little slave.

Totalitarians and ones aspiring to become that, can definitely make it hard to use cryptocurrencies; I agree. Especially stuff like Monero starts to be more and more 'criminalized'. It's a pity, but at a certain point, you can't solve the issues technologically. You can use a VPN - they can ban VPNs. You can use Tor - they can ban Tor. You see, this goes ad absurdum. In the end Bitcoiners will move out and create their own state or something. LOL!
This is the only way, but it's not that simple and most people are to lazy for this, they always want someone else to create something for them.
I think there was several attempts for creating city states on water, even theymos talked about this, but I haven't seen any real steps towards this.
Yes, there are some semi-states in neutral zones like Liberland, but they are not really free if you dive and research deeper about them.
For now best experiment we have (and it's not perfect) is El Salvador with bitcoin legal tender, but we need to go step further.

hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
January 30, 2022, 09:54:03 AM
#27
In theory, without AOPP, you could argue that the address they sent 1BTC to, doesn't belong to you.
In reality, nobody will believe that you're wiring an exchange $30,000 in exchange for them sending 1BTC to an address you have no control over, right?
It happens: How to lose your Bitcoins with CTRL-C CTRL-V.
I'm pretty sure these exchanges have it somewhere in their ToS (or could add it) that you agree that you verify the address is correct (alone for liability reasons), that it's your full responsibility to make sure you have control over it and will be able to access the funds after hitting withdraw. So non-deniability of CTRL+C/V mistake is also possible through ToS and without AOPP. No AOPP != privacy, needless to say.

Quote
=> am I missing something here or is this AOPP outrage really all for nothing?
My fear is this is only the start. Next, you'll be asked to explain who you sent your coins to.
That makes sense; I guess the best solution (as has always been - no newsflash) remains P2P over Tor, and mining (though obviously they can come after miners as well, as we have seen in China). In the end, this starts to get more into a 'Politics' topic (authoritarian regimes wanting to control everything) rather than 'Hardware wallets'. Grin

So the best practice stays what it has always been: receive your funds, mix them, then do whatever you want.
I read a long time ago already the Netherlands wanted to assume anyone who uses a mixer is a criminal. I don't think they've managed to pull that off yet, but they would if they could.
Totalitarians and ones aspiring to become that, can definitely make it hard to use cryptocurrencies; I agree. Especially stuff like Monero starts to be more and more 'criminalized'. It's a pity, but at a certain point, you can't solve the issues technologically. You can use a VPN - they can ban VPNs. You can use Tor - they can ban Tor. You see, this goes ad absurdum. In the end Bitcoiners will move out and create their own state or something. LOL!

No honestly, the peoples of the world really need to understand data privacy and stop voting for idiots that want to incriminate them for wanting what I consider a basic human right - privacy. It's really a political issue.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
January 30, 2022, 09:48:52 AM
#26
In theory, without AOPP, you could argue that the address they sent 1BTC to, doesn't belong to you.
In reality, nobody will believe that you're wiring an exchange $30,000 in exchange for them sending 1BTC to an address you have no control over, right?
It happens: How to lose your Bitcoins with CTRL-C CTRL-V.

So the best practice stays what it has always been: receive your funds, mix them, then do whatever you want.
I read a long time ago already the Netherlands wanted to assume anyone who uses a mixer is a criminal. I don't think they've managed to pull that off yet, but they would if they could.
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
January 30, 2022, 09:36:01 AM
#25
I believe in future we will see a lot of those initiatives. They are trying to control and to give a name for each address with balance. But they can't. At least for now, we still have significant privacy
How do you have more privacy if you only give the exchange your address compared to giving it and signing a message with it?
From my understanding, the only difference is (plausible?) deniability.

In theory, without AOPP, you could argue that the address they sent 1BTC to, doesn't belong to you.
In reality, nobody will believe that you're wiring an exchange $30,000 in exchange for them sending 1BTC to an address you have no control over, right?

So the best practice stays what it has always been: receive your funds, mix them, then do whatever you want.
Newsflash: exchanges are linking addresses to names without AOPP as well...

=> am I missing something here or is this AOPP outrage really all for nothing?
I mean, sure, some wallets are removing the functionality again, but it's just that: a functionality. You can also just not use it. I mean, you could put your real name, address and phone number in your Bitcointalk account, but you don't have to. There's a choice...



Governments will try to obligate exchanges to do so. About trezor, my advice is: buy a ledger pr just ignore their software and use electrum
Oh gosh please no. As if there were only two wallet companies in existence? And how do you go from 'Trezor has an issue' to 'Get this closed source non-durable thing whose company seems super shady lately'? I'd rather recommend checking out this list of open-source hardware wallets and making a choice from there. Also, another newsflash: you can use the Trezor without AOPP!
legendary
Activity: 2212
Merit: 7064
January 30, 2022, 09:02:26 AM
#24
AOPP integration is much deeper topic and I didn't want to comment anything about this topic for few days because I saw huge complains towards Trezor and I expected them to change their decision.
Aopp.group is now only related to Switzerland but there is a danger that other countries may adopt this system if manufacturers and developers accept their protocol.
Problem is that it's not only Trezor who was involved with AOPP and other wallets both software and hardware.

BitBox hardware wallet by Shiftcrypto (they are from Switzerland)

This is how BitBox simply explained how Address Ownership Proof Protocol (AOPP) works:
https://shiftcrypto.support/help/en-us/15-other/178-what-is-the-address-ownership-proof-protocol-aopp



I took this screenshot few days ago and I can't find it again on their aopp.group website (they removed wallets section from main page)
but you can see that Blue wallet is also working with them with few other wallets.

Sparrow Software Wallet was on that list but they are also removing AOPP in next release after receiving many complains from people:
https://github.com/sparrowwallet/sparrow/commit/c81f3d9f5d1cbe2a9be93f2f3e86e85bf91efe42

I don't know anything about Edge, Mt Pelerin, Relai and Aktionariat, but we should keep an eye on them.




legendary
Activity: 2268
Merit: 18775
January 29, 2022, 03:33:20 PM
#23
ProtonMail's privacy policy stated they would do exactly what they did long before they did it. It sucks for the user in question, but they should have been aware of what they were signing up to and taken steps to mitigate that risk, which would have been as simple as using Tor. No company, service, or software can possibly guarantee 100% privacy or anonymity, and so signing up to any email provider, VPN, or similar and thinking that that is job done is stupid.

Here's a post I made about the ProtonMail issue a few months ago:

the fact that proton mail more or less gave up the ID of a user.
I think it's worth expanding on this a little. ProtonMail received a legally binding request from Swiss federal authorities which they were unable to challenge. They had no IP logs to provide, but were forced to start collecting IP logs after receiving the request or shutdown completely and face criminal charges themselves for acting illegally. It has always been spelled out quite clearly in their Transparency Report that they would have to comply with legally binding requests from Swiss law enforcement, which is exactly what happened here. Here is an archived copy of their Transparency Report from way before this incident that says all that: https://archive.is/pCZ03

Quote
Therefore, ProtonMail only complies to two types of orders: (1) orders from the Swiss authorities and (2) foreign requests that have been duly instructed and validated by Swiss authorities through an international legal assistance procedure and determined to be in compliance with Swiss law.

In addition to the items listed in our privacy policy, in extreme criminal cases, ProtonMail may also be obligated to monitor the IP addresses which are being used to access the ProtonMail accounts which are engaged in criminal activities. Under no circumstances will ProtonMail be able to provide the contents of end-to-end encrypted messages sent on ProtonMail.

If the user in question had used Tor, they would not be in this situation. Interestingly, also a VPN would have been sufficient in this scenario since Swiss law does not permit VPN providers to log IP addresses in the same way it allows email providers to log IP addresses.

So yeah, it's shit for the individual in question, but ProtonMail were only behaving in the way they said they would. But having said all that, I still wouldn't trust a third party provider not to decrypt your information (or at least try to) if they were forced to. Tor and PGP should be a must.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
January 29, 2022, 02:23:51 PM
#22
I just have an impression that mentioned companies build different image.
Isn't that the same with virtually all companies? Google doesn't do evil, right? And Coca-Cola means happyness while McDonalds is fast. People in general are too naive.
legendary
Activity: 952
Merit: 1386
January 29, 2022, 02:18:31 PM
#21
I agree with all you wrote, I just have an impression that mentioned companies build different image.
And of course it is difficult blame someone base on someone’s else impression;)
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
January 29, 2022, 02:12:33 PM
#20
And then you see that Proton is not as anonymous as you expected and quietly changes it's privacy policy:
https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/
I've read about that case, and as far as I know Protonmail did exactly as they said in their Terms: they have to follow the law of their country. Being an activist, it's dumb and unnecessary to let your email provider know your IP address. There's a reason Protonmail is available on protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion.

Quote
In other words - you build your brand and then you suddenly change your rules, do 180 turn.
What other option than complying with national laws do they have? They're not above the law in their country. All they can do is choose a jurisdiction that matches the level of privacy they want to offer as closely as possible.
legendary
Activity: 952
Merit: 1386
January 29, 2022, 01:21:10 PM
#19
Quote
it does reveal some questionable thought processes and direction of the Trezor team.
Isn't it simply about money? They thought they could get more users by adding AOPP, so they did it. Then they realized existing users won't like it, so they removed it again.
Wait until they realize how much they can earn selling IP and address data to chain spying companies!

I have a strange feeling that something has changed recently. Maybe some forces has started pushing, maybe some companies decided to change their profile.

And then you see that Proton is not as anonymous as you expected and quietly changes it's privacy policy:
https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/

And then the same story with NordVPN which for years stated that they are zero logs company:
First VPNlab.net is closed (https://www.europol.europa.eu/media-press/newsroom/news/unhappy-new-year-for-cybercriminals-vpnlabnet-goes-offline) and then:
https://www.pcmag.com/news/nordvpn-actually-we-do-comply-with-law-enforcement-data-requests
As
Quote
NordVPN operates under the jurisdiction of Panama and will not comply with requests from foreign governments and law enforcement agencies. We are 100% committed to our zero-logs policy – we never log the activities of our users to ensure their ultimate privacy and security.
becames:
Quote
NordVPN operates under the jurisdiction of Panama and will only comply with requests from foreign governments and law enforcement agencies if these requests are delivered according to laws and regulations. We are 100% committed to our zero-logs policy – to ensure users’ ultimate privacy and security, we never log their activity unless ordered by a court in an appropriate, legal way.

In other words - you build your brand and then you suddenly change your rules, do 180 turn.

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
January 29, 2022, 09:48:39 AM
#18
And they'll tax you on funds you don't longer own, such as bitcoin held by lost wallets or lost private keys? That seems ridiculous.
No, they'll tax you (retroactively) when you find back your keys after 20 years.

Quote
it does reveal some questionable thought processes and direction of the Trezor team.
Isn't it simply about money? They thought they could get more users by adding AOPP, so they did it. Then they realized existing users won't like it, so they removed it again.
Wait until they realize how much they can earn selling IP and address data to chain spying companies!
hero member
Activity: 776
Merit: 557
January 29, 2022, 09:29:39 AM
#17
I don't think that's going to do much good. For the wealth tax for instance they can go back 5 years, and if funds are abroad they'll go back 12 years.
And they'll tax you on funds you don't longer own, such as bitcoin held by lost wallets or lost private keys? That seems ridiculous.
It would be ridiculous how can they require INCOME tax or CAPITAL GAIN tax on something that you have not earned? It would be theft and not tax. For what reason are hardware wallets which are suppose to the best interest  for peoples security allowing this to happen without any resistance? If they are suppose to be the most secure then privacy is part of security.

I don't think that's going to do much good. For the wealth tax for instance they can go back 5 years, and if funds are abroad they'll go back 12 years.
And they'll tax you on funds you don't longer own, such as bitcoin held by lost wallets or lost private keys? That seems ridiculous.

Or it might be true that they introduced it because they thought some people could find it useful, and the rest (those who aren't affected) wouldn't care.
I'm sure some people would find it useful if they could upload their KYC documents to their Trezor and then just connect up their Trezor every time a new exchange asks for KYC and it sends it all off for them. And some people will find it useful that Ledger are letting them complete KYC to link a crypto debit card directly to their hardware wallet. Doesn't mean these things are good ideas or that they should be introduced simply because some people might benefit. Hardware wallets should not be implementing features (and therefore indicating support for such features) which help to reduce privacy or security.

It's good that they are removing this, but it does reveal some questionable thought processes and direction of the Trezor team.
This always is what happens they convince you that you need these things make them streamlined and then people do not resist! Im tired  of our privacy getting destroyed because without any compensation I think if the companies want to violate my privacy they should be dropping their fees because of it but no they still charge the same amount and and require more intrusive information from me

It's good that they are removing this, but it does reveal some questionable thought processes and direction of the Trezor team.
I lost my faith in them. Are there any others which care about users?
legendary
Activity: 2268
Merit: 18775
January 29, 2022, 06:47:12 AM
#16
I don't think that's going to do much good. For the wealth tax for instance they can go back 5 years, and if funds are abroad they'll go back 12 years.
And they'll tax you on funds you don't longer own, such as bitcoin held by lost wallets or lost private keys? That seems ridiculous.

Or it might be true that they introduced it because they thought some people could find it useful, and the rest (those who aren't affected) wouldn't care.
I'm sure some people would find it useful if they could upload their KYC documents to their Trezor and then just connect up their Trezor every time a new exchange asks for KYC and it sends it all off for them. And some people will find it useful that Ledger are letting them complete KYC to link a crypto debit card directly to their hardware wallet. Doesn't mean these things are good ideas or that they should be introduced simply because some people might benefit. Hardware wallets should not be implementing features (and therefore indicating support for such features) which help to reduce privacy or security.

It's good that they are removing this, but it does reveal some questionable thought processes and direction of the Trezor team.
legendary
Activity: 2730
Merit: 7065
January 29, 2022, 02:49:13 AM
#15
If the "AOPP integration" part it's just going to be an "optional feature" from Trezor's side, I don't see it as a bad thing...
I think this quote from their recent blog post answers your question:

They changed their mind. But they are contracting themselves.
Contradicting?

First they say that they are against regulations such as AOPP.
...
But a few lines later, they say that they discussed that subject for almost a year with no opposition, and they did not expected any  Huh
...
How come you didn't expect any opposition if you are against this kind of regulation in the first place? The opposition should have come from inside
I see it as give the people what they want. More precisely, give them what they need if they are from Switzerland. This might be just a PR stunt from Trezor saying we are good guys, and we did it for your benefit. Or it might be true that they introduced it because they thought some people could find it useful, and the rest (those who aren't affected) wouldn't care. Seeing the negative comments that came with the AOPP Integration, they changed their mind.

At the end of their blog post, they state that even after they remove AOPP, everything it does can still be achieved with the Sign & Verify feature.   
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
January 28, 2022, 12:15:15 PM
#14

They changed their mind. But they are contracting themselves.

First they say that they are against regulations such as AOPP.

Quote
We underestimated how this feature would be received, and we are against the regulations that concern AOPP. Adopting AOPP was a small step toward improving usability for a portion of our customers with restricted access to bitcoin. It was not a step taken due to any external pressure, regulatory or otherwise, and no similar implementations are planned.

But a few lines later, they say that they discussed that subject for almost a year with no opposition, and they did not expected any  Huh

Quote
The question of whether we should support AOPP had been discussed publicly for almost a year with no opposition.
...
Our company operates with maximum transparency and we did not expect this feature to be controversial.

How come you didn't expect any opposition if you are against this kind of regulation in the first place? The opposition should have come from inside.
legendary
Activity: 2282
Merit: 3014
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
January 28, 2022, 09:59:04 AM
#12
What a shame that you accidentally lost a bunch of your paper wallets Loyce! You'll need to be more careful in future. Here's hoping you find them again in 10 or 20 years' time.
I don't think that's going to do much good. For the wealth tax for instance they can go back 5 years, and if funds are abroad they'll go back 12 years. With Bitcoin, I assume they'll argue funds aren't in the country. The tax fine can be up to 300% of the normal tax, plus of course interest.
The best way to avoid taxes is moving to a more tax friendly place, but I'm no where near rich enough for that.
legendary
Activity: 2730
Merit: 7065
January 28, 2022, 08:42:33 AM
#11
If I ever traded on a centralized exchange, any coins I withdrew to a KYC-linked address would be forwarded to a mixer within the same block.
That address is still linked to you. More precisely, to the person who withdrew the coins. And the same person then sent the coins to a mixer.
You could mix your coins even if your address is verified using AOPP standards. I don't see it being anymore privacy-invasive than a centralized exchange who already knows the name of the person who is making a withdrawal.

It is absolutely crazy that the community as a whole is OK with this kind of insane privacy invasion.
I agree. Unfortunately, it will only get worse. If one country has started using this, more countries will do so in the future. The same goes for centralized exchanges. Whether we like it or not, that's where most of the crypto trading is done. The decentralized alternatives are unfortunately still not on par with centralized ones. Most people don't mind sharing their data for a better exchange rate, a bit of cashback or some similar offers and advantages. Since that's the way it is, that will be the direction this ecosystem will move towards.   
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
January 28, 2022, 08:26:05 AM
#10
In a way I'm surprised taxes don't ask for this information yet. They want to know your total balance of everything, and specifics for each bank account, but they're not asking about Bitcoin addresses yet. That's probably because their system can't handle it, but at some point they'll no doubt be that intrusive. It's already a security risk having to disclose what you own, especially considering how many tax employees would be able to access this data.
What a shame that you accidentally lost a bunch of your paper wallets Loyce! You'll need to be more careful in future. Here's hoping you find them again in 10 or 20 years' time.

I think they are not in a hurry because at any time they can link our addresses to us, as blockchain is immutable. A small privacy slip when making a transaction is forever in the blockchain and you cannot fix it.

For example, if you sent Binance some bitcoin 4 years ago, Binance can share this address with tax employees at anytime. And if you spend that balance with another address, that another one is linked as well.
legendary
Activity: 2268
Merit: 18775
January 28, 2022, 07:57:59 AM
#9
In a way I'm surprised taxes don't ask for this information yet. They want to know your total balance of everything, and specifics for each bank account, but they're not asking about Bitcoin addresses yet. That's probably because their system can't handle it, but at some point they'll no doubt be that intrusive. It's already a security risk having to disclose what you own, especially considering how many tax employees would be able to access this data.
What a shame that you accidentally lost a bunch of your paper wallets Loyce! You'll need to be more careful in future. Here's hoping you find them again in 10 or 20 years' time.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
January 28, 2022, 07:23:10 AM
#8
As Loyce has pointed out above, the Netherlands tried to implement such address verification nonsense.
In a way I'm surprised taxes don't ask for this information yet. They want to know your total balance of everything, and specifics for each bank account, but they're not asking about Bitcoin addresses yet. That's probably because their system can't handle it, but at some point they'll no doubt be that intrusive. It's already a security risk having to disclose what you own, especially considering how many tax employees would be able to access this data.

Quote
I am disappointed Trezor aren't fighting this instead of implementing it.
Hense the kuddos to Bitonic, they fought this in court and won. Unlike many other companies, they don't like having to violate their customers' privacy.

Quote
It is absolutely crazy that the community as a whole is OK with this kind of insane privacy invasion.
Not only the Bitcoin community, it's the same everywhere: barely anyone cares about privacy.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
January 28, 2022, 07:07:51 AM
#7
It is absolutely crazy that the community as a whole is OK with this kind of insane privacy invasion.

I found a very interesting article about it in Bitcoin Magazine (probably the best news website about bitcoin)

Quote
A similar dynamic is in play when it comes to the AOPP. The protocol isn’t inherently bad as it simply seeks to facilitate the enforcement of wallet verifications measures in Switzerland by making an interoperable standard available to wallet developers to implement. But even though AOPP isn’t in and of itself negative, it legitimizes the practice of checking for address ownership, and implementing it opens up a precedent for having the government influence developments in the open source Bitcoin wallet space. Surveillance and control mechanisms always start small, and there is hardly a way to see ahead of one’s time and discover the true direction such requests could take.

Therefore, not implementing this standard is an act of sovereignty and responsibility as it protects users from future — and possibly worse — surveillance mechanisms being implemented as per the request of regulatory bodies.

This reminds me of the Cyberpunk Manifesto, where he clearly takes a stand against regulations on cryptography, which is what AOPP is all about.

Quote
Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act. The act of encryption, in fact, removes information from the public realm.  Even laws against cryptography reach only so far as a nation's border and the arm of its violence.
Cryptography will ineluctably spread over the whole globe, and with it the anonymous transactions systems that it makes possible.
https://nakamotoinstitute.org/static/docs/cypherpunk-manifesto.txt

legendary
Activity: 2268
Merit: 18775
January 28, 2022, 06:39:12 AM
#6
Thoughts ?
As Loyce has pointed out above, the Netherlands tried to implement such address verification nonsense. Instead of just rolling over and saying "Sure, let's sell out our users' privacy" as Trezor are doing here, the biggest exchange in the Netherlands - Bitonic - funded a lawsuits against the central bank and had the law overturned. This is what responsible companies which care about their users would do, and not just immediately implement this privacy invading nonsense, especially not in to a product which is designed specifically to give you control over your money and not play in to the hands of centralized exchanges or governments.

It won't affect me in the slightest since I have never and will never use a centralized exchange, (especially not one which requires such address verification nonsense), but I am disappointed Trezor aren't fighting this instead of implementing it.

This is just a way to put a sticker on those addresses to be sure.
If I ever traded on a centralized exchange, any coins I withdrew to a KYC-linked address would be forwarded to a mixer within the same block.

It is absolutely crazy that the community as a whole is OK with this kind of insane privacy invasion.
legendary
Activity: 2730
Merit: 7065
January 28, 2022, 02:49:25 AM
#5
If the "AOPP integration" part it's just going to be an "optional feature" from Trezor's side, I don't see it as a bad thing...
I guess there is no other way than it being an optional feature because only Switzerland uses it for now. It's a successful way to deanonymize bitcoin users. But if you are using a centralized exchange in which you have already undergone KYC verification, your privacy is already screwed. Doing an additional address verification won't change much. Most of the coins getting withdrawn from exchanges are done so by the customers who transfer said coins to their own private wallets. So the exchange already knows where the money went. This is just a way to put a sticker on those addresses to be sure. 
legendary
Activity: 2968
Merit: 3406
Crypto Swap Exchange
January 27, 2022, 06:12:00 PM
#4
Does anyone know if this is for all countries ?
In regards to the implementation of the FATF's Travel Rule, so far, that's not the case with most countries:
- I can confirm that we [PH] already have such a thing in place, in one of our local wallets/exchanges: How does the Travel Rule affect external transfers?

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
January 27, 2022, 04:35:20 PM
#3
Quote
any financial intermediary dealing with crypto assets such as Bitcoin—is legally obliged to require proof of ownership of a customer's wallet address before withdrawals and deposits can be made.
Maybe LoyceV knows more about it? He is from Netherlands.
I don't know anything about "AOPP". What I do know, is that the Dutch implementation of EU regulations was too strict, and Bitcoin companies no longer have to ask for proof of ownership of Bitcoin addresses.
See:
Bitonic destroys wallet-screenshots that were unduly required by its supervisor
DNB formally acknowledges complaints Bitonic and revokes wallet-verification requirement
Preliminary relief judge upholds Bitonic's objections and calls on DNB to review its requirement
Lawsuit Bitonic vs Dutch Central Bank < kuddos to those guys for fighting for our privacy!
(more on Bitonic News archive)
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
January 27, 2022, 03:56:02 PM
#2

i found this
https://aopp.group/

Quote
Address Ownership Proof Protocol (AOPP)

In Switzerland and the Netherlands, a Virtual Asset Service Provider (VASP)—any financial intermediary dealing with crypto assets such as Bitcoin—is legally obliged to require proof of ownership of a customer's wallet address before withdrawals and deposits can be made. AOPP is a simple and automated solution for providing proof of ownership of an external wallet's address.

As far as I understand,  this is only about Switzerland and Netherlands for now. Maybe LoyceV knows more about it? He is from Netherlands.

I believe in future we will see a lot of those initiatives. They are trying to control and to give a name for each address with balance. But they can't. At least for now, we still have significant privacy

Governments will try to obligate exchanges to do so. About trezor, my advice is: buy a ledger pr just ignore their software and use electrum
legendary
Activity: 2282
Merit: 3014
January 27, 2022, 02:25:03 PM
#1
Jump to: