Topic: Trezor implements Address Ownership Proof Protocol, more regulation less privacy (Read 357 times)

However, the argument is did anything change when Trezor removed the implementation of AOPP? My argument is that nothing has changed. This public outcry is pointed to the wrong people. People who only wanted to automate wallet verification and make it easier for Swiss users. The public outcry should be pointed to the intrusiveness and the inconveniences caused by the travel rule. Also, if I am not mistaken AOPP is optional.

If AOPP can be done manually or not, maybe frustrating or not, noncustodial wallets should not support it at all, they should just stay in their line rendering only noncustodial means of holding coins, Swiss people should have a custodial wallet or use custodial wallet that support AOPP for convenience but they are not in control of their coins if they use custodial wallet. Noncustodial wallets should not support anything of such that is related to privacy invasion.

Trezor did not need develop AOPP. The users in Switzerland can still do the compliance requirements manually but this is annoying. I might be mistaken, however, AOPP did not change anything. It has only automated the compliance requirement and made it easier for users. This is why the public outcry might be pointed to the wrong people. It should be pointed to the government because the travel rule that they are enforcing is very intrusive and inconvenient for users.

There is nothing Trezor want to do aside from ways to market its product, if we see companies like that, it is normal that they want what people are requiring from them. Trezor will think for Swiss people to know more about their wallet, that they can support what Swiss government want, but it supposed not to be like that, trezor is a company that produce noncustodial type of wallet, they should work more on how the wallet can remain noncustodial, not to focus on any kyc or custodial means of usage.

It seems a tug of war is happening at the moment, with both sides gaining the advantage alternatively. First, there was the good time, and then came AOPP, and then followed the outcry which resulted to the wallets taking back the implementation.

It is interesting that the public's voice prevailed at the moment. But how long could such a force as public outrage stop these wallets from bowing down to the letters of the law? How long does the resistance last? Could these wallets continue to submit to the demands of their clients when what could be at stake eventually is their license to operate?

Trezor’s Address Ownership Proof Protocol was only trying to make address verification easier for Swiss users. I reckon the community on Twitter was only upset over nothing. It is head shaking because much of them are not living in Switzerland and none of their anger has made Switzerland change or remove the travel rule. This anger the community has over Trezor is pointed to the wrong people hehehe.

It wasn't even meant to prevent money laundering, just a stupid useless tool that basically does nothing.
After you go beyond their first page of PR when they quote money laundering and FACTA regulation you get to the point where:



You can't withdraw cash unless you do it to a bank account that has been also whitelisted, and after their regulations, all accounts enlisted are checked by the FIU.
So you can't basically withdraw either fiat or crypto to an account that is not already KYC and has your name on it.

As for the usage, I'm always skeptical about those 10-20% numbers, assuming we have 100 million users in India and zero protest about their laws or 20 million in Nigeria and zero protest when the banking ban was put in place makes me think the numbers are highly inflated. But in the case of South Korea probably the pill was far easier to swallow, their capital control rules are probably the toughest in the world, and poeple are used to, you simply can't get money out of SK, that's why coins always have a premium there as it's costly for them to acquire from foreigners since those can't get their money out of there and in their bank account.

There are still CEX that will only require username and email from you and 2fa but optional. Example is Kucoin. But just that CEX can request for verification at any time and customers accounts can be freeze at the time.

These wallets will make your coins to be safer, online wallets can still be used with small funds, control and privacy can still be if the person is careful enough. They are all different from custodial exchanges wallets.

trezor seeing sense
not only is the aopp a gimmick that does not stop hackers from withdrawing funds and just puts an extra headache into withdrawing simply so an exchange is not seen as servicing an illicit receiver(which can also be worked around, thus useless feature).

but also for trezor to implement it, means a cold/hardware wallet, is less secure as it needs to be plugged in to a pc and then API a website. which can then put trezor device owners more at risk by browser extension hijacking to replace keys with ones supplied by the trojan extension.

yep trezor should not be adding more internet connectivity links. it should stay 'local'

New update on Trezor: https://twitter.com/Trezor/status/1487091879883722755



Not sure what they were thinking initially to actually support AOPP in the first place, but at least they've changed their minds.

They appear to have reverted their decision (source: https://blog.trezor.io/a-decision-on-aopp-789540c2930b) I edited the first post to reflect this. I think its a welcome decision, you should not make surveillance easier.

This was somewhat inevitable since the dawn of cryptocurrency. Governments have had fairly good views of money flows into and out of their country via banks - they have the ability to see all transactions due to financial money laundering laws. Cryptocurrencies undermined that whole structure and effectively allowed large and unregulated movement of money, which is bound to be used by even just a small percentage of criminals. Like it or not, these cryptos have been abused by a small minority and it is often a small minority that ruin it for the majority, causing new laws like this to become required. The taxman is also keen to access this information to make sure everyone is paying their fair share, so that was going to pop up at some point too.

I find this regulation rather useless than dangerous. How can it stop people from buying Bitcoin and sending it to terrorists? So what if they need to prove that they own the address, after they made a withdrawal to it, they can send it to anyone they want. And exchange already has KYC information of a customer, so if investigators will be tracing some criminal transactions, they will find it either way.

It's hard to understand to me and hear the first time about AOPP. Seems cryptocurrency moving to more centralization and exposing users' privacy. I am not getting how this works all over Bitcoin Network. For specific exchange and wallets is fine. But this isn't the right way to prove the ownership. If it's security reasons then the address would be whitelisted. If it's to prevent money laundering then just a nonsense idea. If all the exchanges walk this way, then decentralized exchange volumes will be higher.

its more (meant to be) about ensuring that the person logging in (presumed registered user who gave KYC to do market trades). proves he is withdrawing to his local wallet.. instead of some illicit service. thus an exchange cant be treated as being the 'source of funds or using illicit services' because a exchange is (meant to be) unable to withdraw to a mixer or foreign terrorist group/darknet market direct from the exchange. and only allow withdraws to people with control of a private key

EG silkroad deposits dont let users have the private key of the silk road deposit address so a drug addict cant withdraw straight from an exchange straight to silk road, same with mixers. the laundering customer does not have private key access to the mixer so cant withdraw from a exchange straight to a mixer.(EG in theory)

the flaw though..
when a exchange logged in user sees a 'session token' that needs to be signed by an address.. a separate illicit service offering deposits could EASILY also have a system where a user gives them the token. and the illicit service signs a message which the customer can then pass back to the exchange. thus the exchange then withdraws straight to an illicit service.

so as i said before its more like posturing to appear to be meeting some regulation. but not actually doing anything technically restricting, thus more of a gimmick that just causes more headaches for users.
it wont stop hackers and if done as just explained wont stop people withdrawing direct to illicit services technically.

ofcourse smart addicts wont want their KYC exchange session linked to a deposit address of a illicit service. so technically is possible to still withdraw to a service if the service handles message signing on behalf of a depositor. but practically a user would emotionally not want to, to preserve privacy

Before reading the protecting financial institutions I was kinda sure a protocol like this would have had to be paid for by someone external to the exchange (or possibly someone from a bank placed on the exchange to convince them).

Most cases of stopping "money laundering" in this way will stop the people you likely could've traced anyway and who weren't doing much illegal themselves, you won't hurt anything big by telling them in one country they can't buy and withdraw cryptos.

---

I think there was news of crypto.com being hacked though recently and this would link into that quite well "we don't trust ourselves to handle your funds securely". If everywhere you send funds to has to be kycd, it might make it easier to get the funds back (probably not easier to know who took them if the person who took them did it well enough and sprayed them about a bit).

That's crazy! The reason is the usual:
That makes it basically a stock broker, not Bitcoin.

How do you KYC an address with AOPP?
It's just verifying that the address you're withdrawing funds to is your own, nothing else as LoyceV mentioned.
I don't see anything about KYC in the links you've mentioned.

But, if you want to talk about things really going dark, then there is Coinone and pretty soon I guess all of South Korea
This is a case where you simply can't withdraw funds other than an exchange that does KYC, you can't even do to your own Ledger address like AOPP would allow you to.

It's very likely in the future that everything you do will require some degree of Know Your Customer (KYC). The companies implementing it aren't always to be blamed either, since to operate legally they're required by the government to implement these sort of changes. Bitcoin will likely be battling this for as long as Bitcoin or KYC is around.

Yeah basically. The only way forward is by not using third parties at all, including those that provide hardware wallets, since they'll still be required to know some information  from the customer to sell the product to them, and for their usage, which seems to be getting more privacy invasive as time goes on.

The only way you can guarantee that you don't need to give up your privacy these days is by using your own generated offline wallet.

Yeah, cash seems to get away with a lot. However, depending on what you're exchanging for cash, you could still be required to give up some personal data. That's just how the world is going unfortunately. Like I said the only way of storing money while keeping your privacy intact would be your own generated offline wallet, but even then when it comes to spending that Bitcoin or exchanging it in all likelihood you'll have to give up some sort of personal data then. The only way around it currently is via peer to peer trading, but not everyone is looking to exchange their Bitcoin into fiat.

I wrote this yesterday:

As far as I know, this hasn't chanced since. So unless there's a Dutch official source, I assume a "KYC address" is not required.
For what it's worth: I trust Bitonic (both with money as well as for knowing regulations). If they'd be active here, I would leave them positive feedback.