Bitcoin Forum

Does anyone know if this is for all countries ? Thoughts ?


https://i.ibb.co/1q8drTx/47-F19937-9-D9-C-4-CB5-BCDF-ACC51888-CA89.jpg (https://ibb.co/NjZm9Kz)
https://twitter.com/trezor/status/1486747863912796171?s=21

Article about it (showing only Switzerland here )-  https://cvj.ch/en/focus/legal-and-compliance/trezor-integrates-aopp-to-simplify-withdrawals-to-non-custodial-wallets/

i found this
https://aopp.group/


As far as I understand,  this is only about Switzerland and Netherlands for now. Maybe LoyceV knows more about it? He is from Netherlands.

I believe in future we will see a lot of those initiatives. They are trying to control and to give a name for each address with balance. But they can't. At least for now, we still have significant privacy

Governments will try to obligate exchanges to do so. About trezor, my advice is: buy a ledger pr just ignore their software and use electrum

I don't know anything about "AOPP". What I do know, is that the Dutch implementation of EU regulations was too strict, and Bitcoin companies no longer have to ask for proof of ownership of Bitcoin addresses.
See:
Bitonic destroys wallet-screenshots that were unduly required by its supervisor (https://bitonic.nl/news/233/bitonic-destroys-wallet-screenshots-that-were-unduly-required-by-its-supervisor)
DNB formally acknowledges complaints Bitonic and revokes wallet-verification requirement (https://bitonic.nl/news/231/dnb-formally-acknowledges-complaints-bitonic-and-revokes-wallet-verification-requirement)
Preliminary relief judge upholds Bitonic's objections and calls on DNB to review its requirement (https://bitonic.nl/news/228/preliminary-relief-judge-upholds-bitonics-objections-and-calls-on-dnb-to-review-its-requirement)
Lawsuit Bitonic vs Dutch Central Bank (https://bitonic.nl/news/224/lawsuit-bitonic-vs-dutch-central-bank) < kuddos to those guys for fighting for our privacy!
(more on Bitonic News archive (https://bitonic.nl/en/news))

In regards to the implementation of the FATF's Travel Rule, so far, that's not the case with most countries:
^{- I can confirm that we [PH] already have such a thing in place, in one of our local wallets/exchanges: How does the Travel Rule affect external transfers? (https://support.coins.ph/hc/en-us/articles/4403931971225-How-does-the-Travel-Rule-affect-external-transfers-)}

• Quote from: https://www.coindesk.com/layer2/privacyweek/2022/01/27/few-crypto-firms-even-trying-to-comply-with-fatfs-travel-rule/
  Of 128 jurisdictions contacted by FATF only 58 – fewer than half – reported they had the necessary rules and regulations in place to allow crypto companies to comply with FATF’s requirements in the first place. In total, more than 200 jurisdictions around the world aim for compliance with FATF guidance, meaning the vast majority of countries have yet to provide VASPs doing business within their borders meaningful direction on how to comply with the travel rule.

---

If the "AOPP integration" part it's just going to be an "optional feature" from Trezor's side, I don't see it as a bad thing...

I guess there is no other way than it being an optional feature because only Switzerland uses it for now. It's a successful way to deanonymize bitcoin users. But if you are using a centralized exchange in which you have already undergone KYC verification, your privacy is already screwed. Doing an additional address verification won't change much. Most of the coins getting withdrawn from exchanges are done so by the customers who transfer said coins to their own private wallets. So the exchange already knows where the money went. This is just a way to put a sticker on those addresses to be sure. 

As Loyce has pointed out above, the Netherlands tried to implement such address verification nonsense. Instead of just rolling over and saying "Sure, let's sell out our users' privacy" as Trezor are doing here, the biggest exchange in the Netherlands - Bitonic - funded a lawsuits against the central bank and had the law overturned. This is what responsible companies which care about their users would do, and not just immediately implement this privacy invading nonsense, especially not in to a product which is designed specifically to give you control over your money and not play in to the hands of centralized exchanges or governments.

It won't affect me in the slightest since I have never and will never use a centralized exchange, (especially not one which requires such address verification nonsense), but I am disappointed Trezor aren't fighting this instead of implementing it.

If I ever traded on a centralized exchange, any coins I withdrew to a KYC-linked address would be forwarded to a mixer within the same block.

It is absolutely crazy that the community as a whole is OK with this kind of insane privacy invasion.

I found a very interesting article about it in Bitcoin Magazine (probably the best news website about bitcoin)


This reminds me of the Cyberpunk Manifesto, where he clearly takes a stand against regulations on cryptography, which is what AOPP is all about.

https://nakamotoinstitute.org/static/docs/cypherpunk-manifesto.txt

In a way I'm surprised taxes don't ask for this information yet. They want to know your total balance of everything, and specifics for each bank account, but they're not asking about Bitcoin addresses yet. That's probably because their system can't handle it, but at some point they'll no doubt be that intrusive. It's already a security risk having to disclose what you own, especially considering how many tax employees would be able to access this data.

Hense the kuddos to Bitonic, they fought this in court and won. Unlike many other companies, they don't like having to violate their customers' privacy.

Not only the Bitcoin community, it's the same everywhere: barely anyone cares about privacy.

What a shame that you accidentally lost a bunch of your paper wallets Loyce! You'll need to be more careful in future. Here's hoping you find them again in 10 or 20 years' time.

I think they are not in a hurry because at any time they can link our addresses to us, as blockchain is immutable. A small privacy slip when making a transaction is forever in the blockchain and you cannot fix it.

For example, if you sent Binance some bitcoin 4 years ago, Binance can share this address with tax employees at anytime. And if you spend that balance with another address, that another one is linked as well.

That address is still linked to you. More precisely, to the person who withdrew the coins. And the same person then sent the coins to a mixer.
You could mix your coins even if your address is verified using AOPP standards. I don't see it being anymore privacy-invasive than a centralized exchange who already knows the name of the person who is making a withdrawal.

I agree. Unfortunately, it will only get worse. If one country has started using this, more countries will do so in the future. The same goes for centralized exchanges. Whether we like it or not, that's where most of the crypto trading is done. The decentralized alternatives are unfortunately still not on par with centralized ones. Most people don't mind sharing their data for a better exchange rate, a bit of cashback or some similar offers and advantages. Since that's the way it is, that will be the direction this ecosystem will move towards.   

I don't think that's going to do much good. For the wealth tax for instance they can go back 5 years, and if funds are abroad they'll go back 12 years. With Bitcoin, I assume they'll argue funds aren't in the country. The tax fine can be up to 300% of the normal tax, plus of course interest.
The best way to avoid taxes is moving to a more tax friendly place, but I'm no where near rich enough for that.

https://i.ibb.co/g94p0dD/38263164-4652-4-E70-B1-DD-73-B41-DA2-E704.jpg (https://ibb.co/DWryBY7)

https://blog.trezor.io/a-decision-on-aopp-789540c2930b

They changed their mind. But they are contracting themselves.

First they say that they are against regulations such as AOPP.


But a few lines later, they say that they discussed that subject for almost a year with no opposition, and they did not expected any  ???


How come you didn't expect any opposition if you are against this kind of regulation in the first place? The opposition should have come from inside.

I think this quote from their recent blog post answers your question:

https://blog.trezor.io/a-decision-on-aopp-789540c2930b

Contradicting?

I see it as give the people what they want. More precisely, give them what they need if they are from Switzerland. This might be just a PR stunt from Trezor saying we are good guys, and we did it for your benefit. Or it might be true that they introduced it because they thought some people could find it useful, and the rest (those who aren't affected) wouldn't care. Seeing the negative comments that came with the AOPP Integration, they changed their mind.

At the end of their blog post, they state that even after they remove AOPP, everything it does can still be achieved with the Sign & Verify feature.   

And they'll tax you on funds you don't longer own, such as bitcoin held by lost wallets or lost private keys? That seems ridiculous.

I'm sure some people would find it useful if they could upload their KYC documents to their Trezor and then just connect up their Trezor every time a new exchange asks for KYC and it sends it all off for them. And some people will find it useful that Ledger are letting them complete KYC to link a crypto debit card directly to their hardware wallet. Doesn't mean these things are good ideas or that they should be introduced simply because some people might benefit. Hardware wallets should not be implementing features (and therefore indicating support for such features) which help to reduce privacy or security.

It's good that they are removing this, but it does reveal some questionable thought processes and direction of the Trezor team.

It would be ridiculous how can they require INCOME tax or CAPITAL GAIN tax on something that you have not earned? It would be theft and not tax. For what reason are hardware wallets which are suppose to the best interest  for peoples security allowing this to happen without any resistance? If they are suppose to be the most secure then privacy is part of security.

This always is what happens they convince you that you need these things make them streamlined and then people do not resist! Im tired  of our privacy getting destroyed because without any compensation I think if the companies want to violate my privacy they should be dropping their fees because of it but no they still charge the same amount and and require more intrusive information from me

I lost my faith in them. Are there any others which care about users?

No, they'll tax you (retroactively) when you find back your keys after 20 years.

Isn't it simply about money? They thought they could get more users by adding AOPP, so they did it. Then they realized existing users won't like it, so they removed it again.
Wait until they realize how much they can earn selling IP and address data to chain spying companies!

I have a strange feeling that something has changed recently. Maybe some forces has started pushing, maybe some companies decided to change their profile.

And then you see that Proton is not as anonymous as you expected and quietly changes it's privacy policy:
https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/

And then the same story with NordVPN which for years stated that they are zero logs company:
First VPNlab.net is closed (https://www.europol.europa.eu/media-press/newsroom/news/unhappy-new-year-for-cybercriminals-vpnlabnet-goes-offline) and then:
https://www.pcmag.com/news/nordvpn-actually-we-do-comply-with-law-enforcement-data-requests
As
becames:

In other words - you build your brand and then you suddenly change your rules, do 180 turn.

I've read about that case, and as far as I know Protonmail did exactly as they said in their Terms: they have to follow the law of their country. Being an activist, it's dumb and unnecessary to let your email provider know your IP address. There's a reason Protonmail is available on protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion (https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion).

What other option than complying with national laws do they have? They're not above the law in their country. All they can do is choose a jurisdiction that matches the level of privacy they want to offer as closely as possible.

I agree with all you wrote, I just have an impression that mentioned companies build different image.
And of course it is difficult blame someone base on someone’s else impression;)

Isn't that the same with virtually all companies? Google doesn't do evil, right? And Coca-Cola means happyness (https://www.feedough.com/brand-image-explanation-examples/) while McDonalds is fast. People in general are too naive.

ProtonMail's privacy policy stated they would do exactly what they did long before they did it. It sucks for the user in question, but they should have been aware of what they were signing up to and taken steps to mitigate that risk, which would have been as simple as using Tor. No company, service, or software can possibly guarantee 100% privacy or anonymity, and so signing up to any email provider, VPN, or similar and thinking that that is job done is stupid.

Here's a post I made about the ProtonMail issue a few months ago:

AOPP integration is much deeper topic and I didn't want to comment anything about this topic for few days because I saw huge complains towards Trezor and I expected them to change their decision.
Aopp.group is now only related to Switzerland but there is a danger that other countries may adopt this system if manufacturers and developers accept their protocol.
Problem is that it's not only Trezor who was involved with AOPP and other wallets both software and hardware.

BitBox hardware wallet by Shiftcrypto (they are from Switzerland)

This is how BitBox simply explained how Address Ownership Proof Protocol (AOPP) works:
https://shiftcrypto.support/help/en-us/15-other/178-what-is-the-address-ownership-proof-protocol-aopp

https://i.imgur.com/PED5AKr.jpg

I took this screenshot few days ago and I can't find it again on their aopp.group website (they removed wallets section from main page)
but you can see that Blue wallet is also working with them with few other wallets.

Sparrow Software Wallet was on that list but they are also removing AOPP in next release after receiving many complains from people:
https://github.com/sparrowwallet/sparrow/commit/c81f3d9f5d1cbe2a9be93f2f3e86e85bf91efe42

I don't know anything about Edge, Mt Pelerin, Relai and Aktionariat, but we should keep an eye on them.

How do you have more privacy if you only give the exchange your address compared to giving it and signing a message with it?
From my understanding, the only difference is (plausible?) deniability.

In theory, without AOPP, you could argue that the address they sent 1BTC to, doesn't belong to you.
In reality, nobody will believe that you're wiring an exchange $30,000 in exchange for them sending 1BTC to an address you have no control over, right?

So the best practice stays what it has always been: receive your funds, mix them, then do whatever you want.
Newsflash: exchanges are linking addresses to names without AOPP as well...

=> am I missing something here or is this AOPP outrage really all for nothing?
I mean, sure, some wallets are removing the functionality again, but it's just that: a functionality. You can also just not use it. I mean, you could put your real name, address and phone number in your Bitcointalk account, but you don't have to. There's a choice...

---

Oh gosh please no. As if there were only two wallet companies in existence? And how do you go from 'Trezor has an issue' to 'Get this closed source non-durable thing whose company seems super shady lately'? I'd rather recommend checking out this list of open-source hardware wallets (https://bitcointalk.org/index.php?topic=5288971.0) and making a choice from there. Also, another newsflash: you can use the Trezor without AOPP! 0:)

It happens: How to lose your Bitcoins with CTRL-C CTRL-V (https://bitcointalk.org/index.php?topic=5190776.0).

My fear is this is only the start. Next, you'll be asked to explain who you sent your coins to.

I read a long time ago already the Netherlands wanted to assume anyone who uses a mixer is a criminal. I don't think they've managed to pull that off yet, but they would if they could.

I'm pretty sure these exchanges have it somewhere in their ToS (or could add it) that you agree that you verify the address is correct (alone for liability reasons), that it's your full responsibility to make sure you have control over it and will be able to access the funds after hitting withdraw. So non-deniability of CTRL+C/V mistake is also possible through ToS and without AOPP. No AOPP != privacy, needless to say.

That makes sense; I guess the best solution (as has always been - no newsflash) remains P2P over Tor, and mining (though obviously they can come after miners as well, as we have seen in China). In the end, this starts to get more into a 'Politics' topic (authoritarian regimes wanting to control everything) rather than 'Hardware wallets'. ;D

Totalitarians and ones aspiring to become that, can definitely make it hard to use cryptocurrencies; I agree. Especially stuff like Monero starts to be more and more 'criminalized'. It's a pity, but at a certain point, you can't solve the issues technologically. You can use a VPN - they can ban VPNs. You can use Tor - they can ban Tor. You see, this goes ad absurdum. In the end Bitcoiners will move out and create their own state or something. LOL!

No honestly, the peoples of the world really need to understand data privacy and stop voting for idiots that want to incriminate them for wanting what I consider a basic human right - privacy. It's really a political issue.

People usually tend to react in the last minute with serious stuff and I think this was serious, but people won this battle for now.
Let me be clear, no regulators or governments can't do shit if enough people refuse to comply with them and obey their more and more crazy rules, regulations and taxes.
Same thing with AOPP, it's one tiny thing now, but it could grow into something much more dangerous if people didn't rise their voices.
Imagine that even AOPP website had to remove all wallets, and two wallets are removing direct AOPP protocol after just few days of complains.
If your country have some stupid rules like AOPP, protest  and complain about that, don't just obey like a good little slave.

This is the only way, but it's not that simple and most people are to lazy for this, they always want someone else to create something for them.
I think there was several attempts for creating city states on water, even theymos talked about this, but I haven't seen any real steps towards this.
Yes, there are some semi-states in neutral zones like Liberland, but they are not really free if you dive and research deeper about them.
For now best experiment we have (and it's not perfect) is El Salvador with bitcoin legal tender, but we need to go step further.

Of course exchanges are linking addresses to your real name, and of course they are employing (or even owning) blockchain analysis companies to deanonymize you as much as possible. Everyone knows that, and people like me who are disgusted at that avoid using centralized exchanges. What I don't expect is that kind of privacy invasion to spill over in to my wallet, software or hardware. And even if AOPP doesn't directly invade my privacy, or indeed is only an optional feature, I will not support any wallet which signals that they are going to be complicit in centralized exchanges trying to destroy the very nature of bitcoin.

They can't destroy our privacy in one fell swoop. If they turned around tomorrow and said every bitcoin address must be linked to someone via KYC or be blacklisted by every exchange, service, node, miner, etc., then (hopefully!) the community would revolt. But if we are just going to shrug our shoulders at every small invasion of our privacy, then we will get there eventually. They will just keeping pushing more and more until our privacy is all but gone. Because let's be frank - the hideous scenario I've just described is the end goal for the government if they can't shutdown bitcoin entirely.

I get your point; though technically, the feature itself is not necessarily only usable for privacy invasion. In fact, on this level, you already have privacy invading 'features' that are 'spilled over' into all of your wallets in a way, since you can sign messages with them.

Just like you could use AOPP to prove ownership of an address to a centralized KYC exchange, you could manually use the normal signing feature to prove ownership of an address to a centralized KYC exchange.

Also people are going to continue linking themselves with their addresses, if their law demands it and I'm telling you how: the exchanges will explain them how to manually sign those messages and manually send them over. (I think this was the way to go before AOPP existed, actually). If we remove signing features, they will require of people to send them freaking pictures of themselves with their ID card and wallet in hand or something. Or they will be forced to use wallets made by the exchange (see Coinbase wallet).

Since we cannot and should not remove the signing functionality from wallets, the Swiss people will probably gain nothing from this AOPP 'removal' and just lose a bit of convenience. Unfortunately, I don't think having to manually sign a message will make them switch to a non-KYC exchange. Maybe, with more and more difficulties added (performing KYC is already a PITA usually), they will indeed start looking for alternatives. Just non-commercial decentralized stuff usually doesn't have the budget to get top spots on search engines, I guess...

This I totally understand and totally agree with.

I'm 100% with you on this!


TL;DR: I think at most, we can hope that wallets send like a 'message'. A symbolic statement that they don't agree with privacy invasion and don't actively support it. But really preventing it - they can't.

Sure, but signing something with a key is integral to how bitcoin works and there is no possible way to get rid of it. This AOPP is completely optional and unnecessary, and bitcoin will work just fine without it. Also, go check out https://aopp.group/. The whole page talks about how they are doing it to comply with government regulations. "We're not the bad guys, we just want to make it as easy as possible for you to submit to this intrusive nonsense." I don't care if that's the case - I'm not going to use a wallet which makes it easier for governments to control and monitor their citizens.

I'm certain they will. But again, hardware wallets shouldn't be actively helping them to do so. It shouldn't be a case of "The government are going to oppress you, but we will make that oppression as smooth as possible". It should be a case of "We do not agree with this oppression and we will fight against it", much like the Bitonic exchange we discussed above did.

Again, I agree, but signalling they are against something bad which is going to happen anyway is still far preferable to aiding it along.

Okay, so it would be more about showing unwillingness to aid in the oppression than actively trying to prevent it. Sounds good to me!

Me neither.
I was surprised to see Blue wallet on that list, and I like how it worked as a mobile wallet, but I won't recommend it anymore.
Nobody asked customers and regular users if they want to have this anti-privacy feature or not, they just want to kiss ass of governments, now they should suffer.

It's not just related with hardware wallets, and this can easily expand to all mobile wallet if there wasn't such a big negative reaction from people.
I am sure that soon all binance supported wallet will rush to apply for aopp as soon as possible, like Safepal hardware wallet or Trust Wallet.
Maybe they are not focused on desktop wallets so much, so I hope Electrum wallet won't do that ever :/
We should seriously consider traveling without any (visible) bitcoin wallets cross border, just to be extra safe.

This (https://aopp.group/#faq) (which I only read through Tor, of course) is funny:
There's absolutely no technical reason a user cannot withdraw without this. They're offering a solution waiting for a problem that has to be created by either governments or exchanges.

It gets even better (https://aopp.group/#faq):
I can't even begin to explain how wrong this is. To hold Bitcoin in your own wallet you don't need AOPP, you don't need centralized services, and you don't need government approval!

Maybe they should read again what Satoshi actually wrote. Just the first sentence is enough:
I'll emphasize:

Just look at their ridiculous definition of their own AOPP service...
Most exchanges, even centralized with strict kyc don't ask from users some special knowledge for withdrawing coins.
It's simple click of a button and entering your wallet address... I don't see anything complicated there that would need simplification.
Even signing a message is not a big deal with simple instructions, many forum members did it here and they are not experts with some super-secret hidden knowledge.

Surprised it isn't on the Brave homepage yet. :P

Pretty disgusting. But I guess that's to be expected from a company called "21 Analytics" whose entire purpose is to deanonymize you, your addresses, and your transactions, and report all that information to the government. This nonsense about cancel-culture just proves they haven't listened to the community at all or taken onboard literally any of the things people have been saying.

Their GitLab reveals a lot behind their thought processes:

https://gitlab.com/aopp/address-ownership-proof-protocol/-/issues/11 - It used to refer widely to banks. Good thing they changed that to the less offensive "VASP".
https://gitlab.com/aopp/address-ownership-proof-protocol/-/issues/10#note_524146131 - Should we change the name to "control" rather than "ownership". CTO - no, we need to keep it as accessible as possible for lawyers in every jurisdiction in the world.

Hahaha what? A vital part? Bitcoin will do just fine without your stupid protocol, thanks very much.

We're at peak cancel culture apparently. A business deal falls apart - yep, that's because people just want you cancelled for no reason whatsoever, definitely not because your sleazy useless "service" is not wanted or needed. What a bunch of petulant children.

They should implement this shit on the web3nftdefimetamask stuff if they haven't done so yet. It will be welcomed with open arms and no pesky privacy concerns.

I'm honestly wondering how it was introduced in the first place without anyone noticing, and the big negative reaction only coming in January 2022.
For instance, BlueWallet introduced it in April 2021, almost a year ago (https://github.com/BlueWallet/BlueWallet/search?q=AOPP&type=commits).
https://i.postimg.cc/rFspDkgt/image.png

Sparrow also added it in spring last year (https://github.com/sparrowwallet/sparrow/search?q=AOPP&type=commits).
https://i.postimg.cc/3NgzRWVH/image.png

ShiftCrypto added it in August 2021 (https://github.com/digitalbitbox/bitbox-wallet-app/releases?q=aopp&expanded=true).

In conclusion, it seems to me that many in here (I'm guilty of this as well! ::)) have been using wallets with AOPP withing the last year without noticing it. Let this be a lesson to better verify what we are actually installing and continue supporting when updating our wallets.. 0:)

It's dEcEntTraLisEd technology wallet so they must add support asap :D
Just wait for WorldEconomicForum to approve that, they have Aya Miyaguchi as one of Executive Director of eth foundation, just on the left side of mr. V. Buterin.

https://i.imgur.com/qSyb52y.jpg
ethereum.foundation/about/board/

Yeah but we can't actually follow all the updates coming out all the time for various crypto wallets, and people don't pay much attention and they just click update button, especially tiktok short attention span generation.
I was following reactions for BitBox hardware wallet and people are not happy at all about this, but developers don't have any intention to remove full support for AOPP.

What's up with Brave, bad service? I have it and use it sometimes...thought it was pretty legit but what do i know!

This may sound like I'm trying to defend Trezor ^{[I'm not, even though I'm using one of their products]} but to be fair, Trezor added that feature just "two weeks ago (https://github.com/trezor/trezor-suite/releases/tag/v22.1.1)"...

I'm pretty sure I've read the "Trezor Suite's January update (https://blog.trezor.io/trezor-suite-and-trezor-model-one-firmware-updates-january-2022-4a77e4a07a5a)" before I installed it, but for some reason, I didn't pay enough attention to that feature until ChiBitCTy created this thread ^[SMH].

To be honest, I am from now on going to carefully read the release notes of the wallets I'm using, for sure. It's much better than noticing it like a year later as in this case.

Yeah, that's exactly what I mean. ;D Somehow people collectively noticed just now that half the wallets around have incorporated AOPP in their products.

---

By the way; I just wanted to see if there were any news about Passport v2 and found out that apparently @zherbert and his team have a very strong stance against AOPP, basically saying what we concluded in this topic earlier: it's technically just a shortcut to signing messages (which Passport can do), but they don't want to implement it because of the 'symbolic' of not agreeing to make deanonymizing users easy.

Just wanted to put this out here.. :)

It was there, I saw it as well. They might have removed the wallets section, but they forgot something else. If you click on 'Ecosystem', you will see some quotes and feedback from wallet developers on what they have to say about AOPP. That's almost the same thing because they posted which companies those people work for. :)
 
Right now, we have BlueWallet, bittr, BitBox, Pocket, Aktionariat, 21 Analytics.

I take major issues with how it is run. While marketing themselves as this magic bullet of privacy and anti-tracking, they accept money from companies such as Facebook and Twitter to whitelist their trackers. They still serve ads, just ads that they get paid for instead of other people, and in doing so inject their code in to every single website you visit to remove the native ads and replace them with their own, which is a security risk. They secretly hijack your browser and auto-redirect URLs you enter to include their referral codes. They accept a lot of money from Binance to inject Binance widgets in to the browser and to share your data with Binance. And don't even get me started on how a "privacy" browser can be asking its users for KYC.

All in all, it's probably better than Chrome, but it's far inferior to Firefox in terms of security and privacy. They do a lot of shady stuff behind the scenes, accepting money to sell out on both the privacy and the security of their users, while outright lying in their advertising and marketing.

Man, in my search for a new hardware wallet, Passport are really making it hard not to like them. I just wish they would remove all the unnecessary and risky bloatware they fill their device up with. I'll never buy one unless they do.

I heard Chromium ('degoogled') should be a good choice as well, but I don't really like the idea of using it myself.

I feel the same; but I have to be cautious not to sound like a Passport shill, lol. Though I can always point people to my review, that I think did criticize everything that's wrong / bad about it. Excited to see what changes will be in the v2 and of course going to review it sooner or later as well.. 0:)

I use firefox as well.

I recently added up these settings to get a better privacy experience in firefox. They called it hardening firefox. This guides helps to prevent telemetry and a few configurations which harms our privacy in the default firefox configuration.
https://chrisx.xyz/blog/yet-another-firefox-hardening-guide/

If you really need to use a Chromium based browser for some testing or some broken website which won't work otherwise, then Ungoogled Chromium or Bromite for Android are probably your best bet. But no matter how much tweaking you do of Chromium, you will never be able to remove all the deeply embedded crap from Google.

There are lots of different tools you can use to harden Firefox. Probably the most comprehensive one is to download and use the Arkenfox profile: https://github.com/arkenfox/user.js. If you want something more specific, then you can use this tool to build a custom profile suited to your needs: https://ffprofile.com/. There are also forks of Firefox with a lot of hardening built in, such as: https://librewolf.net/.

Isn't Mozilla doing something similar with Firefox like Brave, behind the scenes? They even returned google as their default search option :D
If you want more privacy open source browser than try using Librewolf that is fork of Firefox, and for real privacy just use Tor browser.

Getting back to AOPP, what do you guys think will be next hardware wallet to make AOPP integration? Maybe Ledger is next?
I know Keystone wallet is strongly against it and they even had 10% discount code for seven days using Coupon code NoAOPP  ;)
https://nitter.kavin.rocks/KeystoneWallet/status/1486817891202654211

after the disastrous reception of Trezor's implementation of AOPP, which they were basically forced to rollback, i doubt Ledger or any other hardware wallet will freely implement it.

I think they will only do such implementation if forced by legislation. My guess.


edit:
Blue wallet also removed AOPP integration:
https://twitter.com/bluewalletio/status/1486805550608392194
https://i.imgur.com/y2Migm7.png

Many developers are now afraid of losing customers because of the shitstorm AOPP caused.

Samourai Wallet has stated they will not be implementing AOPP and gave a long list of reasons why (https://twitter.com/SamouraiWallet/status/1486771410949357571).

The mobile lightning wallet Zeus has said the following about AOPP:
Source: https://twitter.com/ZeusLN/status/1486788819198218241

Blockstream also doesn't want it (https://twitter.com/Blockstream/status/1487085883668971525).

Yeah, I've been less and less impressed with some of the decisions being made by Mozilla as time goes on, not least of a company supposedly focused on privacy, security, and self ownership of your data deciding to no longer accept cryptocurrency donations.

A great point made by Samourai:


Requiring that a bank or exchange gives you permission to hold your own coins means, by definition, that said bank or exchange can refuse to give you permission to hold your own coins. This is the exact opposite of what bitcoin stands for, and by supporting AOPP you are supporting this nonsense.

Now that Trezor, BlueWallet, and Sparrow Wallet are all removing support, that leaves only BitBox, correct? And considering they helped to design it I can't see them removing support for it any time soon.

Good job to the community for speaking out so loudly against this privacy invading nonsense. Now you just need to stop using centralized exchanges altogether! :P

Among the popular wallets, yes, BitBox is the one that still hasn't turned its back on AOPP. But there are also less-known service providers like Bittr and Pocket, or Aktionariat (whatever that is). Maybe there are more wallets but they haven't publicly announced their support. Seeing the shit they had to take once it became known who did it, the next step could be to try and implement it in secret without telling anyone about it. Especially if they are already closed-source.     

I've checked the GitHubs of all the wallets I use and have found no mention of it, which is reassuring. Implementing it in secret isn't really going to work, since the user will either have to choose to activate it to approve a certain address for an exchange, or will link their wallet to the exchange to have the exchange do it for them, in which case it will be obvious what is happening in the background. They might be able to add it to their wallet in secret, but everyone will know it is there as soon as they are presented with the option to start using it.

Unless they're getting paid to implement it, I don't think they'll have any reason to add a feature in secret. Who's going to use it if they don't know it exists?

Appreciate the explanation. Was certainly not aware of any of this.



So it’s just all about better privacy? Isn’t DuckDuck Go better than Firefox just off the bat though? It’s great that these browsers are trying to do a good job of making things more private, but there’s a reason I still use chrome at times, it’s a million times better than anything else and it’s not even close. I just wish the others could catch up a little.

Firefox is an internet browser just like Google Chrome. DuckDuckGo is a search engine, like Google's search engine. The Chrome browser is faster, but that speed has privacy implications. If your anonymity is your #1 concern, Google Chrome and all Google services aren't the way to go to maintain that.

Genuine question: In what way is it better? I use Firefox and Tor. Obviously Tor has the usual drawbacks, speed issues, etc., but that is the price you pay for using Tor. Firefox, on the other hand, is both fast and secure and way less resource intensive than Chrome in my experience. Chrome seems to eat RAM like there's no tomorrow.

DuckDuckGo have a privacy focused browser app on both Android and iOS, and are currently working on a desktop version too.

And yeah, DDG probably is better than Firefox out-of-the-box, but Firefox provides far more customization and tweaking which allow you to make it very strong from a privacy point of the view if that is your goal, even on mobile versions. Or for desktop go with the LibreWolf fork of Firefox which has all these tweaks already implemented for you.

Thanks for the info. Google is far better in quite a few ways but I’ll provide some examples. I’m a coin collector so when trying to search for coins by name, chrome will return FAR better/more efficient results than anything else. That includes just the normal search and the photo search option. Another example, I often share Satoshis smart contract escrow proposal thread from here. If you search “Satoshi bitcointalk escrow” on DDG it’s not even on the first page. Search for it on chrome and it comes up very first link. Just a couple examples. Believe me I don’t like using Chrome, but often it’s necessary. I mean there’s a reason it’s by far the most used browser right.

Sure, I agree that DDG search results often aren't quite as good as Google's, but the Google search engine is quite distinct from the Chrome browser. No reason you can't use Google search on Firefox. And if you want to take it to the next level, then you can use something like https://www.startpage.com, which searches Google privately on your behalf and returns you the results without any tracking or other nonsense. I always use this when I'm looking for bitcointalk threads since I agree DDG just doesn't index them well at all. Or go a step further and use https://searx.me, which does the same thing of searching other search engines privately for you, but you can build a profile (or multiple different profiles) specifying which search engines to search.

I would be careful with doing that. Google will gladly advertise phishing sites and display them on top of the search results with an ad notification next to the name. That practice has led people to lose their money or credentials by logging in to fake sites pretending to be legitimate ones. We have seen that with exchanges, software wallets, and other services relating to cryptocurrencies.   

Regardless of which browser or search engine you use, there is no excuse for not using uBlock Origin which will completely remove these scammy ads. You'll find links for installation for Firefox, Chrome, Edge, Safari, and Opera on their sites below.

Website: https://ublockorigin.com/
GitHub: https://github.com/gorhill/uBlock

The only browser you shouldn't be using it on is Tor, unless you know what you are doing and understand the privacy risks which come alongside installing additional extensions to Tor. (Although it is worth pointing out that Tor on Tails comes bundled with uBlock Origin already installed, so as long as you leave it on default settings then you will still have a reasonably sized anonymity set.)

I have been using uBlock origin for many years, so much that I mostly got used to browsing web without any ads, so recently I had to use one ''normal'' computer for a short time, and it was unbearable.
I really don't understand how people can watch youtube or browse website with all that shut popping out all the time.
As for internet search engines, DDG is not the only alternative for google bigbrother, you can try brave search, qwant, startpage, searx, and even yandex search is much better than Gsearch.
Imagine earning bitcoin sats while browing internet... maybe some smart developer can create alternative search engine like this.

Let's get back on topic with AOPP, and let me say that I am not sure how exactly initiated it's creation, but it's nothing more than signing a message and connecting it with person identity.
I think this bad idea is dead after reaction from people, but I am sure regulators will try again with some new ''revolutionary'' tool soon.

Great info thanks for sharing.  You're right I should just be using the browser inside of DDG or FF instead of using Chrome.  I guess I didn't think that there really was a difference, but this makes sense.



Thanks for the heads up.  I think I do a pretty good job of trying to avoid that kind of stuff, but I'm not Mr Robot and I'm sure I'm far from perfect.  Will be careful with this going forward.


Is this something that can be used on mobile? I will definitely download this for my laptop and desktop when I get home. 

There are some mobile browsers with ublockorigin integrated, but you can use something called Blokada5 for your phone, this is probably the best ad-blocker for Andoid smartphones.
Blocks ads and trackers in all apps/browsers, and you don't need to root or jailbreak your phone... best of all it's free open source app.
Don't forget to do your own research before installing anything on your phone:
https://blokada.org/

I'm sure they will try again with the exact same tool, but rebranded to "message signing UX streamlining" or something similar.

Only on Firefox on Android, as far as I am aware. Last time I checked mobile Chrome does not support any extensions at all.

It doesn't work on iOS since every browser on iOS is really just Safari in disguise and only allows the installation of Apple extensions. There are less good alternatives you can use on iOS.

I think that Bromite browser, that is open source Chromium fork, has some integrated adblocker, it's not exactly UblockerOrigin but it get's the job done most of the time.
There is also DuckDuckGo Privacy Browser with their own ad-blocker but I don't like how it's working.
I can't speak much about iOS phones, and I think that apple messed up a lot of things in that front.

I would like to clarify that you're still mixing up stuff: Chrome is a browser. DuckDuckGo is a search engine. You can obviously run Firefox browser with DDG as default search engine and if you feel you're not getting good results, do the occasional Google search. From within Firefox.
A browser is not bound to a specific search engine usually - and if it is, you probably should switch browser, seriously.

In fact, one of my favourite DDG features is that you can temporarily switch search engine just with some small edits to your search query.
For example, you can just type 'satoshi bitcointalk escrow !g' and it would redirect you to a google search of that term. Or, if you want to use Google search for a query, but with some sort of proxy in between, there is the '!sp' option (StartPage) which will basically give Google results without having to visit Google.

Even for other reasons it's pretty cool; e.g. you can usually append an i to search for images. 'random coin i want !spi' would search on StartPage for 'random coin i want'.

All of these 'bangs' can be found here (https://duckduckgo.com/bang).

While I'm not keeping my hopes up, it would be great if the community as a whole learned a lesson with this AOPP catastrophe; in that we all should have noticed the sneaky introduction of it and implementation into most (also many quite good) wallets and 'protested' back then and there. I'm not sure what exactly started the recent outrage, but it is clear it should have happened way earlier. Hopefully this will be a lesson and our 'response' will be much quicker in the future.

I just notice that Trezor pre-released new version of Trezor Suite app that can be installed if you opted-in and enabled their Early Access Program, and they removed AOPP already!
They listed removal of AOPP as improvement  :D and they also improved QR code support making them bigger, they improved navigation and made other minor improvements.
New features are Anchor links for highlighting specific section and new custom home screen:
https://github.com/trezor/trezor-suite/releases/tag/v22.2.1

Not entirely true... because DuckDuckGo have their own Privacy Browser for mobile devices, but I am not exactly sure if it is based on Chromium, on Mozilla Firefox, or on something else.
DDG mobile browser is not my favorite and I think there are much better options out there, at least for android phones.

Anchor links can be very useful for websites with a lot of content because clicking on a button or an image takes you to that particular section of the page. I wonder in what parts of the Trezor Suite that would be needed? Maybe some sorts of explanations. When entering and dealing with transaction data, there isn't that much that needs to be entered.   

It does have an integrated adblocker, but you are also free to add and create your own custom list[1]. I've been using it for a while now (after using Firefox Nightly for a couple of months) and so far so good.

---

According to a recent interview[2] from Allison Johnson - Senior Communications Manager at DDG - it's based on Chromium on a rendering level:

---

[1]https://www.bromite.org/custom-filters (https://www.bromite.org/custom-filters)
[2]https://www.theverge.com/2021/12/21/22848133/duckduckgo-browser-pc-mac-beta-privacy-default-settings (https://www.theverge.com/2021/12/21/22848133/duckduckgo-browser-pc-mac-beta-privacy-default-settings)

I'm not sure it's fair to say it is "based on Chromium"; probably more accurate to say it's based on Blink for Windows or WebKit for Mac. Disappointing they aren't using Gecko, though. And if they are using OS provided rendering, then this probably also means it won't have a Linux release any time soon. And they will probably have very limited support for extensions such as uBlock Origin. So highly unlikely to tempt me away from my Firefox/Tor combo.

Yup, I might have mistyped the "based" section, they seem to use those sources for their browser, even though I wasn't able to find an official confirmation of it though. It's shocking to see that so many browser engines went dead ever since the first conception of NCSA Mosaic engine. This website[1] really gives us a shocking overview of the current "era" for browser engines and, regarding Gecko, they do have this "interesting" entry:
I wonder, what are these "toxic politics"/mismanagement that they claim to have been the cause for this market share decrease? Is this a grudge from whoever made this website or do we have actual arguments to sustain it?

---

You're also right - as of now no mention of a Linux release was made according to my research on their official media accounts/interviews. The same interview (from Verge) tells us that:
ItsFossNews[2] seems to support my findings since the report also claims that Linux users are still unsure if the browser will eventually be launched for them...

---

[1]https://eylenburg.github.io/browser_engines.htm (https://eylenburg.github.io/browser_engines.htm)
[2]https://news.itsfoss.com/duckduckgo-desktop-browser/ (https://news.itsfoss.com/duckduckgo-desktop-browser/)

I don't think Bromite will ever create any browser version for desktop operating system, not for Linux, Windows or Mac... they are focused only on mobile devices,
and even on their website they are claiming to be Chromium fork so I won't argue with that:
https://www.bromite.org/

Are you really so stuck with Mozilla even after they announced partnership with Meta aka Facebook for creating better ''privacy'' for users :P
It's time to move on from Firefox browser and use some forks, or maybe even creating something totally new.
Next thing we can expect from Mozilla is probably some new monster Frankenstein browser.

Let's get back to AOPP topic guys.
Any news for that or everyone abandoned the ship?  :D