The Address Ownership Proof Protocol or AOPP might’ve been the most sophisticated attack on Bitcoin so far. With a fairly benign protocol that only affected people in Switzerland, the powers that be infected some of the most respected wallets in the space. Only people who bought Bitcoin at Swiss centralized exchanges and were already fully KYC’d had to prove ownership of their wallet’s address, so it didn’t seem that bad. But it was.
Related Reading | Jack Dorsey Praises Open Source, Buys Trezor Bitcoin Hardware Wallet
On the AOPP official site , they define their product as:
“In Switzerland a Virtual Asset Service Provider (VASP)—any financial intermediary dealing with crypto assets such as Bitcoin—is legally obliged to require proof of ownership of a customer’s wallet address before withdrawals and deposits can be made. AOPP is a simple and automated solution for providing proof of ownership of an external wallet’s address.”
Even though several wallets implemented the protocol, it was Trezor who caught most of the flak.
What Did Trezor Say About AOPP?
Early in the morning, on January 27th, a Coindesk article announcing Trezor adopted AOPP casually hit the timeline. The company even tried to use it for advertising:
“We’re glad to see more individuals taking custody of their crypto assets,” Marek Palatinus, CEO of SatoshiLabs, the maker of the Trezor hardware wallet, said in a statement. “AOPP makes it simpler and faster for users to withdraw to the safest place for their coins: their Trezor.”
The Bitcoin community didn’t like it. Why? Because hardware wallets are supposed to be sovereign. And if you give an inch, they’ll take a mile. By the afternoon, Trezor had to make their position clear via Twitter. They said:
“Not supporting AOPP will lead to helping the government to fence people on exchanges, and our motivation to add direct support was exactly to keep the government from doing so.
The message for signing is composed of information already available to the exchange. The address must be sent to the exchange to receive the coins.”
Swan Bitcoin’s Guy Swann immediately responded, “That makes no sense, how does it do that exactly? This sounds to me as dumb as saying “you will get your freedom back” if you just comply with all the dictates that throw your freedom in the garbage.”
It didn’t help that the demo that the company that developed AOPP put out seemed to reveal an absurd amount of information on each transaction. Starting by the name and living address of the people doing the transaction:
looks scary pic.twitter.com/uPDGw91VYB
— ₿itcoinaz⚡ (@bitcoinaz) January 27, 2022
Samourai Wallet Shows No Mercy
Other wallets showed their discontent. The people behind Zeus, for example, said, “We’d rather nuke our app than support something harmful to Bitcoin like AOPP.” Samourai though, they went all-in.
Our understanding of AOPP is it that is some sort of API that wallet developers can incorporate that will automatically ‘prove’ ownership of a non custodial wallet to the exchange where the user is withdrawing from.
Here is why Samourai Wallet won’t include support for AOPP
— Samourai Wallet (@SamouraiWallet) January 27, 2022
Their takedown listed three reasons why their product wouldn’t support AOPP:
“1) Undermines self custody. Ironically proponents of this say this will promote self custody by providing a regulated pathway. That is nonsense and by buying into this system you are legitimizing the concept that self custody requires permission & compliance.
2) Reveals a weak ‘immune system’. The fact that so many developers of non custodial wallet software have seemingly bought into this system will only serve to bolster further incursions by regulators in the future as compliance among developers was high previously.
3) Further undermining of the pseudonymity of Bitcoin. Tying identifying information to what is supposed to be a pseudonymous UTXO is a serious privacy concern by itself. Providing regulators with a cryptographic proof of your identity to a certain output is over the line.”
Removing AOPP with the next release. https://t.co/YRwt1b7LWq
— Sparrow Wallet 🐦 (@SparrowWallet) January 27, 2022
Samourai asked other wallets to reconsider their AOPP support. Which they did, one by one. And finished their rant with “Users who choose to make use of exchanges in hostile jurisdictions (like Switzerland) can of course manually sign a message with their private key, but we will NOT be facilitating this communication in any way using any API.”
What Did We Learn From AOPP?
Bitcoin Magazine summarizes the situation like this :
“The protocol isn’t inherently bad as it simply seeks to facilitate the enforcement of wallet verifications measures in Switzerland by making an interoperable standard available to wallet developers to implement. But even though AOPP isn’t in and of itself negative, it legitimizes the practice of checking for address ownership, and implementing it opens up a precedent for having the government influence developments in the open source Bitcoin wallet space.”
Removing AOPP next release.
We appreciate all the feedback, thank you! 👊
— BlueWallet (@bluewalletio) January 27, 2022
In the end, as all the wallets announced they were removing AOPP support, Trezor caved. The company published a detailed blog post explaining its decision. Trezor assured the public that the implementation “was not a step taken due to any external pressure, regulatory or otherwise.” And concluded:
Related Reading | Samourai Prepares for Internet-Free Bitcoin Transactions With TxTenna Launch
“Our sole aim was to make withdrawal to self-custody easier for users in countries with strict regulation, but we acknowledge that more harm than good could be done in the end if this were viewed as proactive compliance with regulations we do not agree with.”
All’s well that ends well?