pull down to refresh
10 sats \ 3 replies \ @joko OP 17 Nov 2022 \ parent \ on: New BitBox02 Update - Sats the standard, mobile UI improvements, and much more bitcoin
Why wouldn't you 'trust' it? You still confirm everything on the bitbox itself, not on the host device.
Because it probably uses AOPP under the hood.
According to it:
A transfer from or to an external wallet belonging to a third party is only possible if, as for a client relationship, the supervised institution has first verified the identity of the third party, established the identity of the beneficial owner and proven the third party's ownership of the external wallet using suitable technical means
Maybe all this does is sign an innocent message automagically but I can never be sure.
Maby things besides a harmless signature can leak to the thirdparty exchange, such as a unique wallet id, my xpub, tx history, etc.
Me manually signing a message is a way to keep being in control.
reply
AOPP is doing the exact thing that you are doing manually in Electrum. All it is, is a way to parse information such as "message to sign" and "where to send it". The BitBox02 does the exact same thing that you are doing when you sign something with electrum.
There's no special functionality in the firmware, it's simply asking you to sign a message. In addition to this, everything involved in the process is completely open source, so you can verify exactly what it does. If you don't trust what the app is doing, why would you want manual signing in the app?
You can compare it to using a QR-Code instead of manually typing out a lightning invoice. It does the exact same thing, but it's easier.
I can go on and on about misconceptions about aopp, but please first read our our blog post.
reply
With AOPP you seem to have no control over which address is used and the exchange now knows your hardware wallet vendor.
I get that it is more user friendly, I just prefer to avoid it for the reasons stated above.
There is also the ethical question that AOPP is just a first step in submitting to unjust KYC-like regulations. Sure, it's opt-in, right now only used by light-KYC swiss brokers but this can very well be an avenue of state attack.
First exchanges remove the option for manual signing. Then states mandate AOP also shares extra information.
I'm sorry for being a PITA with this, but when it comes to money and cryptography, we always should think adversarially both technically (which your company does) and politically (where it is lacking).
reply