pull down to refresh
related posts
100 sats \ 0 replies \ @ltngstore 17 Nov 2022
Grab one here! https://lightning.store/product/bitbox02-bitcoin-only-edition/
reply
10 sats \ 0 replies \ @Bendejo 17 Nov 2022
Yes, love it thanks. Bitbox the best of the best.
reply
3 sats \ 6 replies \ @sommerfeld 17 Nov 2022
When can I sign messages on the mobile app?
That would be useful to easily buy on relai and pocketbicoin.
reply
10 sats \ 5 replies \ @joko OP 17 Nov 2022
Pocket supports the automatic signature process. You open pocketbitcoin in browser and just click on "open in BitBoxApp". It's really easy.
Relai doesn't support this yet, but probably will at some point. Unfortunately you still have to use electrum to create a signature for relai.
reply
0 sats \ 4 replies \ @sommerfeld 17 Nov 2022
I don't trust it. I prefer to manually sign the message.
reply
10 sats \ 3 replies \ @joko OP 17 Nov 2022
Why wouldn't you 'trust' it? You still confirm everything on the bitbox itself, not on the host device.
reply
0 sats \ 2 replies \ @sommerfeld 17 Nov 2022
Because it probably uses AOPP under the hood.
According to it:
Maybe all this does is sign an innocent message automagically but I can never be sure.
Maby things besides a harmless signature can leak to the thirdparty exchange, such as a unique wallet id, my xpub, tx history, etc.
Me manually signing a message is a way to keep being in control.
reply
10 sats \ 1 reply \ @joko OP 17 Nov 2022
AOPP is doing the exact thing that you are doing manually in Electrum. All it is, is a way to parse information such as "message to sign" and "where to send it". The BitBox02 does the exact same thing that you are doing when you sign something with electrum.
There's no special functionality in the firmware, it's simply asking you to sign a message. In addition to this, everything involved in the process is completely open source, so you can verify exactly what it does. If you don't trust what the app is doing, why would you want manual signing in the app?
You can compare it to using a QR-Code instead of manually typing out a lightning invoice. It does the exact same thing, but it's easier.
I can go on and on about misconceptions about aopp, but please first read our our blog post.
reply
0 sats \ 0 replies \ @sommerfeld 18 Nov 2022
With AOPP you seem to have no control over which address is used and the exchange now knows your hardware wallet vendor.
I get that it is more user friendly, I just prefer to avoid it for the reasons stated above.
There is also the ethical question that AOPP is just a first step in submitting to unjust KYC-like regulations. Sure, it's opt-in, right now only used by light-KYC swiss brokers but this can very well be an avenue of state attack.
First exchanges remove the option for manual signing. Then states mandate AOP also shares extra information.
I'm sorry for being a PITA with this, but when it comes to money and cryptography, we always should think adversarially both technically (which your company does) and politically (where it is lacking).
reply
1 sat \ 0 replies \ @phamtruax 18 Nov 2022
Just ordered mine yesterday, amazing
reply