10 sats \ 1 reply \ @joko OP 17 Nov 2022 \ parent \ on: New BitBox02 Update - Sats the standard, mobile UI improvements, and much more bitcoin
AOPP is doing the exact thing that you are doing manually in Electrum. All it is, is a way to parse information such as "message to sign" and "where to send it". The BitBox02 does the exact same thing that you are doing when you sign something with electrum.
There's no special functionality in the firmware, it's simply asking you to sign a message. In addition to this, everything involved in the process is completely open source, so you can verify exactly what it does. If you don't trust what the app is doing, why would you want manual signing in the app?
You can compare it to using a QR-Code instead of manually typing out a lightning invoice. It does the exact same thing, but it's easier.
I can go on and on about misconceptions about aopp, but please first read our our blog post.
With AOPP you seem to have no control over which address is used and the exchange now knows your hardware wallet vendor.
I get that it is more user friendly, I just prefer to avoid it for the reasons stated above.
There is also the ethical question that AOPP is just a first step in submitting to unjust KYC-like regulations. Sure, it's opt-in, right now only used by light-KYC swiss brokers but this can very well be an avenue of state attack.
First exchanges remove the option for manual signing. Then states mandate AOP also shares extra information.
I'm sorry for being a PITA with this, but when it comes to money and cryptography, we always should think adversarially both technically (which your company does) and politically (where it is lacking).
reply