The BitBoxApp offers an optional feature called Address Ownership Proof Protocol (AOPP). This article explains what AOPP is, what it isn’t and how we think it promotes self custody.
Buying bitcoin in Europe
To buy bitcoin, European bitcoiners currently have three options:
- A regular centralized exchange such as Coinbase, Kraken or Bitstamp that requires full KYC (Know Your Customer), including uploading of passport and other ID documents.
- A Swiss broker such as Pocket Bitcoin, Relai or Bittr, that only requires your bank account number and a signed bitcoin address to pay out to.
- A decentralized exchange such as Bisq or Hodl Hodl, that does not store any private information centrally.
All of these services have benefits and drawbacks. As much as we would love to see option 3 being the most used method, we have to acknowledge that these exchanges are not yet ready for users unfamiliar with bitcoin.
The past year has shown that especially in Europe, an increasing amount of new users successfully started their Bitcoin journey by using Swiss brokers and Dollar Cost Averaging (DCA) services (option 2). From our experience, the reason for this choice is that, for Bitcoin beginners, onboarding with these services is much easier and quicker than with traditional exchanges, as they don’t even require new users to create an account. Signing up and providing all KYC information with regular exchanges is much more complicated and takes a lot longer.
Self-custody is the first step to financial independence
A positive effect of the Swiss brokers is that users are required to hold their own keys. Because these providers are not allowed to hold customer funds, new users get directly onboarded to self-custody instead of keeping their funds on centralized exchanges. New users have immediate control over their bitcoin. What they do with their funds is solely their own decision.
When using this kind of service, users have to prove to the broker that the address they are receiving the bitcoin to belongs to them. We recognize that this can be considered a downside in terms of privacy, but it’s worth pointing out that through this process brokers don't learn any additional information they don't already know. For many users it is still worth the compromise since the broker already knows what address the user is withdrawing to. In fact, traditional exchanges nowadays already assume (or even require per their ToS) your withdrawal address to be your own.
In the past, this “address proof” has been done by taking a screenshot of your wallet, or manually signing a message with your public key. But signing a message is not something a new user is familiar with. This requirement was keeping beginners and non-technical bitcoiners from using Swiss brokers and driving them towards traditional exchanges instead.
Making self-custody simple
To make it possible for these new users to use lower-KYC services, signing a message has to be made as easy as possible. Ideally, the user only has to click a button on the exchange website, which opens up a dialogue in their wallet with the predefined message and an unused address. In turn the message has to be confirmed by the user on the hardware wallet itself.
This is exactly what the AOP protocol allows users to do. It is essentially ‘logging you in’ with your bitcoin address.
In addition to making signing easier, AOPP also simplifies the process of sharing your address with the exchange. No more easy clipboard hijacking attacks or confusion over withdrawal addresses.
User feedback throughout the last year has shown that making self-custody easier dramatically increased the number of users taking control of their coins. Many bitcoiners switched from traditional exchanges to non-custodial brokers based in Switzerland.
Why the BitBoxApp supports AOPP
As a Swiss company, many of our clients across Europe are using Swiss brokers to buy bitcoin without going through much tougher KYC processes in other jurisdictions. By using these services, they are actively choosing to use a broker with less invasive KYC and putting pressure on those that have higher KYC requirements.
For this reason, as well as the mandatory self-custody, Swiss brokers mark an improvement over traditional exchanges that deserves to be supported.
We believe self-custody is the most important part of Bitcoin. It is what differentiates Bitcoin from the traditional financial system. This is why we want self-custody to be as easy as possible, especially for beginners. Helping Bitcoin users take control of their keys was our driving reason for building a hardware wallet company, and is still our main priority today.
There has been discussion about AOPP in the Bitcoin community recently, especially in relation to data sharing and KYC. Unfortunately, we feel like it is easily misunderstood if you have never experienced it first-hand. Here are some common misconceptions we’ve heard:
“AOPP reveals private information about my wallet”
No, AOPP does not reveal private information of your whole wallet. Only one signed address is shared with the exchange at a time. Every signature must be manually confirmed on the BitBox02. Traditional exchanges already have your withdrawal address and connect it to your KYC information. Even if you don’t sign your address, their Terms of Service might prohibit you from withdrawing to other wallets than your own.
“I don’t know what this does in the background”
AOPP is completely transparent and open source. It does nothing without your explicit consent. You have to accept an AOPP request in the BitBoxApp first, and then confirm signing the message manually on the BitBox02 as well. If you don’t use an exchange that uses AOPP, you will never be impacted by it in any way. It is purely optional.
“Using KYC exchanges is bad”
We agree. However, there is currently no real alternative for beginners. Sadly, decentralized exchanges are not easy enough to recommend to beginners yet. We think the less KYC, the better. That’s why we encourage Europeans to use Swiss exchanges that collect less sensitive information.
“AOPP reveals personal identifiable information”
AOPP itself does not include personal information. If your exchange includes your personal data inside the message you should sign, you should reach out to your exchange and tell them to stop, as this is in no way required.
“If nobody supports AOPP, this will put pressure on regulation”
The legal requirement to prove your address has been around for over 2 years in certain jurisdictions, like Switzerland. It has been fought, but there is no change in sight. Governments do and will still require address ownership proof, even if AOPP is not adopted, as almost every single wallet supports the signing of arbitrary messages. If nobody supports AOPP it will simply lead to more people using traditional exchanges with stricter KYC requirements.
“You’re making it harder for people to self-custody”
It’s quite the opposite since exchanges that use AOPP are entirely self-custodial. AOPP actually promotes self-custody because the onboarding process for new users is many times simpler compared to traditional exchanges.
“You’re submitting to regulation”
We put the actual requirements of our users first. And they greatly value the ease of buying bitcoin through Swiss exchanges.
Don’t own a BitBox yet?
Keeping your crypto secure doesn't have to be hard. The BitBox02 hardware wallet stores the private keys for your cryptocurrencies offline. So you can manage your coins safely.
The BitBox02 also comes in Bitcoin-only version, featuring a radically focused firmware: less code means less attack surface, which further improves your security when only storing Bitcoin.
Shift Crypto is a privately-held company based in Zurich, Switzerland. Our team of Bitcoin contributors, crypto experts, and security engineers builds products that enable customers to enjoy a stress-free journey from novice to mastery level of cryptocurrency management. The BitBox02, our second generation hardware wallet, lets users store, protect, and transact Bitcoin and other cryptocurrencies with ease - along with its software companion, the BitBoxApp.