Address Ownership Proof Protocol (AOPP)
As of August 2019, Swiss VASPs are obliged to require proof of ownership of a wallet address for withdrawals and deposits to the non-custodial wallets of their customers.
Full compliance with FINMA guidance, VQF regulations, and DNBs' interpretation.
Excellent User Experience
Proves ownership with digital signatures instead of sending crypto assets or asking for screenshots, thereby enhancing user experience.
Does not require address reuse and so preserves conventional best-practices for privacy.
Easy to Implement in Wallets
Adopting the digital signature standards that Bitcoin uses makes it straightforward to implement for developers.
The wallet communicates directly with the VASP. No intermediary needed.
Reduces risks of Man-in-the-middle attack (MITM) from crypto-malware by avoiding copy/paste of addresses.
Does AOPP Reduce My Privacy?
No. AOPP is a protocol that is used between a VASP (virtual asset service provider, e.g. exchange) and an end user. The VASP already knows the personal details of the end user. Nothing changes there. When a user withdraws coins from a VASP he needs to specify a destination address. Nothing changed there, too. AOPP merely digitally signs that information with the key corresponding to that address. This is a step that is non-trivial for users without a technical background. No information about the user's own wallet is leaked.
Why Is The Signed Message In The Demo Video so Verbose?
The verbose signed message comes from an explainer video. The goal of an explainer video is to be very explicit, and simplify and breakdown information to the most digestible depiction possible. The signed message is configurable by the exchange and a mere user identifier or hashed value could be used. But those are concepts too confusing for an explainer video. Currently, all VASPs that use AOPP only use a unique identifier or hashed value.
Why Have Some Wallets Removed AOPP Support?
Upon pressure from social media users some wallets have decided to remove AOPP support. We are surprised that those wallets deem their users incapable of deciding on their own if they want to use AOPP. We can also imagine that fear of the cancel-culture has contributed to those decisions. The end result is that their users cannot easily withdraw into their own wallets and will likely keep their coins custodial.
Is This What Satoshi Envisioned?
The success of Bitcoin stands on the shoulders of very engaged libertarians, cypher punks and crypto-anarchists. Without their educating, evangelising and persistent efforts the world of Bitcoin wouldn’t be where it is today. We thank them a lot for this! And we see ourselves as a vital part of this community. We believe that the adoption of Bitcoin has reached a new phase. We are talking about mass adoption. Bitcoin can only succeed in its original mission if the user experience is as accessible as possible. If the community doesn’t improve usability then the trend towards custodial ownership (storing your Bitcoin on an exchange) will continue to further increase in dominance. The failure in mass adoption of PGP is a good example of how crucial the user experience is. The privacy community has failed to understand what actions were required to improve the situation. We have ended up with the monopolistic, cloud-based messenger landscape that we see today. Accounts can be blocked or deleted, and messages intercepted. AOPP is our contribution to empowering users to hold their coins in their wallets. We ask the early adopters to support the effort to make the mass adoption of Bitcoin a success story, and bring Bitcoin to a new height.
My Wallet Supports AOPP but I Don't Want to Send Additional Information to Other Parties. Should I Be Worried?
No. No information is sent without the wallet owner's consent. Supporting AOPP does not mean a wallet will share your information with any other party. In fact, the exchange will only send a message to the user's wallet via AOPP upon user request.
What Information Will My Wallet Send to My Exchange?
The information the wallet sends to the exchange is a signed message. This message can contain whatever details the exchange considers enough to fulfill their compliance obligations, but only data the exchange already knows, since it is the one who crafts the message.
What Is AOPP?
AOPP is designed to simplify the user experience of non-expert users who are dealing with difficulties withdrawing their funds from exchanges to their own wallets. The user experience of signing messages with wallets can be challenging and this is precisely what AOPP solves. It just makes wallet message signing easier.
How Does AOPP work?
AOPP allows the wallet to receive a text from a VASP (e.g. an exchange), request the user to sign it and send it back to that VASP. This means the content of the message is crafted by the exchange, so it can only have information previously known by the exchange. The user is presented with that message and asked for consent to sign it.