In Switzerland a Virtual Asset Service Provider (VASP)—any financial intermediary dealing with crypto assets such as Bitcoin—is legally obliged to require proof of ownership of a customer's wallet address before withdrawals and deposits can be made. AOPP is a simple and automated solution for providing proof of ownership of an external wallet's address.
As of August 2019, Swiss VASPs are obliged to require proof of ownership of a wallet address for withdrawals and deposits to the non-custodial wallets of their customers.
"A transfer from or to an external wallet belonging to a third party is only possible if, as for a client relationship, the supervised institution has first verified the identity of the third party, established the identity of the beneficial owner and proven the third party's ownership of the external wallet using suitable technical means."Swiss Financial Market Supervisory Authority (FINMA) is the Swiss government body responsible for financial regulation.
"Payment transactions to and from external wallets are only permitted where the wallets are owned by a member's own customer. The customer's authority over the external wallet must be verified using suitable technical measures. Transactions between customers of the same member are permitted."The Financial Services Standards Association (VQF) is Switzerland's leading self-regulatory organisation (SRO) for VASPs. As an SRO officially recognized by the FINMA, the VQF is obliged to supervise its members with regard to the combating of money laundering and the prevention of the financing of terrorism.
Full compliance with FINMA guidance, VQF regulations, and DNBs' interpretation.
Proves ownership with digital signatures instead of sending crypto assets or asking for screenshots, thereby enhancing user experience.
Does not require address reuse and so preserves conventional best-practices for privacy.
Adopting the digital signature standards that Bitcoin uses makes it straightforward to implement for developers.
The wallet communicates directly with the VASP. No intermediary needed.
Reduces risks of Man-in-the-middle attack (MITM) from crypto-malware by avoiding copy/paste of addresses.
Wallet developers, VASPs and Bitcoiners on their experience with AOPP:
All answers can be cross-verified by reading the AOPP technical spec.
No. AOPP is a protocol that is used between a VASP (virtual asset service provider, e.g. exchange) and an end user.
The VASP already knows the personal details of the end user. Nothing changes there.
When a user withdraws coins from a VASP he needs to specify a destination address. Nothing changed there, too.
AOPP merely digitally signs that information with the key corresponding to that address. This is a step that is non-trivial for users without a technical background. No information about the user's own wallet is leaked.
No. AOPP requires user interaction. After clicking an AOPP URI the user has the chance to inspect the signed message and, in the case it is deemed unsuitable, abort the process.
The verbose signed message comes from an explainer video. The goal of an explainer video is to be very explicit, and simplify and breakdown information to the most digestible depiction possible.
The signed message is configurable by the exchange and a mere user identifier or hashed value could be used. But those are concepts too confusing for an explainer video. Currently, all VASPs that use AOPP only use a unique identifier or hashed value.
Upon pressure from social media users some wallets have decided to remove AOPP support.
We are surprised that those wallets deem their users incapable of deciding on their own if they want to use AOPP. We can also imagine that fear of the cancel-culture has contributed to those decisions.
The end result is that their users cannot easily withdraw into their own wallets and will likely keep their coins custodial.
The success of Bitcoin stands on the shoulders of very engaged libertarians, cypher punks and crypto-anarchists. Without their educating, evangelising and persistent efforts the world of Bitcoin wouldn’t be where it is today. We thank them a lot for this! And we see ourselves as a vital part of this community.
We believe that the adoption of Bitcoin has reached a new phase. We are talking about mass adoption. Bitcoin can only succeed in its original mission if the user experience is as accessible as possible. If the community doesn’t improve usability then the trend towards custodial ownership (storing your Bitcoin on an exchange) will continue to further increase in dominance.
The failure in mass adoption of PGP is a good example of how crucial the user experience is. The privacy community has failed to understand what actions were required to improve the situation. We have ended up with the monopolistic, cloud-based messenger landscape that we see today. Accounts can be blocked or deleted, and messages intercepted.
AOPP is our contribution to empowering users to hold their coins in their wallets. We ask the early adopters to support the effort to make the mass adoption of Bitcoin a success story, and bring Bitcoin to a new height.
No. No information is sent without the wallet owner's consent. Supporting AOPP does not mean a wallet will share your information with any other party. In fact, the exchange will only send a message to the user's wallet via AOPP upon user request.
The information the wallet sends to the exchange is a signed message. This message can contain whatever details the exchange considers enough to fulfill their compliance obligations, but only data the exchange already knows, since it is the one who crafts the message.
AOPP is designed to simplify the user experience of non-expert users who are dealing with difficulties withdrawing their funds from exchanges to their own wallets.
The user experience of signing messages with wallets can be challenging and this is precisely what AOPP solves. It just makes wallet message signing easier.
AOPP allows the wallet to receive a text from a VASP (e.g. an exchange), request the user to sign it and send it back to that VASP.
This means the content of the message is crafted by the exchange, so it can only have information previously known by the exchange. The user is presented with that message and asked for consent to sign it.