 Bip70 controversy. BitPay invoices are emitted according to the Bip70 standard, instead of the more widely used Bip21. Samurai Wallet, for example, does not support Bip70 and refuses to implement that feature. Could you explain why Bip70 is controversial in itself, and why BitPay implements a non-universal Bip? Do users have a role to play in this controversy? First of all, a quick explanation on what Bip21 and Bip70 are. Bip21 is a standard for creating Bitcoin payment URLs, universal resource locators, which are basically like HTTP URLs only, they are actually of the Bitcoin type. These would be URLs that start with Bitcoin, and then they have a Bitcoin address, that is the simplest form. But they may also have a label that tells you what you are paying for, and gradually that standard has been extended in different ways. There are even proposals now to provide alternative payment addresses, such as having a basic Bitcoin 1 address, but also a Segwit P2SH address, like a 3-address, or a pure native Segwit Bech 32-address, which starts with BC1. In any case, Bip21 as a standard has been wildly successful, because the simple URL format makes it very easy to make payments. However, it does have one, a fairly fundamental weakness, and the weakness is that it is fairly easy to spoof and substitute the address inside a Bip21 URL. There is nothing authenticating that the address you receive that is shown to you as a QR code is the one that the merchant actually put in their site. If anybody hacks a website or they manage to intercept traffic, or if there is a trojan on your computer that has privileges over your browser context, and can inject JavaScript or can inject and change the DOM, the browser environment, then they can substitute the actual URL, and they can substitute the Bitcoin address, so you make a payment and it goes to the wrong place, it goes to the attacker, it goes to the thief. Bip70 was actually created to solve this problem. What Bip70 does is it wraps the Bitcoin address in a signed message that has an X509 certificate, meaning it has kind of like an SSL certificate, whereby the company that produces the address uses a private key to digitally sign the message, so that you can see that the Bip70 address that you are seeing in your browser is actually signed. Theoretically, you could have clients that validate that signature and show you maybe like a green padlock, like you would have with SSL, that allows you to make sure that that address hasn't been modified en route between you and the merchant. This is obviously an additional layer of security. There is some controversy about Bip70, specifically the way it coalesced around an already centralized protocol, which is the certificate issuance mechanism for SSL certificates, X509 certificates, which is a closed centralized market with a number of centralized providers. Additionally, there was some controversy about the possibility of having clients provide a certificate to authenticate the user, which could then allow the kind of know-your-customer, anti-money laundering, identity surveillance stuff. There is obviously a lot of resistance in the Bitcoin community, so there was some controversy around the standard. However, I don't think the real controversy here is the fact that BitPay, the provider, provides Bip70 certificates, because they were doing that before, and there wasn't as much of an uproar. I think the real issue was that in the past there was a button that allowed you to show the Bitcoin address as a QR code alternative to the Bip70 signed address. You could extract and look at the Bitcoin address and pay it with any client that supported Bip21. You didn't have to use Bip70. You could use either or, so you could use the slightly more secure, supposedly, or allegedly solution, which had a certificate, or you could use the less secure Bip21 URL, which had broader compatibility. However, several months back, I think it's more than six months now, they chose to remove the alternative option. You can only access the Bitcoin address, and I think that causes some controversy. A lot of the wallet builders weren't supporting Bip70, didn't want to support Bip70 for political reasons. As a result, they were not willing to process Bip70 payment requests. From BitPace Protective, I can also see that if you have something that is signed with a certificate, then that's the secure way of doing it. You also offer the insecure way of doing it, then you're undermining the security. One of the nice things about SSL is that most SSL sites don't let you go to an unencrypted version of the site. They don't give you the HTTP alternative to HTTPS. From a certain perspective, I think that makes sense. However, it's created a lot of pushback, leading to the emergence of alternatives and competitors to BitPace, with projects such as BTC PayServer. That's all I have to say. Just a quick explanation of what's going on there. There is a mechanism where you can go to a website, take the Bip70 payment instruction, and decode it into a Bip21 URL. You can make a payment even with a wallet that doesn't support the Bip70 payment request. However, that's even more secure, because then it's not even the merchant that's decoding and giving you the Bip21 alternative. It's a third-party site. Now you've got to trust yet another party. I think that's an even worse solution. Inadvertently, by choosing not to offer a Bip21 URL, maybe BitPace is pushing people to use third-party sites or poor implementations. You make your own choices here.