Talk on current state of user experience in dApps and challenges to make it mainstream. I discuss about the user flow for buying a cryptokitty, current DAUs for dApps and some proposals to address the challenges in private key management and key recovery
Current UX still very crappy
● Even before interacting with a dapp
○ Need to have wallet
○ Have Ether/other crypto-tokens
● No password recovery for wallets
○ Wallets susceptible to hacks
● No way to block fraudulent transactions etc. (like Banks)
Money! Money! Money!
Only speculators go through so many
ICOs have been the killer app - as it
introduced so many people to crypto
The promise of insane riches
● Only decentralised exchanges and gambling sites have highest usage
● Any dApp which are not for trading/speculation/gambling doesn’t have much
● Augur much hyped - only has ~50 DAUs
● dApp designs primarily for dev/geeks.
● Scares away normal people
● Users can't be expected to secure private keys/ mnemonic
phases when they are going on with their lives.
● All these complexities need to be abstracted aways
● Private Key Management
○ Need to have wallet
○ Need to have Ether in the wallet
● No simple ID system
● Key Recovery
Private Key Management
● Gnosis Safe
● WalletConnect - An open-source project that enables
desktop Dapps to interact with mobile Wallets.
● Shamir's Secret Sharing - Sharded private keys with
friends which enables authentication only when n-out of-m
keys are available
Identity/Biometric based mechanisms
● Based on Identity contracts
● Biometric based using fuzzy extractor
○ Suffer from privacy issues - biometrics can be extracted from public sources
○ more amenable to rubber hose attack - using coercion to obtain biometrics
● Using Iris scan to generate private key
What are the issues with tying private keys with Identity?
● Under the hood, mobile app, browser
extension and recovery keys translate
to four signers. Two of them are
required to make a transaction
● Creating a Safe wallet implies
deploying a smart contract on the
Ethereum blockchain. Simply need
to fund the address of your new Safe.
Reference : Gnosis blog
Gnosis Safe advantages
● The mobile app is the main point of interaction where all transactions are
● The browser extension acts as an additional security layer.
● All transactions done with the Safe also need to be confirmed by the browser
● The browser extension allows interaction with dApps via the web browser.
Now the same ID can
be used in new client
Source : Talk by Alex van de Sande
Reference: Universal Logins: First Demo
● No need to type or remember a password anywhere
● Instant login in multiple devices
● No need to download or install anything extra
● No single server with private data that can be attacked or leaked (but
beware of the public data you share on the blockchain)
● The user can take the account they created in one app and use it to login
in another app