Bitcoin Forum
November 19, 2024, 06:55:31 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: "Connect Wallet" must go  (Read 149 times)
gregeryb (OP)
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
March 20, 2024, 02:26:06 AM
 #1

I've raised this with developers elsewhere and they got infuriated, insulting and blocked me. So I'm convinced it's a great idea.

Simply get rid of the "Connect Wallet" button. Why? Because wallets are a disaster. Browser extensions are insecure as they have access to all your data and rely on questionable Javascript injection. They are hard and clunky to deal with. They come with pop ups and questions. Braindead tasks like "Change Chain", "Install Snapon", "Add contract". Stuff I don't care about and shouldn't be doing.

The replacement is to make it similar to paying with a CC.

The only role of a wallet when dealing with a dApp is to approve transactions. An internet server can craft the transaction but that server won't be able to sign the transaction. The server does all the technical details and the user receives a notification to approve the transaction.

This means:

A client wallet app only has code to handle key pairs, sign transactions and monitor balances. No code to do anything else, no extensions or imported chains, no builtin browser. The server will have all the bindings to every chain API, all the wallet does is sign transactions that its been notified of.

So the steps would be if a user wants to pay on a site using crypto

1. Enter their Payer ID which could be email or a series of digits like a CC.
2. Enter amounts and details of the transaction into the dApp.
3. The payment server takes that and generates the transaction and sends a notification to the wallet.
4. The user sees this transaction and can approve/deny it for submission.



Issues:
- spammers sending notifications to everyone. The server would have to be run by an authority that filters who can send such notifications.
- It's open to fraud, e.g. the payee generates a transaction with a larger amount than the user entered. But it will be operated by an authority that can disconnect accounts from using the service anymore.
- It's based on centralized authority for who can access the service, but doesn't act as a centralized custodial service of funds.
- Lack of anonymity. Maybe not for the wallet holder but the business sending such notifications for a approval must be KYC

Benefits:
- Simpler for the business especially for the business that no longer has to give a 5 page tutorial on how to setup the wallet with their particular chain/dapp.
- Simpler for the user.
- The downfall of the "Connect Wallet" button.

Sure sites could keep using the notorious "Connect Wallet" button if they're alright having users turned off due to a complicated setup process.


Blockchain purists hate this. But I'm not really interested in what a Blockchain philosopher thinks. It's more about what a business and customers think.




tech30338
Full Member
***
Offline Offline

Activity: 728
Merit: 151


Defend Bitcoin and its PoW: bitcoincleanup.com


View Profile WWW
March 20, 2024, 02:42:22 AM
 #2

Seems like its almost the same, its just that you go back in time and make it almost manual, there is no difference in encoding your id, and connecting your wallet to a certain daps, instead they should focus and add another security features like it should show what will signing will do swap or just connect, i have experience when try to connect to a apps it will try to swap automatically without showing me the whole picture, of what is going to happen, also putting your email, is not a good idea, you really want your email to be expose?
They should focus on security instead since its everyone's problem breaches happening a lot , hackers are breaking securities without a sweat, i think that's where it should be focus first.

NotATether
Legendary
*
Offline Offline

Activity: 1792
Merit: 7390


Top Crypto Casino


View Profile WWW
March 21, 2024, 02:32:25 AM
Merited by philipma1957 (1)
 #3

I am not *that* experienced with Web3, but if there was a button on the site for making a particular transaction such as buying something, wouldn't it just prompt the user to sign a message?

I do agree with you that connecting a wallet to a website is a very bad idea security wise, since it exposes three attack surfaces: the wallet extension, the browser and the site itself.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
alexeyneu
Member
**
Offline Offline

Activity: 351
Merit: 37


View Profile
March 21, 2024, 08:21:58 AM
 #4


The only role of a wallet when dealing with a dApp is to approve transactions.
authorization also.
ABCbits
Legendary
*
Offline Offline

Activity: 3066
Merit: 8092


Crypto Swap Exchange


View Profile
March 21, 2024, 10:04:59 AM
 #5

As long as people generally prefer convenience over security, "connect wallet" feature will remain exist on many altcoin/multi-coin wallet.

- Lack of anonymity. Maybe not for the wallet holder but the business sending such notifications for a approval must be KYC

Wallet which offer "connect wallet" feature usually are light wallet which connect to certain server, which makes most of those wallet owner no longer anonymous.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
decodx
Hero Member
*****
Offline Offline

Activity: 1456
Merit: 940

🇺🇦 Glory to Ukraine!


View Profile
March 21, 2024, 10:47:49 PM
 #6

I get what you're trying to do here - make using wallets and dApps less of a headache for regular folks.  Believe me, I feel that pain too - switching networks, approving stuff, dealing with browser extensions.  It ain't fun. 

But I gotta say your solution seems to cause as many issues as it solves. Replacing decentralized apps with some centralized system users gotta log into? That smells fishy to me.  Ain't the whole point of crypto and web3 to get away from needing to trust servers and middlemen?

Sure, it might make life easier if some. But easier aint always better.
batang_bitcoin
Hero Member
*****
Offline Offline

Activity: 3164
Merit: 610


Get $2100 deposit bonuses & 60 FS


View Profile
March 21, 2024, 11:13:43 PM
 #7

I doubt it that feature will be gone, it's like that we're using emails connecting to different social media platforms as it's very convenient to use. But as a user who's getting into these, make sure that your curiosity will also make you safe by having these wallets that don't have balances on it for your safety. Many of the airdrop people are the ones that are being targeted by this tactic for scamming and phishing but I really have no confidence that it will be gone since web3 and all of these stuff making all of community convenient in using them.


░░░░░░░░░░░▄▄▄██████▄▄
░▄██▄░░▄▄███▀▀▀░░░▀▀███▄
░░░░░░░░░░░░░█▄█░▄░░░░░░░░░░░░░▄▄▄
░░▀██████▀
░░░░░░░░░░░███▄░░░░░░░░░░░░░▄▀▀▀░░░░░░░░░░░▄██▀░█░░░░░░░░░░░░░░░▄█
░░░▄████
░░░░░░░░░░░░░░███░░░░░░░░░░░░███░░░░░░░░░░░░░██░░█░░░░░░░░░░░░░░░▄██
░░██▀░▀██
░░░░░░░░░░░░███▀░░░░░░░░░░░▄▄▄░░░▄▄░▄▄▄▄░░░███░█▄▄░░░░░░▄▄▄▄░░▄▄██▄▄▄▄
░██▀░░░▀██
░░░░░░░░░░███▀░▄▄█▀▀██▄░░░███░░▄██▀▀▀███░░███▀▀███░░░▄██▀▀██░░░██
███
░░░░░███░░▄▄▄▄████▀░▄██▀░░░██▀░░███░░░██▀░░░██▀░███░░░░██░░██▀░▄██▀░░███
██░▄
░░░░░██░████▀▀▀░░░▄██▄░░░██▀░░▄██▀░░███░░░███░░██░░░░██▀░█████▀░░░▄███
██▄▀█░░░▄██░░▀███
░░░░░▀█████▀██████████▀██░░░██████▀█████████▀▀██▄▄▄██▀▀███▄▄▄██▀
░███▄▄▄███
░░░░▀███▄░░░░░▀▀▀░░░▀▀░░░▀▀▀░░▀▀░░░░░▀▀░░░░▀▀▀▀▀░░░░░░▀▀▀▀░░░░░░▀▀▀▀
░░▀▀███▀▀
░░░░░░░▀███▄▄░░░░▄▄
░░░░░░░░░░░░░░░░░░▀▀███████▀
░░░░░░░░░░░░░░░░░░░░░░░▀▀

 ▄▄▄▄▄▄▄▄░░░░░░▄▄▄██▄
██████████████████████▄
██████████████████████▀
█████████████████████
██████▀▀▀▀██████████
▀████░░░▄██████████
░░░░░░░▄██████████
░░░░░░███████████▀
░░░░▄████████████
░░░▄████████████▀
░░░█████████████
██████
██
██
██
██
██
██
██
██
██
██
██
██████

UP TO
60 FS

.PLAY NOW.
FinneysTrueVision
Sr. Member
****
Offline Offline

Activity: 1848
Merit: 444


Catalog Websites


View Profile WWW
March 22, 2024, 12:23:37 AM
 #8

Switching networks and adding contracts are not complicated tasks. You are using hyperbole to justify the need for a permissioned system. Of all the issues that exist with web3 applications, making interactions more simplified and user friendly isn’t the most urgent matter.

The current way of connecting wallets to dapps is already standardized and widely adopted. Any new standard, like the one you are describing, would be destined to fail because it will create a lot of unnecessary work for developers to implement when we already have something that is working well despite its shortcomings.

█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
███████▄▄████▄▄░
████▄████▀▀▀▀█░███▄
██▄███▀████████▀████▄
█░▄███████████████████▄
█░█████████████████████
█░█████████████████████
█░█████████████████████
█░▀███████████████▄▄▀▀
██▀███▄████████▄███▀
████▀████▄▄▄▄████▀
███████▀▀████▀▀
█▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
BitList
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀▀█











▄▄▄▄█
█▀▀▀▀











█▄▄▄▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
REAL-TIME DATA TRACKING
CURATED BY THE COMMUNITY

.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀▀█











▄▄▄▄█
█▀▀▀▀











█▄▄▄▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
List #kycfree Websites
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀▀█











▄▄▄▄█
JeffBrad12
Hero Member
*****
Offline Offline

Activity: 2968
Merit: 534


Leading Crypto Sports Betting & Casino Platform


View Profile
March 22, 2024, 12:46:35 AM
 #9

of course its gonna be great if we can simplify the process of dealing with transactions as easy as using CC but sometime the needs for such complication is for a reason, wallet that are implemented as extension usually injects global js object that contains rpc provider that also give layer of security by requiring the wallet owner to sign a transaction beforehand I think thats already good enough for now.
if there's another solution to keep thing simple of course its gonna be welcomed but majority of wallet nowaday are taking this approach so there's nothing really much can be done maybe they are just adjusting their wallet to the fact that there are so many blockchains and ERC20 deployed everyday so they need to make things modular even though at the cost of wallet being overly complicated but thats just how it is.
there's always some learning curve when people try to understand how to use wallet and so on, because its true that people need to be somewhat know about technology to use wallet these days even more so for blockchain that are EVM based.

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
tsaroz
Legendary
*
Offline Offline

Activity: 3136
Merit: 1069


DGbet.fun - Crypto Sportsbook


View Profile WWW
March 22, 2024, 01:02:27 AM
 #10

Browser extension, however secure we may make can be targeted by malware extensions and software. There are even targeted keylogger, clipboard changer that may change or view user input. The only reason we are using it is due to ease of access.
In case of mobile app of wallet that also acts as browser might be much safer than accessing dapps on browser with extension as there are lesser chances of taking control with a malware.
The best strategy I've seen is similar to what OP mentions. The browser and the wallet are on different device. Once device is used for browsing and interacting with dapps while other for giving permission. There's nothing shared on in dapps except the public keys.

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!