收集|Wallets must be invisible

I’ve previously waxed rhapsodic about account abstraction, today I want to talk about the best wallet possible: the one you don’t know about.


Current discourse about Web3 mass-adoption boils down to “we need better UX”. Half of that is performance-related, blockchains are slow/expensive/wasteful, and half is about the primary medium of engagement with blockchain: wallets.

Plenty of bright folks are taking a crack at solving wallet UX. Usually the solution is a beautifully designed wallet with plenty of bells and whistles, using account abstraction to its fullest, or maybe an MPC wallet using moon maths to keep you secure (like this, this or this). There’s a plethora of options such as this 👇

My contrarian opinion is that none of this matter. Yes, it’s the most beautiful wallet. Yes you’ve tackled very specific problems that plague wallets today. But you will not solve wallet UX and onboard 7Bn people by making wallets more usable, you will solve wallet UX by making wallets invisible.

People don’t want wallets

Let’s look at the current best-in-class experience for a Web3 DApp: Sorare. To start playing on Sorare you must create an account. One username/password later, you’re onboarded the app and you can start trading (with various degrees of success).

Real visionary stuff
Real visionary stuff

Real visionary stuff

What happens in the background: Sorare deploys a wallet for you on StarkEx, but you’re not aware of it. It’s not advertised, it’s completely abstracted away. They store the key for you but encrypt it with a password only you know (gross oversimplification, don’t @ me).

This is basically the same for Torus/Web3auth/Plaid, and other “wallet as a service” services. The very sad thing is that you usually cannot reuse this wallet elsewhere. Users get app-specific wallets. So you win on the onboarding side (yay you onboarded users) and completely miss the point of Web3 (you’ve siloed them on an app).

Why aren’t we deploying non-app-specific wallets? Because it’s hard.

Without account abstraction, lower fees (and everything I talked about here) it’s extremely difficult to hand out a wallet to user and expect them to not make mistakes. These services therefore resort to semi-custodial solutions: they do not control the users’ wallets as in they can’t make transaction on their behalf, but they’re ultimately storing the key on their databases with various degrees of security.

The other reason we’ve come to deploy app-specific wallets is because we’ve come to believe that people actually want wallets.

You need a wallet to own digital assets. People want digital assets. Yet people don't want wallets
You need a wallet to own digital assets. People want digital assets. Yet people don't want wallets

You need a wallet to own digital assets. People want digital assets. Yet people don't want wallets

Consider Gmail. It’s a fantastic piece of software. People want to use Gmail. Turns out that, to use Gmail you need to create a Google account. Do people want to own a Google account? No. They want to use Gmail. You log in on Gmail, create an account, and you get going. Then you figure out you need a text editor, a spreadsheet, and (magic 🪄) your Google account works on Google Docs and Google Sheets! Huzzah!

Now imagine you start by telling people they need to create Google accounts. And that’s the only thing you advertise. Accounts. Best account UX. Easy login. Login with my account. Great login. Wow. Much login. So many apps with my accounts.

This is what “best wallet UX” companies are trying to sell: people will use us because we’re more usable and we’re the best wallet around. I wouldn’t give a damn. I don’t give a damn about my Google account. I care about the apps.

That’s what we’re doing in Web3: we’ve started to believe that people actually want wallets. But the blueprint for wallets should be to become a Google Account: invisible and ubiquitous.

World Wide Web Wallets

Take a DApp, briq for example. Currently we ask users to own a wallet to log in and start playing around. That’s a prerequisite, and that sucks. I’d love to have my grandparents use briq but wallets are too complicated. So they don’t use briq and I’m sad.

Now picture the following flow: you arrive on briq, choose a username/password to sign up, and start playing around. You’re happy. Now you go on another DApp, and reuse the same username/password and (magic 🪄) you login using the same wallet.

This is what Web Wallets like Argent’s will be able to provide.

The key thing here is that there is no wallet, as in no wallet app or plugin. You did not have to download an extension, install an app or whatever. You login, confirm via email, and you’re done. Similarly to a Safe, you start from a website.

It’s a real mindset shift because, so far, we thought that people wanted wallets so we’re used to providing apps and plugins to serve that need. But the web wallet completely flips the script: the wallet (as an app) doesn’t exist but the wallet (the blockchain object) does. This is only possible with smart wallets.

(The Argent Web Wallet is coming soon to a briq DApp near you by the way).

WebAuthn them all

Web Wallets are all well and good but I wouldn’t trust myself with a password to achieve financial independence (that’s why I trust banks).

Lucky for us there’s a standard for this. The best way to onboard 7bn people on the blockchain will be to deploy a wallet for them using WebAuthn. This is what Opclave, Cometh, and Cartridge before them, have done.

WebAuthn is a set of APIs that allows for web applications to simplify and secure user authentication by using registered devices rather than username/passwords. Simply put, you authenticate with your smartphone rather than remember passwords, and the keys are stored within the smartphone’s secure enclave. All popular smartphones are WebAuthn compatible and it is poised to become the de-facto standard for authentication.

Check out a real-life example of a Cartridge-Webauthn-powered onboarding for briq. Users scan a QR code, choose a username, authenticate through biometrics and voilà. They receive a briq set on a wallet Cartridge has deployed for them, and the key is safely stored on their smartphone’s secure enclave.

CoinTelegraph tried it out during StarkWare sessions:

Magazine tries out the onboarding process for noobs at StarkWare Sessions in Tel Aviv, Israel where gaming wallet Cartridge is handing out limited edition briq NFTs.

The whole process takes less than 30 seconds and is completely intuitive. Users scan a QR code, choose a username, and then create a passkey using the phone’s fingerprint scanner.

Existing crypto users will need to reconceptualize what they thought a crypto wallet was and how to access it. The noncustodial Cartridge Controller is actually a web-based wallet that interacts with Starknet. Instead of private keys, it makes use of Android or Apple “Passkeys,” which are both based on the WebAuthn standard, an initiative to standardize user authentication for web apps using public-key crytography.

Bonus pic of the Cartridge, Realms & briq team havin' fun with their respective mascots
Bonus pic of the Cartridge, Realms & briq team havin' fun with their respective mascots

Bonus pic of the Cartridge, Realms & briq team havin' fun with their respective mascots

To find their wallet again users just go on cartridge.gg and log-in again using the same smartphone. It’s that easy.

WebAuthn is still pretty expensive to run on-chain (but L2s ftw) and the Apple enclave requires using the secp256r1 curve, which is a problem for EVM chains that can only use the secp256k1 curve (this is what the Opclave team achieved during their hackathon). But I’m not too worried we’ll be able to solve this soon enough.

Progressive wallet disclosure: less is more

I recently had the pleasure to brainstorm with a company working on a web wallet and told them they were going the wrong direction because their widget looked like this:

This is trust wallet, but you get the point
This is trust wallet, but you get the point

This is trust wallet, but you get the point

When clicking on the “connect” button on briq the web wallet widget opened up and showed my ETH balance, the 20 different NFTs I own and my entire transaction history. I had to explain that users doesn’t care about all that, in that context. You do not need that much information on briq. The only thing the user is going to care about on the briq DApp are briq-related assets and information. When you’re on Google Sheet, you don’t need to know that someone edited one of your Google Doc.

I believe the reason this specific web wallet widget looked like this is because the company thought people wanted a wallet. And so far, wallets have always looked like this, so I can’t really blame them.

I came to think of this as progressive wallet disclosure. Don’t throw every single functionality to a user, you should contextually and punctually show them what is relevant, reveal what the wallet is capable of bit by bit.

Let’s consider a hypothetical user flow:

  • Alice creates a WebAuthn-powered web wallet on briq using her iPhone. She might not even know she owns a wallet, she just likes the briq sets and wanted to buy one. We decide to sponsor her first 10 transactions on briq because she bought an NFT using her credit card.
  • Alice checks her profile on briq and decides to sell one of her own creations. She logs in on Mintsquare, the Starknet NFT marketplace, by scanning a QR code and lists her NFT.
  • The NFT found a buyer! Suddenly Alice’s wallet is filled with fresh ETH. She’s curious about this magic Internet money and learns more about it. She also receives an email notification that her balance now exceeds $50 and she should add some more security options such as social recovery and velocity controls.
  • Alice can use a wide range of websites, like Zapper for DeFi and Showtime for NFTs, to see everything about her wallet and add or revoke security options, such as deadman switch, session keys, etc.
  • Building and selling more stuff, Alice discovers she has a good chunk of ETH and decides to start converting some into fiat. She authorizes an off-ramp protocol to sell some of her ETH every day and send the money to her bank account.
  • Six months down the line, Alice is completely crypto-pilled: she’s using a smartphone app to track her portfolio, she even bought a hardware wallet to improve her security setup. Now, she decides to stake the rest of her ETH to help secure Ethereum and contribute to the world computer.

In this example, Alice started with a simple NFT and moved all the way up to staking ETH. She never had to download an app or a browser extension. We never showed her everything her wallet can do on the first day, she discovered her superpowers over time, when it was relevant. Crucially, she was always in control: she had a key on her smartphone, powered by Apple’s passkeys, and added more security controls over time. She never had to forfeit her autonomy to a third-party, she could always run a transaction or revoke authorizations.

You don’t help people learn how to swim by throwing them into the pool and blame them when they drown. You get them floaters, you get them comfortable in the shallow end of the pool, and ease into the deep end.

Dude, Where’s my Wallet?

Some fun stuff happens with invisible wallets:

  • You don’t know where your wallet is: with the Cartridge wallet you know you have a wallet but you don’t necessary know where it is. You just have keys, and they’re like car keys: you can open you car, but you can forget where you parked. If the Cartridge user forgets about the cartridge.gg website, it’s like you forgetting where you parked your car. It’s important to tell users where they can fall back on, with a dashboard website for example. With Metamask, you don’t have that problem because the little fox is always at the top right of your browser.
  • You don’t know everything about your wallet: if the wallet is only showing contextual information, you might not know that something has happened to it. You might not even know you got an airdrop because you might not know you have a wallet. Email or smartphone notifications seem like a logical solution.
  • Web3 people are lost, Web2 people are happy: it’s very difficult for web3-natives to understand they do not need to have a wallet app/plugin, that their wallet floats in the ether. They quickly get weary and think you’re doing some custodial shenanigans. Web2 people are very happy, there’s nothing new here, accounts have always worked this way. I think it’s important to not cater to Web3-native needs here and tell them they’ll get used to it.

The NFT Checkout Opportunity

What would be the best way to leverage the previously mentioned features?

One hint:

From Electric Capital: https://github.com/electric-capital/developer-reports/blob/master/dev_report_2022.pdf
From Electric Capital: https://github.com/electric-capital/developer-reports/blob/master/dev_report_2022.pdf

From Electric Capital: https://github.com/electric-capital/developer-reports/blob/master/dev_report_2022.pdf

Overwhelmingly, people are using blockchains for NFTs rather than DeFi. I think it’s a great opportunity to do this 👇

I wonder what's going to happen next
I wonder what's going to happen next

I wonder what's going to happen next

We should have a checkout flow where a user buys an NFT with their credit card and credits the NFT on their newly-created wallet (powered by WebAuthn). Now users have a wallet and we can show them all the cool stuff we have in Web3 land.

Some issues:

  • Managing fiat & crypto: if in the end the “buy” action is performed on a smart contract, crypto-paying users can talk directly to the contract and be faster than fiat-paying users who’d need an on-ramp service. That can cause issues with auctions for example.
  • Payment processors become wallet companies and vice-versa: let’s say Paypal creates a checkout system to buy NFT, they’ll need to be creating wallets and manage them, possibly offering more services for users. If a wallet company wants to offer checkout services to get people onboarded on their wallets, they’ll need to start managing fiat.
  • A wallet with no ETH: the funny thing with NFT-first people is their utter indifference to cryptocurrencies, they just don’t care. That makes it difficult for them to pay their transaction fees. You can tackle this with paymasters, transaction sponsorship and possibly a monthly wallet fee to cover their fees.

To sum up the requirements

Start from the apps and walk your way back to the account, not the other way around
Start from the apps and walk your way back to the account, not the other way around

Start from the apps and walk your way back to the account, not the other way around

  • Users should be able to create wallets without a wallet app or extension: that’s why WebAuthn is so cool, the key is on your smartphone, backed by passkey.
  • Users should be able to use their wallets without holding cryptocurrencies: that’s what gas tanks provide, you could also do some super fancy Paymaster or MEV-powered bundling stuff with ERC-4337, or simply have the main app or wallet sponsor the transactions. You get 10 txs for free, and then a monthly subscription.
  • Users should progressively discover their wallet: don’t shove all the functionalities in their face on the 1st day, ease them into it and allow them to take progressive steps towards more independence and control.
  • Users should always be in control: start with a key held on a smartphone enclave and work your way up to a hardware wallet. Or don’t. But the first step should not be a custodial or semi-custodial option.

Closing thoughts

Folks that get most defensive about the idea of invisible wallets are crypto die-hards. You get things like “you’re giving too much power to Apple!” or “people will throw their independence away! Everyone must run a cold-storage setup!

WebAuthn, Web Wallets and such are options, it’s not reducing the overall security level, it’s providing more ways for people to engage with crypto. Don’t worry, you can keep the tinfoil hat on.

It’s somewhat reminiscent of an old debate regarding privacy where hardcore cypherpunks were adamant that everyone use pgp and hardcore cryptography stuff. Guess what, people don’t care and forcing them doesn’t work. But it doesn’t mean that we shouldn’t try raising privacy levels: that’s why Signal and HTTPs exist. Privacy should be embedded - invisible.

Check out Mark Miller and Dean Tribble on why techno-radicalism doesn’t work (9:27 in the video) 👇

Everyone can become crypto-fluent, but people must be able to make their first steps.

And, for that, wallets must be invisible.


Thanks @wraitii, @btchip for the brainstorms and review.

Subscribe to 0x00pluto
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
Verification
This entry has been permanently stored onchain and signed by its creator.