David Sneider wrote an interesting piece that relates strongly to what we have stressed over the last few months: The UX of blockchain applications ain't that great. See our blockchain + UX post here, here and here.
- "At Deconet, we’ve implemented a solution for users to control their private key without requiring these users to understand any new systems, conventions, or standards." - Andree @blended: The way to go!
- "When funds are placed into Smart Escrow, companies incentivize the teams they are working with to get milestone based work done, within a per agreed upon window of time. Due to it’s peer to peer nature, approving proposals from teams, accepting / declining milestones, and managing disputes are functions that require a private key for the user to ‘talk to’ Smart Escrow." - Andree: Curious to see how this plays out on actual projects.
- "When a user signs up for Deconet, a deterministic private key and corresponding blockchain address is generated using their email and password. The secret (email + password) gives the user control over their private key, and needs to be remembered which makes this a type of ‘brain wallet’." - Andree: Very similar mechanism on how the process works at BitBay's decentalised marketplace. Although BitBay does not require a user's email address.
- "When the private key is derived, it exists only within the user’s browser for the current browsing session. Deconet does not have access to the private key. Once the private key is in the browser, the browser interacts with the blockchain via meta transactions powered by user interface actions. From the user’s point of view, they are just clicking on buttons on an application they’ve signed into. Deconet pays the blockchain fees. Each action performed by the user is signed by their private key, which get broadcast to the Deconet Smart Escrow contracts, running on blockchain." - Andree: It reads similar to what the team at Bitbay did. More details in this post. Also, I'd be curious to see how their team has set up the process in which Deconet actually pays the network fees.
- "The user’s brain wallet is generated upon clicking “Sign Up”. At this point, the browser splits this private key into two of two parts via Shamir’s Secret Sharing scheme. The browser then sends half of the secret to the user’s email and sends the other to Deconet." - Andree: This is something that I would urge the team at Bitbay to look into. As far as I know the recovery process is being updated as I write this (link to their marketplace)
- "When a user needs to needs to reset their password, they have to find the email that contains their reset link. Upon clicking this link, they are sending their half of the secret up to Deconet where it’s combined with the half of the secret we hold. At this point, the process starts over again, a new wallet is generated in the browser, split into parts, etc." - Andree: They keep part of the secret on their side. I would assume that a typical user does not know that password |= secret. Alas, this may result in distrust.
...read the full article here: How We Solved Blockchain Application User Experience