Signing Keys, Multi-Device, and the Fundamental UI Problem in Crypto

G
0xCC65
January 12th, 2021

I was away from my computer this the weekend, hiking in Berkeley (photos below). Because posting entries on Mirror require a device signature, and the private keys are on my computer browser, I was unable to post an entry. This relates to the fundament crypto UI problem:

The browser is a sandboxed OS; every flavor of app/game/UI will be efficiently and safely executable within this container, but we don't store private keys in-browser, and users don't all carry private keys all the time. Metamask is a bridge between the browser and your keys, but it's not safe; we call it a kind of "hot-wallet" since it's always connected to the internet, and therefore at higher risk of being hacked. Read more on this tweet thread

Figuring out this interaction will be a breakthrough, and I can see it as something that Apple might be able to do -- through a secure enclave for your private keys built into your phone. It would be typical for Apple to wait until the crypto space is mature, and then create a beautiful solution to the biggest design problem, working from first principles -- not as a browser extension (Metamask), app (Dharma, Argent) or hardware wallet (Ledger), but as something that's a core part of your phone's hardware.

In any case, for Mirror, we do store the private key in the browser for signing entry (we call it a "signing key"), but it's not an Ethereum key that we store. The private key we store is a non-exportable type that can never be shared and cannot hold economic value. In the future, adding new devices will be quite easy to do, simply by creating a new signing key on the new device, and then sending that key to the original device to be signed by an Ethereum wallet.

Soon, I'd like to validate if we're able to set up a mobile Chrome browser to be able to write to Mirror, using this method.

Other thoughts

I watched an interesting video today called "Data Dignity", between Jaron Lanier, and Avital Balwit from Radical Exchange. It relates to the economic models that "Big Tech" use, and how those create perverse and confusing incentives. It also tackles the ideology rooted in many of these companies that views humans as merely tools to help a rapidly evolving technological "intelligence"; he depicts us as ritualistically sacrificing our data to grow this emergent intelligence, and then hand-wringing over things like UBI because AI will take all the jobs.

Jaron is a quirky genius, and I want to read everything that he's written.
Watch interview on YouTube

View from my hike in Berkeley (Grizzly Peak)
View from my hike in Berkeley (Grizzly Peak)

P.S. Programming is a game (rules = syntax + compiler). Having a brain that enjoys this kind of game is rewarding, because you can make a decent salary playing games.

Arweave TX
dB16VG…ymzGkA
Ethereum Address
0xCC65…824026
Content Digest
FNo46P…jG6px8