What if users can register for DApp using social accounts such as email, Twitter, and Facebook?
Original title: “DApp developers, are you here to embarrass me? 》
Written by: Alex Roan
Translation: Nuclear Cola
Although decentralized applications have made many tempting promises, the truly perfect results seem to have not yet appeared on a large scale. The good news is that some projects are already exploring and trying, including Torus, Fortmatic, Portis, Unilogin, and Authenticreum, which hope to compete with Metamask and emphasize de-bottomized next-generation wallet solutions. But personally, I think the current projects are not enough to truly represent the future of DApp.
DApps that are not friendly to novices
In the past few years, the experience of DApp has not been very good for me. As a user, whenever I intend to send a transaction on the blockchain, an ugly window will pop up, prompting me to confirm and warning that it will incur costs. In short, it is very uncomfortable.
I already have a lot of experience in using it, so I’m fairly comfortable. But other newcomers are likely to be scared away from the blockchain platform. This type of problem has not changed so far. Every time an operation is attempted, a frightening pop-up window will appear, which eventually leads to a very high rate of customer churn for DApps.
I can understand that, as the operator of the platform, they want to make sure that users are aware that some of their operations will incur costs. After all, if the reminder obligation is not fulfilled, the user community will soon complain, and even be surprised that there is no money in their Ethereum account. However, more scientific and reasonable methods should be used to achieve the goal.
Figure 1: Metamask transaction confirmation
Take Figure 1 as an example. Unless everyone is very familiar with Ethereum wallets, DApps, and even the entire cryptocurrency industry, you don’t even know what this window is for. Some users may even think that this is a fraudulent website because you click The design of the button to produce the pop-up window is often linked to the words inferior quality and unreliable. However, this has become an industry norm. Whenever a user wants to interact with a smart contract, a pop-up window will appear.
More than that, sometimes users even need to install a complete extension to interact with the DApp. Fortunately, the situation is slowly changing. Opera has released support for DApp in its mobile browser, and other wallets are now starting to have built-in DApp browsers. But all of this is only in the niche stage and has not yet entered the mainstream at all.
In other words, unless Google can support DApps in its Chrome browser, or Mozilla provides similar options on Firefox, this problem will never be solved. No matter how beautiful and friendly the pop-up window is (Fortmatic uses a curved frame design), how many niche products start to support Web3 injection, the problem will continue to exist.
“Hide” your backend system
Users who use Metamask and other Web3 injection programs are already familiar with this method of operation. They have a wealth of experience, so they will not be deterred by DApps. But I feel that simply making the experience more fancy, smoother or more rounded is a waste of time. This is not enough to really attract mainstream users, because substantial thresholds still exist. In other words, the real reason for scaring them back is that they don’t understand what happened.
Instead of focusing on simplifying the Web3 injection experience, it is better to discard it completely. We can build a platform that allows users to directly interact with smart contracts without involving any smart contracts or blockchain elements. Through this “de-bottomization” measure, the public can truly accept this new trading platform and experience.
Everyone may wish to learn to think like a bank-the bank will never show off the internal functions of the system, but provide one by one visible and understandable options for users to judge. This de-bottomized design strips out the heavy back-end system to ensure that users will not easily touch it.
But how can this be achieved?
Most DApp development tutorials are teaching Web3.js or Web3.py knowledge and how to interact with the Web3 instance injected in the browser through these libraries. This is how most DApps are built, often exposing the underlying pipeline and causing the use of Metamask to always be full of annoying pop-ups. As mentioned before, this design is suitable for advanced users, but we can also hide the pipeline completely, that is, do not require Web3 support on the client side.
We need to build a platform that does not require Web3 injection. Specifically, users should be able to complete registration using their own email and password, and even social login names such as Twitter, Google, and Facebook. In short, the more familiar and affinity you are, the better.
Many friends may find it difficult to achieve this, but long-tested trusted frameworks such as Laravel can fully work and bring a more “normal” look and feel to mainstream users.
After logging in and entering the information center, we should guide users to create their own accounts. Just click a button and the backend will generate a new Ethereum address.
But some friends may ask: “What should I do with the private key?”
First of all, for mainstream users, whether the private key is in their own hands is not a big problem. I know that it is not a good idea to centralize all private keys, and it can even be said to be contrary to the entire value proposition of blockchain technology. Therefore, we should help users retain their private keys at a minimum, purely for the purpose of enhancing ease of use.
Secondly, please do not store the private key in plaintext or even hash value form. Both Web3.js and Web3.py provide encryption and decryption functions, and these functions require a private key. As long as the password specified by the user is matched, the private key can be guaranteed to be safe.
Therefore, you can store these keys together with your account on a centralized platform, thereby eliminating the need to expose Web3 and use Metamask.
Focus on expanding user scale
Suppose you are building a payment platform with an Ethereum smart contract as the backend. You need to know that your users need to interact with the platform, but you don’t want to set too high a threshold for using Metamask and wallets. This is the mainstream situation-users just want to use your product instead of spending a few hours learning Web3. Therefore, the most important thing is to first establish a platform that can register and log in through Facebook, Google and other social networks.
Build a set of dashboards for users to create accounts. If you are worried that blockchain terminology will scare them away, please try to use more friendly expressions. During the creation process, users can be required to provide a pin code or encryption password, or they can directly use their login password for private key encryption. The encrypted private key will be stored in the database along with user details.
Of course, transactions on the blockchain are not free, and the product itself is also not free. FIAT is still a leader in the field of cryptocurrency, you can use Stripe or similar methods as the main means of payment. No matter how you ultimately choose the payment method, including one-time fee or subscription model, you can use Ether to load the user’s wallet when receiving the payment. What users see is that they only need to pay monthly rent regularly. But in the bottom layer, the user’s account has been recharged and can interact smoothly with your smart contract ecosystem.
Whenever a user submits a transaction to a smart contract through your platform, the platform should control the way the prompt message is expressed. Since their key has been encrypted in the database, the decryption key and the operation of submitting the transaction through the account should only require the user to enter the pin code to confirm. Traditional banking apps do just that, and they will never send scary reminders through the ugly Metamask. In short, everything should prioritize customer satisfaction, familiarity and habit.
Web3.py example
The following code example requires that you already have Python3, Web3.py (installable via pip), and an Infura account and URL to access the blockchain.
Below, we will introduce step by step how to create an account, use a password to generate an encrypted version of the account, and then decrypt it through the Web3.py server according to user requirements. In short, the whole process should not expose any functions on the front end. Web3.js also provides this feature.
In the Python terminal, run the following command:
Since the encrypted keystore is stored, the platform does not know the contents of the private key. The only prerequisite for decrypting and signing the transaction is to know the value of userPassword. Let’s see how to achieve this:
You only need to use this private key to sign the transaction on behalf of the address.
Source link: medium.com
