Embeddable Wallet

p3c

#1

Hey y’all, I’m with the P3C dev team. We would love to embed Saturn wallet directly in our dashboards and save our users the confusion of disabling metamask, enabling saturn, and such. Metamask has a side-project called Mascara to do this and they’re almost ready to support etc blockchain. We love the saturn folks very much and would be stoked to contribute dev resources towards an embeddable version. Thoughts?


#2

how do people manage private keys in mascara? Sounds like if you’re going to get a wallet that you will send real money to you’d be better off having something installed rather than pulled from a random CDN.

mascara has been in beta for almost 6 months now, I wouldn’t recommend using it. Once it matures a bit we’d love to see how we can collaborate! :+1:


#3

Sounds good. Yes, delivering an iframe embeddable can be insecure but a service worker could do the same lifting on a website as an extension does. I suppose the users Saturn password could encrypt their keys similarly. We think each step removed from interaction roughly doubles the eligible users so a solution like this is a high priority.


#4

Perhaps I didn’t make myself clear.

If you are to ever send money to a wallet, you need a place to store the private key. Would you agree with me here?

Storing things in normal web flow is insecure no matter how you look at it. The only secure way to store a private key close to the browser is via a browser extension.

Alternatively, you can store the private keys of your users yourselves and provide a centralized service on top of a decentralized protocol (e.g. coinbase + bitcoin). This might help onboard new users, but you’d have to worry about not getting hacked yourself.

It’s a business decision that you need to make - develop a centralized solution that people trust and stick to it (remember: trust is hard to earn and easy to lose), or educate your user base about a more secure decentralized approach.

Furthermore, service workers are not available on the second most popular browser in the world (safari).

P.S. Not every piece of software that metamask’s team makes is necessarily good & gospel. Especially when devs themselves say that it’s in early beta.


#5

100% agree. Especially the bit about gaining trust/losing trust. We hope this is a stopgap until everyone has a hardware wallet by convention. We don’t want to hold private keys but are entertaining holding the hashes to ppls private keys, only deciphered locally by a user’s password or passphrase. This is less secure but still on par with every bank and trading platform in conventional fintech. I think our focus aught to be on getting new users into the crypto space so these assumptions can be tested, validated, and corrected in the fastest manner possible.


#6

This is less secure but still on par with every bank and trading platform in conventional fintech.

we will not be developing anything like that. Luckily, ETC is a decentralized protocol and you are more than welcome to do what you think is right without listening to this old man.


#7

Err ok, I must have been unclear in the context but thanks for your input and advice anyhow