dApp browsers of 2019

In 2019, the typical workflow for a traveler through the internet looks most of the time as:

You can now enjoy your (almost) happy browsing experience

Many more providers exist and the list of what a given website support is left to the website developer. In other words, if a website only proposes Facebook and you do not wish to use Facebook, you will either be stuck at the door or have to fall back to an old fashion email/password solution and enjoy whatever crazy password check rules one enlighted dev. decided to come up with (more than 8 chars but less than 13, very complex but make sure you remember it, used only here but remember it, also please no weird characters and oh, we also don’t handle _ and - …​ but pick a strong one, we warned you!)

I strongly suggest you read more about a very promising project called Universal Login if you did not hear about it. It aim at replacing the auth providers with a smart contract based (thus decentralized) auth. management that leaves the control in Your hands.

dApps (while I called them dapps, I mostly heard people calling them dee-apps, pick your camp :)) stand for decentralized Apps.

You will also find mentions as Ðapps certainly because Ð is cooler than d…

The fact that an App deals with crypto-currencies such as Bitcoin or Ethereum, tokens such as DAI or other blockchain related smart contracts does not make them dApp.

By definition, a dApp must be decentralized. Ideally, that means the backend of the dApp is decentralized and its frontend as well.

That may sound surprising in 2019 but you will not need to login with any identity provider as we mostly see nowadays, namely Google, Facebook, LinkedIn, etc… Instead, your entry to the DAOStack is an Ethereum account and a few cents worth of Ether in order to perform your first transactions.

DAOStack can be accessed thru various dApp enabled browser. While the following list may not be extensive, it shows that you will have plenty of choices.

You will often find dApp browsers combined with wallets and the reason is simple. Unlike when using an Auth provider where your profile is linked to you email, address, date of birth, social security number, gender, religion, list and names of your kids and friends, (shall I keep going?), a dApp browser will be using a single information: the public key, mostly called the Address, of one of your account.

For a dApp, an account looks like: 0x7211F63f043b859A51A95b100cF5A55F48312944

Some site may also give you a user friendlier version of this account looking like:

No additional data needs to be attached to your account unless you wish so. There is no relation between this long string and your email, ip, name, gender, etc… The previous address could be a single account or the address of a smart contract. The account or contract could hold a balance in native tokens, or ERC20 tokens for instance, but it does not have to.

A single empty account is enough.

So you say an account looks like 0x7211…2944. What would prevent anyone to maliciously pretend they are 0x7211…2944?

The mechanics here is rather simple if you heard or asymmetric cryptography or public key crypto systems. In a nutshell, before you can be considered to be 0x7211…2944, you will have to prove it. Proving it is very easy for the owner of the private key associated with the 0x7211…2944 account. But it is impossible for a random person or system not having access to this information.

So in order to prove that you really are 0x7211…2944 (which should be more precisely defined as ‘Owner of the private key associated with 0x7211…2944’), you will have to solve a ‘challenge’. Under the hood of your login windows, the dApp will generate a challenge that can be a simple random string such as GBxDvrhRuTofACQHQu1Z.

Your task (and your dApp browser will do that for you) is then to use your private key and sign this message. Only the owner of 0x7211…2944 can sign the message in a way that will satisfy the dApp. For the dApp, simply having the public key (and not the private key) is required to check that the signed message: matches the original challenge originates from the right account

For you, the user, it does not cost anything but a confirmation in a dialog looking like:

Big words for a simple concept. Custodial wallets keep and maintain your keys for you. They are usually the most convenient as you, the user, do not need to care much about security and backups, they do the job for you.

On the other hand, that means that you entirely give them your trust. You trust that they security measures are robust, you trust that they are not malicious, you trust they are immune to corruption or influence from government not always acting in your interest.

Additionally, those (once again…) centralised solutions are nice honey pots for hackers: it is much juicier to find a vulnerability in custodial wallet than to try attacking a single user managing his own keys. So which one should you use?

Both!

If you are new to the topic, don’t fear custodial wallets. They do a great job and some really help educate the users and transitions them toward non custodial wallets. Just make sure to use them with limited amount of funds.

Once you can fly alone, don’t miss the stop and take your faith in your own hand: switch to a non custodial wallet and enjoy the freedom that comes with it.

All those wallets will help you make one or more Ethereum accounts. Some of the above listed solutions also allow you using hardware wallets or smart cards.

The usual security recommendations apply here as well: do no re-use accounts across platforms. Do not hesitate to create several accounts if you decide to tests several services. Take the time to follow the tutorial provided by the apps your try. Most of them do an excellent job at explaining what accounts are, how they should be backed up and secured. You will mostly need only a pen, a piece of paper and a little time.

Being savvy and caring about the tools you use also means you need to pay attention about how the tools you use behave.

Most of the aforementioned tools will default in using centralised node infrastructures such as Infura. They have a good reason for that: it makes the users life easier and the on-boarding faster. This is however implying that you trust such an infrastructure and its management. Fortunately, all the app mentioned above also allow you to pick a so called ‘custom’ node, what effectively allows you selecting your own node.

Here is an additional list of dApp browsers I did not get the chance to test yet and thus would recommend with caution. If you know of dApp browsers not yet in this list, feel free to contact me.

https://trustwallet.com/dapp/

Although some of the links in this article are referral links, the presence of the links is not related to the existence of referral plans. Clicking those links may grant you benefits and gives a push to the author. This honestly does not happen often but you may be the one changing that with a single click! :)

I am not affiliated with any of the projects above. I did however install and test all of those I mentioned and I am using some of them for a long time.