dApp browsers of 2019
Your account as an id, custodial wallets and dApp browsers. How to leap forward decentralized services.
The (no longer so) “inter” net of 2019
In 2019, the typical workflow for a traveler through the internet looks most of the time as:
open your favourite web browser
browse to your favourite site directly or through a search
select your auth provider, which mostly mean clicking on on of the button below.
You can now enjoy your (almost) happy browsing experience
Many more providers exist and the list of what a given website support is left to the website developer. In other words, if a website only proposes Facebook and you do not wish to use Facebook, you will either be stuck at the door or have to fall back to an old fashion email/password solution and enjoy whatever crazy password check rules one enlighted dev. decided to come up with (more than 8 chars but less than 13, very complex but make sure you remember it, used only here but remember it, also please no weird characters and oh, we also don’t handle
- … but pick a strong one, we warned you!)
Alternatives do exist
I strongly suggest you read more about a very promising project called Universal Login if you did not hear about it. It aim at replacing the auth providers with a smart contract based (thus decentralized) auth. management that leaves the control in Your hands.
What are dApps
dApps (while I called them dapps, I mostly heard people calling them dee-apps, pick your camp :)) stand for decentralized Apps.
You will also find mentions as Ðapps certainly because Ð is cooler than d…
The fact that an App deals with crypto-currencies such as Bitcoin or Ethereum, tokens such as DAI or other blockchain related smart contracts does not make them dApp.
By definition, a dApp must be decentralized. Ideally, that means the backend of the dApp is decentralized and its frontend as well.
That may sound surprising in 2019 but you will not need to login with any identity provider as we mostly see nowadays, namely Google, Facebook, LinkedIn, etc… Instead, your entry to the DAOStack is an Ethereum account and a few cents worth of Ether in order to perform your first transactions.
DAOStack can be accessed thru various dApp enabled browser. While the following list may not be extensive, it shows that you will have plenty of choices.
dApp vs Wallet
You will often find dApp browsers combined with wallets and the reason is simple. Unlike when using an Auth provider where your profile is linked to you email, address, date of birth, social security number, gender, religion, list and names of your kids and friends, (shall I keep going?), a dApp browser will be using a single information: the public key, mostly called the Address, of one of your account.
For a dApp, an account looks like:
Some site may also give you a user friendlier version of this account looking like:
No additional data needs to be attached to your account unless you wish so. There is no relation between this long string and your email, ip, name, gender, etc… The previous address could be a single account or the address of a smart contract. The account or contract could hold a balance in native tokens, or ERC20 tokens for instance, but it does not have to.
A single empty account is enough.
How is impersonation prevented
So you say an account looks like
0x7211…2944. What would prevent anyone to maliciously pretend they are
The mechanics here is rather simple if you heard or asymmetric cryptography or public key crypto systems.
In a nutshell, before you can be considered to be
0x7211…2944, you will have to prove it. Proving it is very easy for the owner of the private key associated with the
0x7211…2944 account. But it is impossible for a random person or system not having access to this information.
So in order to prove that you really are
0x7211…2944 (which should be more precisely defined as ‘Owner of the private key associated with
0x7211…2944’), you will have to solve a ‘challenge’.
Under the hood of your login windows, the dApp will generate a challenge that can be a simple random string such as
Your task (and your dApp browser will do that for you) is then to use your private key and sign this message.
Only the owner of
0x7211…2944 can sign the message in a way that will satisfy the dApp. For the dApp, simply having the public key (and not the private key) is required to check that the signed message:
matches the original challenge originates from the right account
For you, the user, it does not cost anything but a confirmation in a dialog looking like:
Custodial vs non custodial wallets
Big words for a simple concept. Custodial wallets keep and maintain your keys for you. They are usually the most convenient as you, the user, do not need to care much about security and backups, they do the job for you.
On the other hand, that means that you entirely give them your trust. You trust that they security measures are robust, you trust that they are not malicious, you trust they are immune to corruption or influence from government not always acting in your interest.
Additionally, those (once again…) centralised solutions are nice honey pots for hackers: it is much juicier to find a vulnerability in custodial wallet than to try attacking a single user managing his own keys. So which one should you use?
If you are new to the topic, don’t fear custodial wallets. They do a great job and some really help educate the users and transitions them toward non custodial wallets. Just make sure to use them with limited amount of funds.
Once you can fly alone, don’t miss the stop and take your faith in your own hand: switch to a non custodial wallet and enjoy the freedom that comes with it.
Mist (non custodial)
Mist Mist is a now deprecated Ethereum dApp browser and wallet
Parity wallet (non custodial)
Another deprecated solution that used to be very nice.
Metamask (non custodial)
Available on MacOS | Linux | WIN .
Cipher (non custodial)
Available for Android | iPhone.
I carry Cipher around in my pocket for a long time and the reason is that they started with a quality App also covering mainnet but also all the testnets. That made it for me the perfect experimentation platform. The support of fingerprint makes it also very easy to use.
Coinbase Wallet (non custodial)
Available for Android | iPhone . While Coinbase proposes custodial services, they also provide a non custodial wallet (formerly known as Toshi) and a very easy transition path between their custodial solution and this new Coinbase Wallet. While one can argue on the centralized nature of Coinbase, it remains a rather easy and safe solution to get started. Coinbase also proposes a few online self-learning option that will help you get started and understand various aspects of Blockchain.
Status (non custodial)
Available for Android | iPhone.
Status.im is combining a wallet, a dApp browser as well as a decentralized chat system. That makes it a must-have. Status.im hat a rough start and many things were buggy or not usable but it has improved a lot since. The ability to chat with friend (or unknown contacts) to send or requests payments in ETH or other ERC20 tokens makes it an App well worth having.
Hardware wallets support
All those wallets will help you make one or more Ethereum accounts. Some of the above listed solutions also allow you using hardware wallets or smart cards.
The usual security recommendations apply here as well: do no re-use accounts across platforms. Do not hesitate to create several accounts if you decide to tests several services. Take the time to follow the tutorial provided by the apps your try. Most of them do an excellent job at explaining what accounts are, how they should be backed up and secured. You will mostly need only a pen, a piece of paper and a little time.
Pick your node
Being savvy and caring about the tools you use also means you need to pay attention about how the tools you use behave.
Most of the aforementioned tools will default in using centralised node infrastructures such as Infura. They have a good reason for that: it makes the users life easier and the on-boarding faster. This is however implying that you trust such an infrastructure and its management. Fortunately, all the app mentioned above also allow you to pick a so called ‘custom’ node, what effectively allows you selecting your own node.
Additional resources & Disclaimer
Here is an additional list of dApp browsers I did not get the chance to test yet and thus would recommend with caution. If you know of dApp browsers not yet in this list, feel free to contact me.
Although some of the links in this article are referral links, the presence of the links is not related to the existence of referral plans. Clicking those links may grant you benefits and gives a push to the author. This honestly does not happen often but you may be the one changing that with a single click! :)
I am not affiliated with any of the projects above. I did however install and test all of those I mentioned and I am using some of them for a long time.