Last Update from 25.03.2019:

full medium article is here:

Dapplets (part 1): introduce new Dapp architecture for better UX and security

Any comments and critic are welcome!

TG: “Dapplets and Secure Signing”

============

Hello all!

1. Look at current dapp ux critically:

We will see multiple drawbacks:

Wallet is unable to present all the information required for signer to make a solid accept/reject decision. The WYSIWYS principle (WhatYouSee-is-WhatYouSign) is broken now. We are unable to reach web2 (legacy) sites because they do not implement any web3 logic. This is one of reasons why we are trying to reinvent wheels like twitter and facebook from scratch.

The root cause is in the Dapp architecture we have adopted from very beginning. We inject web3 for transaction processing into the website (Dapp) which is inherently unsafe environment with very limited chances for audit. That is why we use now wallets for Tx verification, running in more secure environment than Dapps.

Dapp Architecture based on web3 injection doesn’t support wallets properly. Lets try re-invent it.

2. Let us imagine better UX.

Our gains:

We can let Wallet present exact we would like to sign. Make WYSIWYS great again Because we handle Tx processing in Wallet and not in the Dapp, we can reach legacy sites like twitter now. Not all, but many of them: we need create a control injector for that.



3. How it could work?

We need let wallets load and render small Dapps (let us call it Dapplets) depending on current context and action. A Dapplet containter will make necessary security checks and audit status. More over it will present more info about Tx and Dapplet in the Header and Footer for better security.

We will probably reuse some extended version of WalletConnect



Disclaimer:

There are security challenges here, but I believe they can be solved.

Current state:

PoC based on Metamask is mostly implemented. Architecture and Security is still a hot topic.

Summary:

A lot of thanks to @ligi and @pedrouid for review and critic.

Special thanks to @danfinlay and Metamask Team for great product and their openness.

If you have any critic, please let me know. I love fail-fast.

We will come to Paris for Council, Hackathon and EthCC.

let us talk in details.