Sign up to save your podcasts
Or
Share The Correct and Incorrect Methods for Web 3 Adoption
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The Correct and Incorrect Methods for Web 3 Adoption
Striking a balance between individual empowerment and broad market usability.
There was some consternation last week in the Web 3 community when a new protocol, DeSo, announced a change to its user login flow. Previously, the decentralised media service required users to enter their "seed phrase" into the project's web interface, which violated all commonly acknowledged best security standards and drew widespread industry condemnation.
"While Chrome extensions such as MetaMask are more secure, they will never be installed by the majority of popular users. Rather than lecturing our users about security best practises, we took a new approach: We met them where they are today," remarked Nader Al-Naji, DeSo's creator. The team discovered, however, that they had not met consumers who had been told that "10% of people quickly lost their seed."
Jill Gunter is a columnist for CoinDesk and a venture partner at Slow Ventures, where she invests in early-stage cryptocurrency and Web 3 startups. Additionally, she is a co-founder of the Open Money Initiative, a non-profit research group dedicated to ensuring everyone's right to a free and open financial system.
To remedy this issue, DeSo now allows users to backup their seed phrases automatically to Google Drive from within the application. If anything, this is more insecure than their initial login flow.
When it comes to seed phrases, it is widely understood that they should never be stored on any device that is connected to (or has ever been connected to) the internet. These 12-, 18-, or 24-word phrases help users to recover monies kept in a digital wallet if they lose or replace the device on which they accessed their cash. Seed phrases are so delicate because they enable anyone with knowledge of their magic words to obtain access to the assets linked with them.
The majority of cryptographic and Web 3 applications recommend users to write down their seed words and keep them secure, such as in a bunker or physical safe deposit box. Inform no one. The conventional thinking is that you should not store the phrase in an online password manager, much less in your Google Drive. Additionally, never insert your seed phrase into a website form, as this may result in a phishing attempt.
And yet, my interactions with a variety of crypto and Web 3 users indicate that few embrace this understanding. It's natural to sympathise with DeSo's plight.
I've received numerous letters from people who just dabble in cryptocurrency, pleading with me for assistance in recalling "what 12-word sentence" they might have used to back up the bitcoin wallet they established in 2017. (Note that, unlike a password, users do not choose their seed phrase; it is produced for them.) Which adds another layer of complexity and perplexity for consumers to overcome.)
I've seen seed words scribbled in notebooks left in backpacks beneath the bar counters at crypto conferences. I've provided customer service for crypto projects and received messages from users requesting assistance with their private keys (despite my warnings not to). In Discord conversations, I've seen folks post their private keys. I discovered 24 words scribbled on a Post-It note in the bottom of a purse I frequently used a few years ago only a couple of weeks ago. I doubt I'll ever discover which wallet it's associated with.
With these facts and experiences in mind, it's tempting to shrug and conclude that perhaps DeSo is correct. For the average user who is dabbling in Web 3 for the first time, it may be prudent to keep seed phrases in a location such as Google Drive. It's preferable there than in a sock drawer, isn't it?
The issue is that, while the stakes for the average user in storing their keys in Google Drive are minor now, the implications may become monetarily significant down the road. Each year, it appears as though the media becomes fascinated on another poor sap who purchased bitcoin in 2011, earned hundreds of millions of dollars, but misplaced their seed phrase and is unable to access their funds (the guy who lost half a billion in a dump in Wales comes to mind).
While DeSo users who keep their seed words in Google Drive will not lose track of them, they will need to be concerned about their Google account becoming a target for hackers. If a large number of early users of the protocol do become wealthy as a result of the assets they have stashed within the DeSo system, Google Drive will suddenly become a massive honeypot for them all. This is harmful for users — and one that DeSo, presumably, wishes to avoid.
There is an even more serious issue with DeSo's approach for the sector. It teaches consumers to engage in risky behaviours without clearly communicating the hazards. DeSo is not informing users or reducing the dangers they are requesting. DeSo is essentially cutting corners and developing undesirable behaviours that users will carry over to other Web 3 applications.
The user experience associated with accessing and engaging with crypto continues to be an unresolved issue. Web 3 and cryptography almost inherently require users to assume greater responsibility while interacting with the internet. The duties and challenges extend far beyond the seed phrase storage issue. Numerous ardent crypto enthusiasts advocate for users to run their own nodes for the protocols with which they interact. Users are frequently required to browse block explorers in order to access transaction information, wrap and unwrap assets according to various token standards, and, of course, deal with exorbitant, opaque, and unpredictable fees.
Much of crypto contradicts what consumers have been conditioned to expect and feel comfortable with on the Web 2. With Web 2's trustworthy, free, and frictionless applications, users may port between devices that open and unfold with a single glance or a buzz on a wristwatch, and frequently without providing a password. This is in stark contrast to Web 3 and its device-centric, security-conscious experience, which requires users to navigate opaque routines, frequently with little teaching or instruction built in the product.
And it is here that a critical component of the user experience solution is found: education. We should not regard users with such contempt that we feel compelled to cut shortcuts for them, as DeSo does. After all, one of crypto's central tenets is the empowering of the individual. Inform users of their alternatives and related hazards (including, indeed, the option of saving a seed word on Google Drive), and let them to make their own choice.
When I consider the Web 3 user experience today, I am frequently transported back to my earliest memories of using a computer and the internet. As a 5- or 6-year-old, I recall watching as my uncle set up a Gateway computer in our family room for my parents and connected us to dial-up internet for the first time. He was use a variety of vocabulary that would become commonplace to us all over the next decade, but was clearly alien and unsettling to my parents.
The terms "operating system," "modem," and "IP address" all refer to the same thing. I recall my parents sharing an atmosphere of mistrust and tiredness after my uncle left that day. As though they were thinking, "There is no way we will ever be able to use this."
However, we have all found it out! The common computer user may be unable to explain precisely and technically accurately the purpose of an operating system on their computer, why a modem is required, or how an IP address is generated. However, billions of people have discovered how to upgrade an operating system, connect to a modem, and connect to Wi-Fi networks. While some of this is due to user experience innovation, much of it is due to user education mixed with strong incentives for users to catch up. Once I saw what that old desktop computer connected to the internet could do for me, I made it my mission to learn all I needed to operate it. Neopets and America Online were sufficient motivation for me to figure it out in its entirety.
The same is true of cryptography and Web 3. Concerns about consumers baulking and churning at the idea of downloading a Chrome plugin or safely storing a 12-word phrase will fade for product creators with a strong enough value proposition. That is not to mean we should abandon efforts to improve these encounters. That is to say, we should not assume that we must take excessive efforts to save money aboard users. We owe them more than that. And if making corners is necessary to get users to purchase your goods, you may want to reconsider if your product genuinely provides adequate value.
Support us!
View all episodes
By Crypto PiratesStriking a balance between individual empowerment and broad market usability.
There was some consternation last week in the Web 3 community when a new protocol, DeSo, announced a change to its user login flow. Previously, the decentralised media service required users to enter their "seed phrase" into the project's web interface, which violated all commonly acknowledged best security standards and drew widespread industry condemnation.
"While Chrome extensions such as MetaMask are more secure, they will never be installed by the majority of popular users. Rather than lecturing our users about security best practises, we took a new approach: We met them where they are today," remarked Nader Al-Naji, DeSo's creator. The team discovered, however, that they had not met consumers who had been told that "10% of people quickly lost their seed."
Jill Gunter is a columnist for CoinDesk and a venture partner at Slow Ventures, where she invests in early-stage cryptocurrency and Web 3 startups. Additionally, she is a co-founder of the Open Money Initiative, a non-profit research group dedicated to ensuring everyone's right to a free and open financial system.
To remedy this issue, DeSo now allows users to backup their seed phrases automatically to Google Drive from within the application. If anything, this is more insecure than their initial login flow.
When it comes to seed phrases, it is widely understood that they should never be stored on any device that is connected to (or has ever been connected to) the internet. These 12-, 18-, or 24-word phrases help users to recover monies kept in a digital wallet if they lose or replace the device on which they accessed their cash. Seed phrases are so delicate because they enable anyone with knowledge of their magic words to obtain access to the assets linked with them.
The majority of cryptographic and Web 3 applications recommend users to write down their seed words and keep them secure, such as in a bunker or physical safe deposit box. Inform no one. The conventional thinking is that you should not store the phrase in an online password manager, much less in your Google Drive. Additionally, never insert your seed phrase into a website form, as this may result in a phishing attempt.
And yet, my interactions with a variety of crypto and Web 3 users indicate that few embrace this understanding. It's natural to sympathise with DeSo's plight.
I've received numerous letters from people who just dabble in cryptocurrency, pleading with me for assistance in recalling "what 12-word sentence" they might have used to back up the bitcoin wallet they established in 2017. (Note that, unlike a password, users do not choose their seed phrase; it is produced for them.) Which adds another layer of complexity and perplexity for consumers to overcome.)
I've seen seed words scribbled in notebooks left in backpacks beneath the bar counters at crypto conferences. I've provided customer service for crypto projects and received messages from users requesting assistance with their private keys (despite my warnings not to). In Discord conversations, I've seen folks post their private keys. I discovered 24 words scribbled on a Post-It note in the bottom of a purse I frequently used a few years ago only a couple of weeks ago. I doubt I'll ever discover which wallet it's associated with.
With these facts and experiences in mind, it's tempting to shrug and conclude that perhaps DeSo is correct. For the average user who is dabbling in Web 3 for the first time, it may be prudent to keep seed phrases in a location such as Google Drive. It's preferable there than in a sock drawer, isn't it?
The issue is that, while the stakes for the average user in storing their keys in Google Drive are minor now, the implications may become monetarily significant down the road. Each year, it appears as though the media becomes fascinated on another poor sap who purchased bitcoin in 2011, earned hundreds of millions of dollars, but misplaced their seed phrase and is unable to access their funds (the guy who lost half a billion in a dump in Wales comes to mind).
While DeSo users who keep their seed words in Google Drive will not lose track of them, they will need to be concerned about their Google account becoming a target for hackers. If a large number of early users of the protocol do become wealthy as a result of the assets they have stashed within the DeSo system, Google Drive will suddenly become a massive honeypot for them all. This is harmful for users — and one that DeSo, presumably, wishes to avoid.
There is an even more serious issue with DeSo's approach for the sector. It teaches consumers to engage in risky behaviours without clearly communicating the hazards. DeSo is not informing users or reducing the dangers they are requesting. DeSo is essentially cutting corners and developing undesirable behaviours that users will carry over to other Web 3 applications.
The user experience associated with accessing and engaging with crypto continues to be an unresolved issue. Web 3 and cryptography almost inherently require users to assume greater responsibility while interacting with the internet. The duties and challenges extend far beyond the seed phrase storage issue. Numerous ardent crypto enthusiasts advocate for users to run their own nodes for the protocols with which they interact. Users are frequently required to browse block explorers in order to access transaction information, wrap and unwrap assets according to various token standards, and, of course, deal with exorbitant, opaque, and unpredictable fees.
Much of crypto contradicts what consumers have been conditioned to expect and feel comfortable with on the Web 2. With Web 2's trustworthy, free, and frictionless applications, users may port between devices that open and unfold with a single glance or a buzz on a wristwatch, and frequently without providing a password. This is in stark contrast to Web 3 and its device-centric, security-conscious experience, which requires users to navigate opaque routines, frequently with little teaching or instruction built in the product.
And it is here that a critical component of the user experience solution is found: education. We should not regard users with such contempt that we feel compelled to cut shortcuts for them, as DeSo does. After all, one of crypto's central tenets is the empowering of the individual. Inform users of their alternatives and related hazards (including, indeed, the option of saving a seed word on Google Drive), and let them to make their own choice.
When I consider the Web 3 user experience today, I am frequently transported back to my earliest memories of using a computer and the internet. As a 5- or 6-year-old, I recall watching as my uncle set up a Gateway computer in our family room for my parents and connected us to dial-up internet for the first time. He was use a variety of vocabulary that would become commonplace to us all over the next decade, but was clearly alien and unsettling to my parents.
The terms "operating system," "modem," and "IP address" all refer to the same thing. I recall my parents sharing an atmosphere of mistrust and tiredness after my uncle left that day. As though they were thinking, "There is no way we will ever be able to use this."
However, we have all found it out! The common computer user may be unable to explain precisely and technically accurately the purpose of an operating system on their computer, why a modem is required, or how an IP address is generated. However, billions of people have discovered how to upgrade an operating system, connect to a modem, and connect to Wi-Fi networks. While some of this is due to user experience innovation, much of it is due to user education mixed with strong incentives for users to catch up. Once I saw what that old desktop computer connected to the internet could do for me, I made it my mission to learn all I needed to operate it. Neopets and America Online were sufficient motivation for me to figure it out in its entirety.
The same is true of cryptography and Web 3. Concerns about consumers baulking and churning at the idea of downloading a Chrome plugin or safely storing a 12-word phrase will fade for product creators with a strong enough value proposition. That is not to mean we should abandon efforts to improve these encounters. That is to say, we should not assume that we must take excessive efforts to save money aboard users. We owe them more than that. And if making corners is necessary to get users to purchase your goods, you may want to reconsider if your product genuinely provides adequate value.
Support us!