Scatter is a digital signature
provider for the blockchain. Learn more about what we are building here.
We’re in a good place right
now with blockchain user-experience, at least relatively speaking. It wasn’t
too long ago where interacting with web applications running on the blockchain
was incredibly hard and not something the majority of even those that are
computer literate could accomplish.
Before MetaMask came out with
the brilliant idea to interact with web applications through a secure extension
users had to go through a tedious technical process to sign and send
transactions to contracts from the command line or any wallet capable of doing
so ( which there actually weren’t many if any at the time ). Either that, or
they had to forfeit their private key to untrusted applications on the web.
This of course led to hindered adoption of smart contract fueled applications
because it’s not only unfriendly, it’s down-right dangerous.
Now, we’ve come even further.
We have mobile wallets with built in dapp explorers so you can use blockchain
enhanced web applications right from within your favorite wallets. These tend
to provide a wonderful user-experience since the users are already familiar
with the wallet.
In both of these cases though
we’re stuck. We’re stuck using web applications only, and in some cases only
the web applications that someone has said we can use. There’s a lot of issues
with both Web Extensions and Dapp Explorer Wallets. Some of them are pretty bad
to boot.
Let’s look at some of the shared pitfalls of both Web Extensions and
Dapp Explorer Wallets
- They both only support Web
Applications
- They both put the user’s
private keys into the same scope as the website.
Dapp explorers have a few more downsides/restrictions as well
-
The team behind the wallet controls what dapps
you’re allowed to use, which puts centralization back into the mix.
-
Dapps often have to pay a fee to be placed in
popular dapp explorer based wallets because space is limited. When large dapps
become included sometimes smaller dapps are pushed out.
-
Some dapps can never be put into a dapp explorer
because they would impact the dapp explorer legally, such as dapps that have
aspects of porn, drugs, or gambling.
-
You will never be able to put native
applications into these explorers at full capacity. They will always be
wrapping those applications in whatever framework the explorer is built in, and
significantly limiting the resources available to the
now-non-native-application. This makes them almost useless for anything that
isn’t a web application.
Web Extensions have special downsides too!
-
Popups for web applications can be mimicked
quite easily, and there is no way to discern a popup from a web application
from one of an extension. This makes them particularly susceptible to
click-jacking and limit their possibilities considerably.
-
Extensions auto-update, and some browsers don’t
allow you to disable that feature ( fuck you chrome )! Now this one here is a
bit more than a downside, it’s a security concern and a large one at that.
There’s nothing stopping the team behind a web extension from updating your
extension and getting access to your keys. Hell, you wouldn’t even be notified
that it was updated. Edit: This just happened 2 days after posting this.
-
Because of both of the above new extension
popups can’t be trusted. If a user gets a new popup they haven’t seen before
and don’t know it’s new, they will not trust it ( and shouldn’t ). This makes
new functionality hard to roll out.
-
Some of these extensions also just give away
your information the second you land on a website, making privacy an issue as
well. ( though this can be solved with a bit more work, it usually isn’t )
-
Extensions don’t work on mobile! At least not
broadly. There's cases of using Firefox ( thanks Dan Finlay! ) For MetaMask and
chrome extensions inside of Yandex as well.
Not a very pretty picture is it?
But we’ve learned a lot. You
don’t call it computer science for nothing, and these experiments are necessary
on our journey to a free and decentralized internet.
At Scatter I started with a
web extension because the community needed something fast and dirty to get the
job done, that extension is now known as Scatter Classic. Classic did a lot of
things right ( privacy model using a permissions-first philosophy, higher
encryption schemes, identity, whitelists.. ), but it still suffered from all of
the things mentioned above, apart from the giving away of information.
After almost a year of deep
shower-thought contemplation I came to the conclusion that an extension wasn’t
working for the way I see the future of the blockchain and Scatter. It’s too
limiting, still fairly insecure due to being in the browser, always at the
mercy of breaking-browser-changes and it’s really not the best choice for
users. So I started work on a desktop application. But.. how the hell are we
supposed to connect to web apps?
Scatter needs the ability to
return results to applications which makes deep-linking not even a choice (
deep linking is something like scatter://transaction?blah=whatever ). Going
through return URLs ( such as yourapp.com/logged_in ) to backend servers means
the user’s information has to actually touch the internet before it can even
reach the application which is horrible, it’s a particularly bad developer
experience, and also nullifies local native applications so that’s a bust. I
did the natural thing. I created a web extension to talk to the desktop
application. ( insert :facepalm: emoji here )
But an amazing thing happened.
In order to talk to the web extension from the desktop application I
absentmindedly created a WebSocket Server within the desktop application and a
client on the extension… I didn’t even realize the door I had just opened as it
was such a normal thing to do. I was in the shower when it actually hit me, and
I practically slipped and broke my neck rushing to get out and get to my
computer. “Of course”, I thought.
That day I created a WebSocket
Client JavaScript library called scatter-js. It allows web applications to
directly interface with Scatter Desktop after going through some basic
authentication and user approval to make it secure and only allow applications
the user wants to talk to it, talk to it. But it doesn’t only work with the
web! Native desktop applications can use their own WebSocket clients to talk to
Scatter Desktop too!
Why is this important?
With blockchains becoming
extremely fast and scalable this is an important upgrade. We want to be able to
play First-Person Shooter games integrated with the blockchain without exposing
our private keys, for instance. This new way of contacting signature providers
( like Scatter Desktop ) allows us to do just that. But it’s not all it allows
us to do. A prototype of Scatter Mobile just hit the market. It can instantly
connect to all web applications that are using scatter-js, and can also connect
to native mobile applications, without wrapping them. This is a huge leap
forward from dapp explorers and web extensions. Web developers only have to
write code once and they instantly support both desktop and mobile. On top of
that games written in frameworks like UnrealEngine4 and Unity3d also only have
to write code once and can then export to Windows, Mac, Linux, Android, and
soon iOS without changing any of their code. It became write-once use-anywhere.
Which is what all developers strive for.
“ I expect within the next
year more and more signature providers will start moving over to this type of
system as it puts an emphasis on the user’s privacy, and app accessibility. Let
it be known we did it first :)”
Aside from the obvious benefits let’s look at some of the other
problems having Scatter on the Desktop and Mobile solves for both web
extensions and dapp explorers.
-
No more untrusted popups from within the browser
since it’s easy to discern desktop/mobile popups from browser popups. No more
click-jacking. ( mobile does this with real phone notifications )
-
Keys and private data are never kept within the
scope of the dapp anymore, instead they are kept on your desktop/device. This
completely removes an entire attack vector. ( albeit while adding another one
through websocket connections, but that’s a far simpler problem to solve )
-
No more limitations about what apps you can use!
Instead of Scatter telling you which dapps you can use, it’s the dapps telling
you that you can use Scatter. This puts the power back into the hands of the
user and the developers.
-
No more forced auto-updates. If you don’t want
to update, don’t. This is of course a massively important one. “How do we know
you’re not updating the extension on us?” is one of the hardest questions I had
to answer with Scatter Classic. The answer was always “You’ll have to trust
me”, which I hate because it totally breaks the whole reason we use blockchain.
Don’t trust, verify. ( Scatter is open-source of course )
Native Applications are the next big thing in Blockchain.
Mark my words. With Scatter
Desktop and Scatter Mobile we no longer have to limit dapps to the web. We can
now support native mobile applications, native desktop applications, MacOS,
Windows, Linux, Android, Tablets, and soon iOS ( hopefully, Apple don’t fuck me
on this one ).
This opens up a brand new
expanse for blockchain usability and productivity. Imagining the possibilities
is almost intoxicating.
-
Native decentralized exchange applications.
Native market applications.
-
Native games with built-in marketplaces.. First
person shooters, Real time strategy, Virtual Reality, Gambling… so so many
options. Native game CENTERS like Steam but for blockchain games.
-
Native banking & budgeting applications,
loans.
-
Full developer suites integrated with Scatter
for easier testing and deployment of contracts.
-
Native messaging applications.
The list goes on and on, we
could sit and dream up things we couldn’t do before this all day. This is truly
an untapped resource. I can’t wait to see this ecosystem explode as developers
catch on to all the possibilities. We’re in for a wild ride, I hope you’re strapped
in.
Source: https://medium.com/getscatter/the-blockchain-isnt-just-for-web-applications-silly-rabbit-926a4ea5ccd1
