Log in Tardigrade with wallet address

I get it.
In order to implement this feature, maybe we could add some safeguards such as forcing the user to provide and validate his email address (without it, it would be able to do anything else on the website).

What do you think?

There are websites like below just used for signup and confirmation.

image

The current and traditional login system doesn’t address this issue anyway.

Having an email address to pass on to somebody upon request is surely convenient for Storj but certainly not required by law or to run the service.
We saw https://www.opacity.io/ who are advertising exactly this, to collect no personal information at all.
My view would be that Storj which always mentions the privacy character of its service and how important zero trust is, probably should offer a way to sign up/log in such a way too.

And we will exchange private information over blockchain, when you would need a support or if we would need to contact you for legal reasons?

You Always can make in account prefirences, email addres needed valey, for account need to be files, but login with blockchain

So, the email address will remain there anyway I suppose.

If you read carefully initial post, it is asked to make second way to login parallel with email.
As always All concentrated also around relevant information, but forgot main idea.

For me the problem with it in the fact, that this wallet is not used anyhow. So this is a little bit disconnected from the context.
If you do not use a wallet there why do you use it to authenticate? For me it looks a little bit weird.
You have a key from the door (login and password) but you prefer to enters via window from outside on the second floor.

2 Likes

Make sense. 20 chars

Sorry I don’t get your point.
Why do you say that the wallet is not used anyhow? The user could totally use a wallet currently and use it to login. Actually, this is exactly how crypto users use their wallet: they store tokens, they login to applications and they send transactions from it.

The main idea of this proposition is still: propose another, more convenient and private way for the end-users to login (but still keeping the standard log-in feature). Just as it is possible for some applications to either create a new account on this specific application’s database or login with Google (SSO social sign-in).
The “Sign-In With Ethereum” function (let’s call it this way since it is the official name of the project which aims to standardize this feature on Web2) is just the new way to do SSO but in a way more secure, confidential fashion. In my own situation, I find Google Sign-In very convenient but avoid to use it especially because I don’t want to give some of my Google Account Information to a third party. And Google has enough power on the Internet, right? We don’t need to give them more…
Also, it would reinforce the Storj position as a major Web3 application. Since Storj is marketed as a Decentralized storage platform, it would definitely make sense to be able to use a decentralized identity.

@Alexey, let me explain how concerns could be addressed:

  • Ability/necessity for Storj to provide information for legal issues (e.g. the user uploaded criminal pictures): we could totally add a safeguard by forcing the user to give (and validate) his email address before being able to upload anything. But once again, an email address could be useless since it is easy to create a temporary one or just not answering emails. Though, it is possible to retrieve the real owner by using the IP used by the client, etc. Using Sign-In With Ethereum wouldn’t change anything on this possibility, it would still be possible to have the criminal’s IP address.
  • Crypto is still too complicated and needs mass adoption: I would answer that it is an optional login-in feature (the user doesn’t have to use it if he prefers the old way). Not all users would have to it (as they don’t have to use Google Log-in).
  • Ability to get in touch with the customers: if the user has an issue and wants for support, he will find a way to get in touch with you. But anyway, I understand that Storj sometimes needs to send communications to its end users. There are other ways to do it (even though it would require extra devs):
    • Message on the Dashboard
    • Notification feature in the Storj client that the customer would need to configure in the Storj configuration file. The notification could use pushbullet notifications, email (using the customer email address as the expeditor), etc.
3 Likes

Thank you!
I made the first post as a wiki and now you should be able to update your proposal. Could you please add this useful explanation to there?

Addendum to your post…

  • Have the “Sign-in With Ethereum” user sign a user agreement statement with the private key of the wallet address… The user agreement statement might even include the user’s email address, if necessary for legal purposes.

The signature process is off-chain but publicly verifiable by anyone.

These signature statements are now being used by multiple DeFi websites such as 1inch and paraswap.

See this randomly found news article on 1inch:

https://thedefiant.io/1inch-geofences-usa/

Anyone can try it out here:

https://app.mycrypto.com/sign-message

1 Like

Thanks!
I updated the first post and re-arranged arguments a little bit :slight_smile:
I will update it on an ongoing basis.

3 Likes