Mist preview discussion thread

StephanTualStephanTual London, EnglandPosts: 1,282Member, Moderator mod
edited July 2015 in Mist
Alex Van de Sande presents Mist, the Ethereum decentralized app browser.



Help us steer the design of Mist by commenting on this thread!

Note that as of July 2015 Mist moved away from QML and is now a Meteor single page app bundled using Electron:
https://github.com/ethereum/mist

Also note that Mist is *not* part of the Frontier release, but instead will be featured as part of the Metropolis milestone.
Post edited by StephanTual on

Comments

  • cablestudioscablestudios Posts: 4Member
    Very impressive work. Alex really gets it. I can't wait to see how this develops!
  • BitcoinzieBitcoinzie Posts: 73Member ✭✭
    edited November 2014


    Just a few image concepts I came up with, I have psd's if you're interested.. feel free to share the pngs
  • koeppelmannkoeppelmann Posts: 51Member
    This is a really motivating outlook.
  • jpritikinjpritikin Posts: 29Member
    1. I realize why you want to use the terminology "browser" but the first 5 minutes of the video are really boring. Maybe just call it Mist and show the front page like you have at 5:30 into the video. Don't even make comparisons to Firefox/Chromium. Just say it is very different from existing browsers.
    2. Even though I understand most of the math that enables public key crypto, I still have trouble managing my identity. I can imagine that the need to secure identity is going to be a major challenge for less technically capable folks considering that I find it challenging. A nice option for some people would be a kind of escrow service for identity. For example, in USA, if I lose my driver's license (my main identity) then I can apply for a replacement card from the dept of motor vehicles (DMV). In this circumstance, the DMV is acting like an escrow service for my identity.

      I suspect that an ethereum contract could be written to provide an escrow service for identity. If I need to recover my identity credential then perhaps I could submit some documentation (or make a personal appearance) and a small fee to the escrow service, they could verify it, email alerts to everybody involved, revoke the old identity, and issue a new identity. Perhaps identities could actually be pointers to identities (adding a layer of indirection) to make this work easily. I think this kind of escrow service is essential to make ethereum practical for the 98% of people who are not very careful about securing their identity. Otherwise it is very scary to read warnings like, "If you lose your identity then your account/contract is lost/broken forever." I think that kind of warning is a big problem for ethereum.
  • jpritikinjpritikin Posts: 29Member
    I think what I am saying is that the default identity contract should not be a single-factor public key. How about offering some identity contract options. One option could be a family identity that might work like this. When you create your identity, you nominate close family members (or friends) and decide how many must assent for the contract to issue you a new key pair. Various safeguards could be built into the contract like a waiting time on new identity requests.
  • JasperJasper Eindhoven, the NetherlandsPosts: 514Member ✭✭✭
    @jpritikin Bitcoin has shown that plenty of people can handle their private keys, and Mt Gox has shown that centralized services can run with your money. So ultimate control cannot be in centralized hands.

    Yeah, wallet contracts are on my list of "things i'd like to make". For instance two-factor authentication could be done, without giving the second authentication much power. Could work with two ethereum accounts, one that controls, and one that merely verifies. The latter would only be able to delay it, so it wouldnt have much power over things.

    A way that is more like 'recovery' might be something like the opposite. The 'recovery service' side could ask the contract to take over control, but the person with a client that uses the wallet contract sees that happen, and can prevent it. (It would be against accidental loss of wallet, not theft) Note that other mechanisms are available.. like just having a paper wallet, or having N-out-of-M verifications from family/friends. To be honest i like those better, i would rather in the future have holding private keys is a skill everyone should learn.
  • jpritikinjpritikin Posts: 29Member
    edited November 2014
    Jasper said:

    @jpritikin Bitcoin has shown that plenty of people can handle their private keys, and Mt Gox has shown that centralized services can run with your money. So ultimate control cannot be in centralized hands.

    I agree that's something to keep in mind, but a lot of people also trust centralized services coinbase and circle. You are probably aware that Coinbase has recently come out with a multisig wallet in which they keep 1 of the private keys. Why do people keep BTC in coinbase and circle even after the mtgox debacle? It's because the wallet problem is not solved yet!
    Jasper said:

    Yeah, wallet contracts are on my list of "things i'd like to make".

    I'm a grad student so I am sorry that don't have time to do this myself, but I think wallet contracts should be a high priority. The wallet contract is literally the first thing that new ethereum users are going to see. The rest of the Mist demonstration is compelling and provocative, but some people will never bother to get that far because they have a vague discomfort with wallet security.
    Jasper said:

    For instance two-factor authentication could be done, without giving the second authentication much power. Could work with two ethereum accounts, one that controls, and one that merely verifies. The latter would only be able to delay it, so it wouldnt have much power over things.

    A way that is more like 'recovery' might be something like the opposite. The 'recovery service' side could ask the contract to take over control, but the person with a client that uses the wallet contract sees that happen, and can prevent it. (It would be against accidental loss of wallet, not theft) Note that other mechanisms are available.. like just having a paper wallet, or having N-out-of-M verifications from family/friends. To be honest i like those better,

    I like the N-out-of-M verifications from family/friends too, but my main point is that these options need to be fleshed out and available. If Mist is what new ethereum users are going to see then wallet management options need to be front and center. The wallet is a person's first interaction with ethereum. Wallet management is troublesome in bitcoin (in my opinion) and if ethereum can offer much better wallet management options than available from bitcoin then that's a compelling reason to learn more about ethereum. One of the things I like about ethereum is the possibility of storing money in a savings account with a 1% per day withdrawal limit. That's brilliant, but what if I lose my wallet credentials?
    Jasper said:

    i would rather in the future have holding private keys is a skill everyone should learn

    OK, but that's so far in the future that nobody can predict what will happen. Ethereum will launch in early 2015. What wallet options can we offer at the time of launch?
  • avsaavsa Posts: 68Member ✭✭
    edited December 2014
    @jpritikin‌ identities will inevitably tie to public keys, this is inevitable as we are really focused on not having centralised identity system. Maybe it's not your primary public address, but it's one of many that you can create out of your seed address.

    Of course, keeping track of your master key is essential so I really love the friends and family approach: a master key can create any number of sub keys and these can be joined together in order to recreate the lost master key. We can scale this to many uses like 2fa, or example maybe your local wallet never actually keeps the master key saved, instead it keeps just a one factor and you need to have a second authorization from a second device to do anything. In this sense a 2fa is just a 2 of N keys. You can then create a larger set of M of N for backup purposes for people you trust less: you need 3 family members, or maybe 10 colleagues in order to get the key back. The main concept is just that the master key should never be kept anywhere other than your safe and you'd use other means day to day.

    This solves authentication. You can keep some basic information about yourself on the client (or on the cloud) an let this act as a custom signing message which basically says: "My name is Alex, this is my photo, this is my bio and here is my signature to prove I accept this site to have my profile". That would be, for the end user as simple as the one click login from facebook.
    Post edited by StephanTual on
  • jonnydubowskyjonnydubowsky Posts: 3Member
    jpritikin I agree with you on this, and think you have identified the crux of what will ultimately be the Mist user-base, and their median amount of technical skill. Perhaps a multi-signature contract would be used by parents or legal guardians, where the 3rd (or 2nd if only one legal guardian) signature would be the child/minor, and this additional signature would only become active on their 18th birthday (in the U.S). Talk about the ultimate permission slip...!
    jpritikin said:

    I think what I am saying is that the default identity contract should not be a single-factor public key. How about offering some identity contract options. One option could be a family identity that might work like this. When you create your identity, you nominate close family members (or friends) and decide how many must assent for the contract to issue you a new key pair. Various safeguards could be built into the contract like a waiting time on new identity requests.

  • EtherDesignEtherDesign MoscowPosts: 6Member
    hello )) nice work! i want try make design concept for Mist wallet too ))
  • AwesomeboyAwesomeboy Posts: 8Member
    The rest of the Mist demonstration is compelling and provocative, but some people will never bother to get that far because they have a vague discomfort with wallet security!
Sign In or Register to comment.