Ethereum has solved a problem on the internet, almost by accident. It is the login to any web platform with a single registration, all in a decentralized way. This happens thanks to the integration of the wallets from this network to web browsers.
Bradly Millegan, director of operations for the Ethereum Domain Name System (ENS), explains how this kind of login could become the Web 3.0 standard.
In a Twitter thread, the programmer offers an argument in which he breaks down how the current logins, in the different decentralized applications (Dapps) of Ethereum, can be converted into the standard logins from all over the internet.
The first part of the thread is in charge of remembering that for some users it is usually a bit cumbersome to carry a record. individual (username / password) for each platform on which they register. In addition, under recommended security practices, must generate a strong password for each one of them.
As a solution to this situation, the beginnings have been born social sessions, which have become increasingly common. These allow registration using a social network, saving time to the user when logging in, but leaves their security and privacy in the hands of companies such as Google or Facebook that handle their information.
Ethereum Single Sign-On
Ethereum wallets are entropically generated, that is, they are based on very complex mathematical probabilities, making the possibility of 2 private keys the same are generated under different conditions, it is almost impossible. This feature makes them very secure against brute force hacks, which are based on trying different combinations of passwords until finding the correct one.
In Dapps, including CryptoKitties and Descentraland, currently require users to connect their Ethereum wallets to log in. Login does not require a transaction on the network. It is only a matter of signing with the private key to verify that you own the public key with which you are logging in. Everything from the web wallet.
In this sense, Brantly Millegan states that, through the login with Ethereum, the Zooko triangle is solved, whose dilemma exposes that a computerized name system can only meet 2 of 3 of these conditions: decentralized, secure and human-readable.
This last characteristic is usually the most vulnerable of this type of system because, the easier it can be read by humans a character string, the less entropy it possesses, thus reducing its security.
Domain names in Ethereum
While an Ethereum login can be secure and decentralized, it can be a bit difficult for platforms to use the name of the wallet address, rather than not own names. For this, there is a solution called Ethereum domain names (ENS).
Its job is to basically function as an interpreter, taking care of saying the name (either its own or pseudonym) of the person to whom an Ethereum address belongs. ENS are basically a decentralized DNS (Domain Name Service) server, which is responsible for resolving IPs into web addresses.
Instead of using wallet addresses, which are difficult to memorize, users will be able to use an ENS domain, such as the name CriptoNoticias.eth . By placing this name instead of the address, the ENS server will figure out what the address of this domain is and send the funds where it belongs.
As shown by Brantly in the Twitter thread, a new update that is being developed in ENS, taking into account that he is the director of operations of the platform, would allow users to place avatars in their ENS, along with personal information.
The above would basically allow to replace the records via social networks that are currently used, by records through Ethereum addresses, with much more secure cryptographic signatures.
As Brantly also highlights, the ENS are not limited to one per person, users can use the amount of ENS they want, and have different addresses, with different ENS for different records. This in favor of good privacy practices.
Privacy Dilemmas with Single Sign-ins
While a centralized single sign-on through a social network may violate privacy, in Ethereum it may not be the exception.
Some users in the Twitter thread wondered about what problems the loss of private keys would bring about and what would be the model, in this new paradigm, of the “change password” system. Brantly simply replied that safety lies in the seed of recovery. This basically in response to the idea that seedless cryptocurrency wallets do not have a fund recovery system.
An intrinsic dilemma in the use by ENS are virtual fingerprints. This concept is based on a tracker (cookie) to follow and record the entire web history of a user, generating a unique profile or fingerprint for each user. This practice is used, supposedly, to offer advertising as personalized as possible, but they are a clear violation of privacy.
Google is currently working on a cohort system which would seek to be a replacement definitive for cookies. At the launch of its beta version, Google initiated the activation of this function without notifying its users, a fact that was reported by CriptoNoticias.
According to Brantly Millegan, his idea is only a proposal, since the Ethereum community, and the ENS project, only came up with this solution by chance, solving a dilemma that has been on the internet for years.
Currently there are other types of proposals in this area, such as ION and RSK, which offer decentralized identification services. Even as a user responds in the Twitter thread, there is a solution .
It should be noted that none of these projects has the adoption and massification that Ethereum currently has.