Epicenter - Learn about Crypto, Blockchain, Ethereum, Bitcoin and Distributed Technologies - Dan Finlay: MetaMask – The ETH Based Wallet for Swaps and dApps
Episode Date: June 2, 2022MetaMask is the de-facto standard self-custodial wallet for Ethereum. It started off as a web browser extension on chromium. More recently, it also launched a mobile app. MetaMask allows you to intera...ct with decentralized applications (dapps) natively.We were joined by Dan Finlay, Founder & Group Manager at MetaMask, to chat about the motivation for building MetaMask, the security of the platform, decentralization, the future of seed phrases and much more!Topics covered in this episode:Dan's background and how he got into the spaceThe journey of creating MetaMask ConsensysWhy this was built as a browser extensionMetaMask mobile: What’s the scope? How do people use it?Number of MetaMask accounts, funds stored in MetaMask wallets and some use casesSecurity on the platformThe future of seed phrasesHow thinking has shifted from smart wallers to EoA's with enhanced capabilitiesWhat is MetaMask Snaps?When will we see the MetaMask token?Episode links:MetaMaskForumTwitterDan on TwitterSponsors:CowSwap: CowSwap is a Meta-Dex Aggregator built by Gnosis. It taps into all on-chain liquidity - including other dex aggregators such as Paraswap, 1inch and Matcha - offering the best prices on all trades. It provides some UX perks (no gas costs for failed transactions!) and protects traders against MEV. - https://epicenter.rocks/cowswapSteakwallet: Steakwallet is your new favorite multi-chain, mobile wallet. Tired of having a different wallet for every chain? Get Steakwallet today and get the power of Web 3 across all chains right at your fingertips: https://steakwallet.fi/ -This episode is hosted by Friederike Ernst & Felix Lutsch. Show notes and listening options: epicenter.tv/446"
Transcript
Discussion (0)
This is Epicenter, Episode 446 with guest Dan Finlay.
Welcome to Epicenter, the show which talks about the technologies, projects and people driving decentralization and the blockchain revolution.
I'm Friedrich Erndt and I'm here with special guest co-host Felix Luch.
Today we're speaking with Dan Finlay, who is the founder and group manager of Metamask.
But before we talk with Dan about Metamask, let me tell you about our sponsors this week.
Sake wallet is your new favorite multi-chain mobile wallet that puts the power.
of Web 3 at your fingertips.
In just a few tabs, you can stake and manage your assets on over 22 build-in protocols,
including all major EVMs, layer 2s and non-EVMs,
Solana, Nia, and more.
Just recently, they've integrated liquid Avax, Liquid Sulana and Matick Saking.
And with more integrations being added every few weeks,
jump into the Discord to let them know what you'd like to see on their roadmap.
Stake, while it also has a multi-chain NFT support.
So you can view all of the NFTs you have in one place.
And you can download it on the iOS store or on Android.
And also on the internet at stakewollet.fI,
steak is spelled like the meat.
So S-T-E-A-K.
Our other sponsor today is cowswap.
So Dexas are great, but they're vulnerable to problems like MEV-Fail transactions
and high gas costs.
Cow Swap tackles these issues head-on and offers a new kind of trading experience.
Built by noses, Cow Swap is a Metadex aggregator.
That's right, it's a Dex Aggregator.
It fights MEV by matching overlapping orders directly.
No coincidences of ones is found.
That's where the cow comes from.
Trades are settled on a variety of underlying on-chain AMMs, depending on which pool offers the best price.
Give Cow Swap a try and enjoy parks like no gas fees paid for failed transactions,
optimize transaction management for multisig and DAWS,
as well as some other fun entertainment surprises.
Head over to cowswop.combe.combe, and start swapping today.
Dan, it's an absolute pleasure to have you on.
Yeah, thanks so much for having me.
I've been a fan of Epicenter for so long.
I'm just delighted to be here.
Dan, so we go way back to your, you know, to my consensus days.
So tell us about yourself and how you got into the blockchain universe.
Ah, well, I guess I'll try to keep it brief, but with a little taste of why it caught my eye.
You know, like sure, I got paid in Bitcoin for an odd job one time.
And that was cool, but I lost it in Mount Gocks.
And it didn't really catch my attention.
I mean, I saw the slash dot article when it first came out and I thought it'd be cool.
I did not learn how it worked.
I went to the faucet.
I have no idea how much that would have been worth.
I definitely don't have that anymore.
And then when I was working at Apple with my friend Kumavis,
he went to a meetup and started talking to, well, a friend of his, of ours, Dominic Tar,
who is the creator of Scuttlebutt.
We'd met him through the Node.
The Node.js community.
And he was really into decentralization.
He made Scuttlebutt.
I remember attending a workshop he made on.
making pure to peer chat rooms.
And he pointed out Ethereum to Kumavis, and then Kumavis went to a meetup with Vitalik.
And then he came to me.
And it sparked my imagination.
It was like it was all he wanted to talk about at lunch, and I was there for it.
And so we were just like riffing on it.
There were a few applications I had tried to make in the past that this seems suited to.
So things like a debate system where you could figure out how trustworthy a claim was,
or a voting system where you could allocate funds or microtransactions.
And like, these were all things where it was like, oh, finally money in the internet.
This is great.
We started trying to make a thing.
Of course, there was no account manager yet.
So we made Metamask.
And, you know, it built in all of our prior assumptions.
And I think that a lot of the blockchain space today is kind of built out of everybody's
initial impression of what this new alien technology is made out of.
And we made our best shot at it.
It was good enough to make a lot of stuff.
And that's kind of where we are now.
We've been iterating and fine-tuning and improving and for a few years now.
I think we validated it enough that, you know, obviously now there's a lot of big players entering the space and, you know, like, well-funded thing.
Yesterday Robin Hood announced they're going to have a Web 3 something, you know, all that's very interesting.
It's very funny for me where I feel like we've done so much wrong and we have so much to fix.
for to have people copying the current state of things,
I feel like all I see is ways to improve.
And I feel like everybody's kind of still just doing impressions of Web2.
You know, it's like we want to have kind of an account model, right?
Or like, and money or something.
And I think there's a lot of kind of,
a lot of uncertainty about what it's supposed to look like eventually to interact with DAPs.
And I think that we've kind of finally figured out patterns that really work.
And we just haven't shipped them all yet.
And we're like in that process.
So I think we've like, you know, just earned in this wonderful wealth of experience.
And we've built up a really amazing team.
Recently we brought the My Crypto team in.
And, you know, they're another one of the wallet teams that just has consistently seem to just have their,
their finger on the pulse of like user actual needs, you know, understanding like the gravity of the situation and how,
how kind of carefully we need to move with changes and things.
So yeah, sorry, there it is in a nutshell.
That's pretty much how I got into it and how I got to where I am now.
Yeah, awesome.
That sounds cool.
I guess we can go a little bit into that, right?
As you just mentioned, you said, you basically weren't hired directly to build a wallet,
but you kind of figured it out within consensus.
And now maybe you can tell us a little bit about how that journey was from building MetaMusk into what it is today.
and how maybe a bit about the team, how it grew.
Yeah, Kumovus had started Metamask even outside of Consensus.
And so when he got hired at Consensus, suddenly he had the capacity to offer jobs to people.
And so I was like, you know, I was kind of early in my tech career.
So I was, let's say, not as eager to jump out and start making my first startup as he was.
But I joined him as soon as Consensus was funding the project.
And I was really excited to.
And yeah, the consensus was this wonderful, just kind of chaotic incubator at the early stage.
There's like, I don't know, it must have been hundreds of different experiments getting validated and tried out there.
And there was a really exciting energy, you know.
Surely there were a lot of projects getting built before the kind of platform was ready to really support it.
I think back then it was very normal to just kind of build your application as if the blockchain was going.
going to scale or did scale already. So you'd just treat the solidity contract like it was a
rail's back end and keep everything on the chain. And I think that over time, people have
had the scalability issue hammered into their heads and have a lot of different ideas about
how it needs to get addressed. And yeah, that's just one of the ways that we're continuing
to kind of grow and evolve. I was thinking back earlier on how I first used MetaMask when it came
out. And kind of we've, we've all gotten so used to living with browser extension wallets,
right? So by zooming out, I kind of, I remember how dodgy it felt back then to kind of interact
with the browser extension for something that is so obviously a value transaction.
So how did you and Kumavis make that decision to kind of build the,
as a browser extension rather than a standalone application.
Yeah, so when we first started building,
the missed wallet browser was already kind of occupying
the standalone installer space.
And so they were also doing a full node thing.
So you'd install this executable.
You'd get a browser and it would sync the blockchain
and your computer would heat up and you'd, you know, wait.
I think it only took like, you know, 15 to 30 minutes
to sync back then. But, you know, still, it was a kind of weird experience. Every time you open
your laptop, kind of heat it up or whatever. And one of the kind of founding principles for
Metamask was we want to make it easy to get in. Right. So we're trying to like, how do we
smooth the adoption path? What are the assumptions that we can kind of weaken and that are like
maybe okay to compromise on for first time users? The first of which was using Infura, having a hosted,
kind of trusted connection for the blockchain to start.
That was a very controversial take at the time.
And, you know, there are still some people that feel very intently that's, like,
you know, fundamentally wrong and broken.
And, you know, I would love to see long term more blockchains that are lightweight enough
to run on consumer hardware.
But that's not ETH one.
ETH one is just kind of impractical task users, like, especially when they're first getting
started, right?
When your first interaction with the new DAP is somebody saying, hey, here.
Here's a way to sell an NFT or something, right?
If the barrier is first install this, you know, 20 gigabyte thing on your hard drive,
and then you can look at a picture.
That's a very hard sell.
And so Kumabas and I were both, we're both web developers.
We both had a real love for the kind of permissionlessness of the web.
The fact that you can drop a link into any text chat that you have with someone,
completely between any channels.
It could be, you know, an SMS, it could be an email.
It doesn't matter where.
take this magic little link and now suddenly you're in somebody else's world. Like that was for us
one of our design goals. We're like, you should be able to click a link to one and go to it. And,
and yeah, so that was kind of a guiding principle to start. And Kamaba spent, you know, a first initial
pass, a good portion of a first year, trying to make the whole wallet kind of light browser work
entirely without an extension, like working within an eye frame within the browser, basically
building a browser in the browser, which is, you know, an impressive thing to try. And then at a
certain point, it was either me or Nick Dodson was just like, hey, wouldn't it save a little
time if we just tried making a web extension? And he was like, yeah. And like, he took what he'd
done. And, you know, in like three days or something, he'd put it into a web extension. And then
I was like, all right, let's get this ready for a hackathon because there's a South by Southwest was coming
up. And so we just got it good enough to hack on.
just to play with. And there was this music hackathon, had a whole bunch of music creators and
hackers who'd never heard a blockchain before. It was just a music hackathon, not a blockchain
hackathon. And we started telling them, you know, hey, what do you think you could do if you
had money in your music ecosystem? You know, I was, we were touring with Ujo at the time.
And, you know, just, you know, a lot of ideas were things like, oh, the micro transactions of,
what if you make a beat and then you get paid when people mix it into beats and, you know,
things like that. And, you know, artists know what it's like to,
not get your work valued adequately. And yet they also know the value of their audience and more
and more with the internet, with Kickstarter and, you know, Patreon and things like that. People know
having access to your audience is powerful. And so I think it was a great event. And yeah,
kind of from there, it was high friction. A lot of people were skeptical. A lot of people, you know,
other hackathon hosts there were like, you know, I'm going to still recommend they maybe build a
while into their application, you know, because it was just too weird at that time.
But, you know, that's, we've seen culture shift a few times during our time here at Metamask.
And, yeah, why an extension wouldn't it be more stable as a desktop executable?
I mean, I totally believe that long term, more of this stuff should be lower and lower level.
You know, you want the maximum security.
You want open hardware.
You want hardware wallets.
You want the maximum guarantees you can get.
The browser really was a decision because it's an on-ramp.
It's the first experience.
It's about being able to give somebody just that link.
that drops them in as quickly as possible.
And really, I think that we can do much better even than our current thing,
the current norm of making somebody get a wallet and then log in and select an account
and get some eth all before they can like like a post or something.
I think that that's a bad design pattern.
And I think that we can do better as a community for that.
But yeah, yeah, that's kind of getting ahead of myself.
Yeah, we definitely want to hear more about where you think that should be going.
I guess, right?
As you said, you kind of were part of making these design patterns that are now there,
like sign in with your wallet, things like that.
Right.
In this hackathon, it seems that wasn't even a thing yet, and people didn't really know how that interaction would work.
I guess it's also segue to like Metamask is not just a browser extension, right?
There's also Metamask mobile, which I guess has been a bit.
trend to get more people on board, right?
People are used to use their phone for their banking apps or wallets or in general to use
their phone.
And then obviously you made the choice to also build MetaMask Mobile.
Can you talk a little bit about where that is that, how this decision was made, kind of
how people use it today?
Yeah, I think mobile is one of the easiest decisions in the world because, you know,
you just look at the numbers.
Everybody just about has a phone and not everybody has a computer.
And you're like, okay, well, there you go.
Mobile's therefore has to be the future.
Now, I think there's some real advantages for the desktop, which is that in particular,
everything's getting programmed on a desktop.
So if you're the developer tool, then you're going to make, the developer is going to make
sure that you're compatible with them.
So the extension has this kind of developer experience advantage.
And I think that there's kind of an uphill battle to make sure that Web3 sites kind of work as
well on mobile. And we've got a ways to go on that developer tooling. But the goal was always to
basically say, you know, same promise as the web. You know, you make a website and it works on desktop
or mobile. That shouldn't matter. You know, we're trying to build an internet of value. You should be
able to take value wherever you go. You know, it's not just confined to when you're sitting at your
computer. It's, you know, it's a dynamic thing. You should be able to make any agreement anywhere
you want, you know, within your own terms. You know, maybe you don't carry around the,
You don't carry around your grandmother's pearls when you're going out.
But you know, you bring some spending cash, you know, things like that.
Yeah, absolutely.
Can you give us some idea how many people use MetaMask?
What kind of values are stored in MetaMask?
What kind of use cases it's actually used for by people?
I'm pretty, I don't usually say this.
I'm pretty sure like 98% of people who listen to this podcast.
have firsthand experience with MetaMask, but I think kind of hearing the stats is warranted.
Yeah, so the latest number I heard is that we finally got to around 35 million monthly active
users. That's somebody who in the month has interacted with an app. So either they connected
or they approved a transaction or a signature or something. And the use cases are actually quite
varied. You know, depending on your corner of the cryptosphere, you might be in a bubble and you
think that there's only one major use case.
You know, I know that the NFT community sees itself often as like the kind of one thing
that's going on.
The defy community definitely had a period of seeing itself as the possible main use case.
Gaming is also for many people, the only use that they have for Metamask or Web3.
And then there's, meanwhile, there's the whole Dow ecosystem, people, you know, figuring out
how to issue grants and fundraise collectively.
I think these are all really cool in different ways.
I think they all have some common themes of kind of giving people ownership of digital rights.
And I do kind of think of a wallet as one of these computer-like things that has to be dynamic.
It has to fit your needs.
It can't be.
Well, I mean, don't get me wrong.
It can be custom tailored to a use case.
So some wallets, you know, maybe ones that you might have mentioned in the intro.
might be giving a very good experience around something like staking, for example.
And for somebody who wants to get yield on staking, that's great.
And, you know, having lots of staking options really quickly is a really reasonable niche for
a wallet to occupy.
And there are other wallets that are specialized at gaming and there's other wallets that are
specialized at NFTs.
I think partly just for historical reasons, because MetaMass kind of was the first thing
that just made like anything possible, we're kind of in this position where we still kind
of serve everybody. And so we kind of are in a position where by necessity, partly, and then also
because it's an interesting position, continue to pursue being a general purpose wallet.
And, you know, frankly, I wouldn't have it any other way. I think it's a really, really interesting
problem. I've come to know the challenges and solutions that are available to this kind of niche.
I think they're kind of essential to safe computing in general. I think the problems that we're taking on as a
wallet are actually pretty much the same problems that you have keeping your computer safe.
The reason people get fished and hacked on the web, it's not because there's cryptocurrency.
It's because there's cryptocurrency and people don't know how to keep computers safe.
Like there's kind of two problems here.
And if cryptocurrency had evolved in an environment where people knew how to keep computers safe,
I don't think we would have this problem.
But I don't think that history ever pushed people to secure their computers this hard before.
And I think that we're kind of seeing, oh, okay, we've had personal computers for, you know, 30 some odd years.
But the truth is they're kind of badly secured, kind of just good enough.
We have to invalidate our passwords every two days just to kind of have a chance at not getting identity thieved.
And I think it's, for me, it's forced me to step back and say, hey, wait a minute, like computers themselves are kind of like alien technology.
were kind of just a cargo cult around computers saying, like, what are these good for?
Can we build society on them, you know?
But I don't think we've answered fundamental questions about computers yet.
I don't think people, but I think that the patterns are emerging.
So things like permission systems, things like having good sandboxing, I think those are
like the beginnings of like, oh, keeping untrusted things at arm's length.
And I think that those patterns that you see, you know, Android's got a pretty good sandbox
and permissions model. I think that's very similar to what we end up being in the internet of value.
And so we're kind of rediscovering kind of the same principles. We're saying, what does it mean
to have some digital rights or responsibilities and then selectively kind of wire them together,
not just with your printer and your disk drive, but now with like the rest of the world's computing.
And doing that in a coherent and safe way is like, it's like the whole, it's a very big,
fun, interesting problem for computing in general.
Wow, yeah, that goes super deep.
I know you are also kind of part of this Agore community a little bit where this,
is this kind of related, right?
The object-based capabilities and kind of trying to keep things secure like that on the
smart contract level.
I guess I'm also wondering, why is the wallet part in that?
Are there certain areas where the wallet plays a role, or is it really just on the contract
level that you kind of shrink the securities, the surface, or are there like specific things
on the wallet side that can be improved, in your opinion?
Yeah, yeah.
The general ideas that I'm describing about making computer systems where you can reason about
how to keep them secure, those are very, those are problems that I learned the agoric folk
had been thinking about for a long time.
And I think some of the richest literature on that topic is coming out of them and their
community and kind of adjacent groups to them. And I've really adored my time, like getting to know them
and getting to collaborate with them on some projects. We've been funding them on a grant. We're due to
renew them. But for their secure JavaScript or hardened JS project, which we're using to secure
our supply chain and for building a portion of our extensibility system snaps. And so, sorry, coming back to
So you were saying, is that related to Agorik?
Yes, absolutely.
Agorik, I think, has a lot of experience building distributed systems.
They kind of tend to draw people into their community who hit similar problems, saying, like,
oh, I tried to build an open multiplayer world, and I realized it's hard to make that safe.
And then they end up coming to a kind of similar consistent conclusions.
And so, yeah, I think that there's some good camaraderie there.
I kind of was avoiding the jargon.
I'm practicing avoiding jargon as much as I can.
If I say object capabilities, you might say, okay, I don't care or something, you know.
And so, but, but, you know, if I say, you know, make, make it understandable when you're taking risks, you know, that's basically the exact same thing.
The idea of the object is that an object is this abstract thing.
You own it.
You know, it's like a token.
or an NFT as an object, and how do you basically maximally allow a user to interact with that and do
things with it?
You know, the norm on blockchains today is one person has something.
If you want to do something, if you want to stake it, you know, you put it in that contract.
You know, there are allowances.
Allowances start to resemble sharing capabilities.
Capabilities are kind of like extension cords where you're like you plug a port from
one thing into another.
Today, the norm for smart contract, everything has its own.
ports. You know, ERC 20 has one allowance standard. ERC 721 has another allowance standard.
ERC 1155, the multi-token standard that board apes uses. It has another allowance standard,
and this one is not granular at all. When you give someone permission to withdraw one board ape,
you allow them to take all of your board apes. And this is the crux of a whole fishing scam.
This morning, Seth Green, you know, I know this will air like a week from now. Seth Green came out,
he apparently was fished through an allowance scam just like this.
They were able to ask him to approve one.
You know, there's a lot of problems that kind of combined to that.
There's a problem of sourcing the metadata to represent this is one of your things you care
about.
This isn't just a random smart contract.
And then there's a problem of the granularity of the permission.
Like you shouldn't, you know, issue to all of them.
It should maybe just be to one.
So yeah, yeah.
The basic theory is how do you, how do you get?
give people good authority over the things they have and have access to you and yet give them
the ability to compose them, right? So safety and compose ability. We don't want to tie people's
hands and say, you're safe, you know, we want to say, you know, okay, you can do whatever you want,
but like, here's here's how to say safe. Here's, here's the lines around the dangerous bits
and, you know, do what you're willing, you know, do what you want. You've touched on a multitude
of different topics and there's a lot to unpack.
maybe let's start at the very beginning of setting up a wallet.
So basically you set up a wallet and then there's the seed phrase, the 12 words or 16 words or whatever.
So I mean, we've kind of, we've gotten used to that, right?
So basically we know it's coming.
But zooming out again, this seems like a terrible user experience, right?
And so maybe let's talk about where you see.
the future of seat phrases. Do you see a future of seat phrases?
I guess for legacy purposes, you know, like you might want to be able to back up some old
things that are not transferable. Although, you know, if I have my way, the Ethereum blockchain
will adopt some EIPs that allow you to transfer account-holdership to other accounts. And so
you should be able to migrate them then too. But yeah, so maybe, but I think we should be
to move off them as much as possible. I think it's nice that people have the option to be in total
custodial control of their wallets. It's even critical that people have the option of keeping things
totally cold. Being able to send assets to something that is unhackable entirely is like, it's great.
It's a proof that this is a decentralized system that nobody can take your asset from you,
that you can be as safe as you can keep anything. And that's, that's, that's, that's,
That's all great. The problem is that today, okay, you get this one secret and it has all your stuff,
you know, and okay, so if you're very advanced and secure, you might keep some on a hardware wallet.
But then hardware wallets, they innovate even slower than the software wallet.
So the things that you can do, the transactions you can review, they're fewer and fewer.
And so you're trading off the usability of the system for security.
And so that kind of comes back to, okay, tying your hands and saying that you're,
you're safer. I think that we can do better than that. Ideally, you know, you'd go to a site.
You could use it a bit, do some things. And then if there was at some point, something you cared
about there, you could have the option to back it up in any number of ways that are, you know,
kind of risk-tolerant to you. You could say, you know, if you've got a hard drive that's good,
fine. If you trust your disc, good. You know, if you want to use a,
hardware wallet. Great. You know, if you're cool with putting it on your mobile phone,
using your mobile phone as a signer, that's more solid for most people. If you've got a
old phone that you don't use, that's an upgrade also, and it's viable. And if you want to
wire together a multi-sig, you know, for some higher stakes things, that can make sense. And then I
think that kind of the most critically missing piece that I think nobody's looking at right now,
just to drop a little bit of alpha or
whatever, is allowing your different devices to be delegated just the permission that they need to
operate. There's been a little bit of this from contract accounts like Argent who have self-assigned
daily spending limits, but those self-assigned limits are still from an account that holds everything.
And so if it gets compromised, you still lose everything. I want to see a world where you could
have a cold wallet whose assets you delegate to a hardware wallet in some limited capacity,
whose assets you could then delegate to your hot wallet in some limited capacity.
You know, and so you could have any number of accounts on any number of assets,
and you don't really think about them as accounts and assets.
You think of them as accounts or sorry, as assets.
And each asset may actually have a secret key behind it, but you shouldn't have to reason
about that.
You should just know, I've got a bunch of stuff on this cold wallet or on this hardware wallet.
and I'm setting up a new device.
So what do I want that device to have?
Do I want it to be able to give away my board ape?
No, then don't give it permission to.
Simple as that.
You know, that's the, that's the like kind of object capability thing.
It's just like consent.
Like no permission without consent, right?
So you should be able to have cold stuff, but then you should be able to delegate limited permissions.
You say, this is going to be my.
I'm going to be voting on the ENS Dow from this.
I don't want to sell the tokens from this.
I want to vote.
So you should be able to provision just the permissions you want.
So you should be able to say, I want voting rights on my hop machine.
And now your hot machine would be literally unhackable for anything other than that purpose.
And if it was ever hacked, the worst thing that could happen is some bad votes get cast in your name.
And then you could revoke them from the initial granting authority device.
But that sounds like, I mean, that sounds like,
more private keys, not fewer, right?
So basically by having more granular permission settings,
you would actually have to, you know, hold and control way more private keys than you currently.
I mean, so basically, there are some people with stupid amounts of money on metamask, right?
So basically you see them at conferences and they show you something and you go like,
okay, seriously, you, this is, this is, uh, yeah, don't tell me.
Yeah.
So I know that ages ago at Consensus, there was this project that kind of looked at like this in-game location thing as a seed phrase.
Do you think seed phrases will ever become more human memorable than they currently are?
Or do you think we will just have to rely on backup mechanisms and guardians and.
social recovery mechanisms. Where do you think it's going? Well, I mean, kind of like I said at one point,
I think people will be able to choose the ways that are preferable to them. So if you want to do a
brain wallet, you should be able to delegate, you know, you, like you could memorize the right
to withdraw all of your funds, right? And then if you can memorize the key that controls that,
then you can back up the message that imbues that key on a public website. So everyone could see,
oh, there's a key out there that could, you know, withdraw.
all of your funds and send them to the Bahamas or whatever.
And so I don't see any problem with people having the option of having a memorized key.
And okay, so do we get away from seed phrase?
Well, if somebody wants a seed phrase, if somebody wants to have 12 words that they back up,
maybe because they have, you know, there's so many crypto steals sitting around or something,
I think it's fine for that to be an option.
But I think a safer norm is that usually devices generate keys.
in a secure enclave and those keys never leave that device. And so usually when you're deploying
to a new device, you're deploying to keys that cannot be extracted. And so the only way to extract
value from those is through signatures and operations with those keys, which while it should be
rendering in a human readable way, and so, you know, if all is done correctly, it's harder to
fish from wallets that are doing that because there's not just one secret that's maybe harder
to reason about the to steal. Instead, you have to get a user to hopefully perform an active consent
that they've been habituated to recognize before you can take from them. So yeah, I guess in short,
I think devices should have their own keys as much as possible. You should still be able to
delegate capabilities to other keys. At the end of the day, this is all built on cryptography,
right? You're not going to get away from there being private keys somewhere. I think that we can
make them less portable.
I think some people will still probably choose to back up to seed phrases, but those will probably
be pro users who just know what they're doing very well.
The average user is probably going to prefer to have something maybe like social recovery or
maybe a custodial backup with just the limited allowance and fraud protection, just like
banks do today, except open-ended, it turning complete and able to connect to smart contracts.
It's funny.
So basically, had we recorded this episode?
two years ago, I think everyone would assume you're making the case for smart contract wallets here,
right? So tell us about, can you talk about how the thinking has shifted from smart contract
wallets to EUAs with enhanced capabilities?
Oh, I think the line is a little blurry.
So I'm talking about just the general principle that things should be dealt with.
delegatable. And actually, so I'll share, I've, I've been working on a little solidity library to kind of
demonstrate what I've been, what I'm talking about. It's a mix-in that any solidity library can
inherit from called delegatable. And when a, when a contract has that, it gets a generic delegation
interface. And so now they can delegate any permission with any restrictions to any other key.
And so you can write these delegations to other keys. I think that composes well with smart contract
wallets. A smart contract wallet is good if you want to get a group of signers to agree on something.
But then a delegation is good for if you want one agent, which could be a group of signers,
to then kind of permission another agent, which could be either a key or another group of signers,
with some limited authority. So you could have a Dow that says, okay, well, we need you to go shopping.
So here's an allowance, right? We don't need to approve the budget request. You know, can you
imagine going to the grocery store and then scanning the checkout line and then waiting for your,
you know, your token holders to vote? Like, no, no, of course not. You need permission to do things
to interact in a dynamic world. And so I think that I think that Dow's, multi-sigs, all of these higher
security constructs are going to, I think by necessity, if they want to be dynamic and
composable, they're going to need to embrace systems where sometimes they broaden the reach
of their, you know, broaden the inclusion of control over their digital assets. I think this is
just normal, essential composability. And so I think it works well together. I think that more
things should use, yes, smart contract logic to assign authority. And ideally, every EOA would have
access to this stuff. And actually, one of the reasons I'm a proponent for EIP 3074 is it would allow every
EOA to assign a smart contract to be able to act on its account. And so if you have 3074, every
account could assign off-chain delegation methods for anything it could do. And so you could,
you wouldn't need allowance methods on contracts anymore. And this is basically what the delegatable
mix-in does. You don't have to write allowance methods anymore because it provides a
method for anyone to sign these off-chain messages that can imbue its recipient with any
arbitrary power. It uses a smart contract as its enforcer. So yeah, to me, it's just another
tool in the kind of, I guess it's a tool for composability. I see the smart contract wallets is
largely a tool for adding restrictions on controlling assets. And I think this is kind of a counterbalance
where we're saying, okay, we've learned how to keep things tighter and tighter. Now you need a
multi-sig, now you need a token vote. But how do you, how do you now, how do you relax a little bit?
Once you've built up trust in your community, how do you, yeah, authorize or empower more people
to act on your behalf? Yeah, I think that's super interesting, I guess, maybe to tie it back a bit
to that board ape story where you get permission for, like, transferring out all the board apes.
In this scenario that you're describing, if I delegate this to another address, like, do I have to
kind of specify which contracts exactly can it interact with?
Like how how does that look in practice?
Is there some standard needed that it says like, you know, only these contracts?
Like how will that actually look?
Or do you always have to give like complete control?
I guess that's kind of where we're heading.
Like how do you, yeah, make that possible.
So there are more fences, basically, to choose from where you want to put them.
Yeah.
So the delegatable system, by default,
to delegation method can in view the recipient with all of your authority on that contract,
but it has this caveat system where you can add as many caveats as you want to a delegation.
And those caveats can restrict it in any way you can imagine.
So I was making a proof of concept for detecting fissures and reporting fissures.
I want to make a web of trust.
I want to permission as many people to detect fissures and report them as possible, right?
It's obviously a high value target for something like this.
And so what I realized is, okay, the fishing registry is ownable, but I want to share the ability
to report fissures, not the ability to transfer the entire registry.
And so I wrote a caveat, you know, it's like three lines of solidity that says,
not the ownable methods, no transferring ownership, you know, none of that, just reporting
fissures.
And now I can sign delegation methods where people holding these methods, no on-chain
transaction needed, no gas, I can send them this permission, and now with no gas, they can sign a
report. And it's a metatransaction-friendly thing. Someone else can support it, submit it for them.
Or the even crazier thing is no one can submit it. If it's something like a fishing report,
you can just kind of counterfactually gossip this message. And anyone can look at it and
they can say, oh, yeah, anyone can submit this. The same way a minor extractable value person can do,
they look at the message and say, oh, I could call that transaction. I would see this as a fish,
And now we can build this off-chain registry where it's all rooted in on-chain permissions.
The contracts enforce it, but by looking at the contracts and building up these messages that could be
submitted to the chain, we can build up these kind of blockchain parallel databases that can be
any size at all.
The only thing that has to go on-chain is when you're revoking your permission to someone.
You say, oh, actually, their messages aren't good anymore.
That has to go to the chain because you're trying to make sure nobody trusts their message
anymore. That's where the censorship resistance of the blockchain kind of plays in.
How far do you think this is in the future?
Well, I mean, I have a proof of concept of that that works now, but it doesn't scale really great.
Part of the problem is because the individual clients usually don't have a full blockchain node.
But if I make a node that lets you hold those messages, now you have to be able to validate them,
Again, to validate them against the node, that becomes very expensive.
So we either need to have like CDNs cashing it, or we need a good client-side lightweight
caching layer like Laconic.
My friend Rick Dudley is working on this kind of caching system.
It builds on another client.
And now your wallet would be able to cash just the information from the contracts that you
kind of are interested in.
And it only updates those when those contracts update.
You get the block header.
And now you have a proof that your stuff hasn't changed.
It's going to be so good for things like keeping your token balances up to date.
Because, you know, today on every block update, every single wallet is checking your balance
on every token, on every network of every type, and then plus the ones that they want to auto-detect.
So it's this super network-intensive thing.
But meanwhile, we literally, the blockchain's designed for you to prove that things haven't changed.
So it's this kind of embarrassing cashing opportunity that hopefully Rick is going to solve really soon.
And I really need it, Rick, because the whole scalability of this scheme that I'm describing hinges on the people's ability to compare off-chain messages to the current state of the chain.
Well, it's funny how it kind of crosses this gossiping network with, you know, the on-chain state.
It's super interesting.
Yeah, yeah.
I mean, there's obviously so many really amazing ways of scaling right now.
And I was thrilled when I realized that this construction that I was kind of building for the sake of user consent, when I started realizing, oh, it also has scalability properties.
I was just, oh, I was so happy.
I was like, but it's funny because it maybe shouldn't have been a coincidence because granting new permissions is historically not a thing that requires a blockchain, right?
You can right click a JPEG.
You have permission to view the image, right?
the blockchain has always been about losing control. It's the double spend problem. It's that when you
give someone money, you have to lose access to it. So for any situation where you're growing trust,
I think we can keep things off-chain more. And so I think that we can build wallet patterns and DAP
interaction patterns that are actually more off-chain friendly. And I think this can mean that when
users use ADAP for the first time, they can actually postpone needing a wallet a lot more.
And actually, my fishing DAPP proof of concept, I'm calling it Moby-Mass.
You can go to it at moby mask.com, like Moby Dick, because we're whales trying to take out fishers.
It's invite only because the whole thing is you have to have a delegation signature, right?
But when I was making it, I was realizing, oh, you can redeem, you can get invited and you can report people without a wallet.
So I started realizing I had to move the wallet connection further, further down.
I had forked a project that had the wallet connection, you know, that big wall at the beginning of the DAP.
It says, like, pick a wallet, get a wallet.
Look at all the wallets in the world, scroll by them, find yours, you know, that horrible experience.
What I realized is, oh, we kind of recaptured that spirit of the hyperlink.
Like, you got a link.
I give you an invite link.
You get there and you're going.
And there's literally, like, do you need a backup?
Well, the backup is actually the invite link that's in your text message.
So you almost don't need a backup.
So when using this system, the only time that you need a seed phrase is if you, well,
if you want to delegate to it so you want to back it up like cold or something, you know,
like obviously there's higher, higher stakes use cases where you would want that. But for lightweight
things, you know, you can start to really ask, which things do you actually need a backup for?
Like, I bet you there's a lot of things that don't need a backup. There's a lot of things we're
just like spreading permission saying like, hey, vote on our proposal, you know? Okay.
You know, that should be, it should be like that. We should not need a wallet like most of the time.
And then the wallet is like for the meta transaction relayer. It's for the
user, the admin, the person who's like, you know, revoking access to the person who's like adjudicating
disputes and stuff, those are the people who need to submit to the blockchain. And maybe that
actually ends up being a pro user thing. And then most users never even look at gas. That's,
that's a hope I have. And, you know, so I'm going to be playing with that more. I hope people
try out that delegatable ETH thing, which I'll be like publishing right around the time as this is coming
up. I really want to look into this now.
the one thing that kind of immediately comes to mind is,
does this somehow make you vulnerable to spammers?
Because basically, there's no longer costs associated, right,
with kind of sending messages.
Yeah, so the nodes that could be vulnerable to scammers,
or spammers in the situation,
would be like the caching nodes.
So if anyone can sign a message,
then you could gossip around kind of fake messages.
These messages are validated as chains of signatures, though.
So in order to spam them, you would have to have a chain of valid signatures
that the node hadn't seen before.
So it has kind of similar spam properties to a normal blockchain node.
Like it's validating a signature is the first thing.
Signature validation is free.
You know, like if you, I don't know if that's a secret, but like you could kind of
spam any blockchain node with a bunch of signatures that are fake.
And they're going to check if the signature is real.
You know, so, you know, you can always layer some extra,
the anti-spam stuff on top of that, just rate limiting, banning people who spams, you know,
once one IP has submitted one bad signature, you know, then rate limit them and increase it.
You could probably borrow like tip for tat with forgiveness out of BitTorrent or something like that.
But yeah, I don't think it's more prone to problems like that than other blockchain type nodes.
All right. I guess maybe tying it back to Metamask a bit from this, right?
I guess how actually does this interact with Metamask?
I guess you're saying we're moving this a little bit and then the wallet comes later.
Is there some scenario where then finally you get the sign in and you use Metamask?
Or is this like a completely separate layer almost?
Yeah.
No, I think that they interact.
They have a relationship.
And I think it's nice if it's like, you can think of it as you can have assets on a site.
And if you're not moving them out of that site or going anywhere else,
then you're probably fine without a wallet.
In many ways, I think the wallet is kind of this place where you take your capabilities
and you bring them to other contexts.
So the thing that's always been cool and exciting about Ethereum,
it's the composability.
Like anyone can host a server with a token,
but the thing that's really crazy is like,
oh, every single token is a public API,
and anyone can build a Dow that uses it as its voting rights
or an exchange that lets you swap them.
like anything's open, everything's permissionless.
So it's that context switching that's like the real power of Web3,
the like everything is permissionlessly open.
And so in this pattern, what my initial impression of it is,
is that you could have a lot of websites and DAFs
that are not needing a wallet connection until some certain actions.
It could be relaying transactions to the blockchain.
It could be loading those assets into your wallet so they're portable.
it could be, oh, loading them into the wallet can also let you do other cool things.
So I told you that the delegation for delegate.com, it supports arbitrary caveats.
So when you delegate to someone, you can have whatever terms you want on it.
Now, I made the Moby Mask site, every invite link just has the same terms.
It's just like, it's revocable.
You know, you can report Fischer's, but I can take it back.
But if you made this a standard and added it to a wallet, then,
And then in your wallet, you could go down your assets.
You could click any asset and you could say, okay, send them that allowance.
But, and then you could like have a list of terms.
You could say, just, you know, just this many tokens, just for this much time, only for these uses, you know, only on approved, you know, SEC improved investments or whatever, you know.
And you can have whatever terms you want.
You can just sack them up.
And I think that the wallet is a nice place to kind of aggregate these many things.
things into a coherent set of possessions, a digital possession, so that now you can go to other
places and you can log in now. And now when you're logging into sites, you've got all these
standard, nice ways of defining your own terms. You know, normal terms on Web 2, they say, we need
these permissions. It's a rigid thing. You get no say. You hope they have a logout timer.
You hope they have 2FA. In this scenario, when they ask for what they need, maybe they just need
some tokens so you can do a swap. And now you can add whatever extra terms that you want.
So you actually have a part. You're participating in the negotiation of terms when connecting
to websites in this in this paradigm. And so being able to load these kinds of assets or these
messages into your wallet is the thing I'm excited to do. Now, I just made a proof of concept,
you know, solidity contract. Who am I to like tell the theorem community that's the new standard.
But that's not how I, that's not how I run things.
You know, this is part of why I'm building a snap system. The snap system for Metamask is an extensibility
system so that new standards like this can be validated in the wallet. So I actually don't need
permission from the rest of my team to try this out and to add it into the wallet. And other people
could take what I did and they could say, oh, you messed up in these ways and they could make their
own standard and they could add it into the wallet too. And so really kind of coming back to the
the notion that Metamask's role in the ecosystem is to enable permissionless innovation, right?
That's what Ethereum's good at. That's what computers are good at. That's what the web browser is
good at. We're just trying to kind of get out of people's way. And, you know, so I have my theories
about what I think a secure, safe, consensual, digital interaction looks like. But rather than just
impose them, like, you know, I could say, oh, integration is coming every few weeks.
where I could say, you know, some exchanges, they have listing fees.
They, you know, say, oh, yeah, your standard gets in for the right price.
No, we're taking an approach of the wallet allows anything in.
We're trying to build a tool that lets people just be creative and,
and let's people move around with the digital assets they have and hopefully reduce their risk
and let them kind of cooperate in new creative ways.
I still want to talk about the snaps in a little bit, but before that,
let me kind of tie in with what you said.
So basically, if you phrase it,
reframe this a bit.
It would actually give you
a sort of fragmented
identity system for yourself, right?
So basically you can, you kind of
decide what to share
with which
services and smart contracts you interact
with. So how
do you
see the connection between
MetaMask and
self-sovereign identity
system?
Yeah, I mean, I see it as a form of self-sovereign identity, I guess.
I have some qualms with the identity framing of the issue.
I think oftentimes identity is usually related to somebody making a claim about you,
like, oh, you're a citizen or you're not.
And claims are nice and interesting for some uses.
Like I'm saying, I want to be able to report fissures.
I think, you know, claims are great.
What I think is really critically different about what I'm describing is that I'm not just talking about the wallet holding a bunch of claims about yourself.
I'm talking about the wallet holding the things that you can do and allowing you to extend those permissions to other things.
So these aren't just claims that you would trust somebody to do something hypothetically.
These are literal cryptographic messages that imbue the recipient with that ability.
And so I think it's got a much higher leverage implication once you connect.
So, you know, if you connect to a site and they want a token allowance, that's because
they want to interact with your tokens right now.
And that's what makes it powerful.
We should allow composability like that for anything, but with user sovereign, you know,
attenuation.
The user should be able to say, ah, but on my terms, right?
And so I think it's very, very related.
I think that the only difference, the only difference that I really see between like a
verifiable credential system and an O-cap object capability type system is whether the claim is rooted
in a ability to do something. Does this signature mean you can now just call a function and make
something happen? Is there a robot that will literally redeem this signature for something?
Or is it just kind of like a claim? Okay, we can have an internet of claims, but like, okay, so people
are gossiping. I guess that's nice. But I guess what I'm really in this for is I'm trying to build
scalable social systems, and that means oftentimes spreading access to resources.
We're really talking about how do we combine our resources in a more efficient way?
How do we fund the best thought-out projects?
How do we like kind of path-find to those things?
And so for me, creating actual access to resources is just a more interesting problem.
Maybe going into a little bit like from the user side, now you're saying the user has like a say,
is that really like on the level or is it what you're imagining on the level of me being a web
two user like like just normal person going on his computer and somehow specifying these
limits like how how do I get the idea what should I be limiting um it's just like can this just
be done by like some developers is this would there be some interface for you to understand this
I sure don't want it to be just developer yeah yeah exactly yeah I the whole point of this stuff
right is that normal people should be able to use it
And, you know, of course it makes sense that developers can do it first because we're building these systems on computers.
So if you speak a language that computers understand, you're at an advantage.
And I would just encourage any listener, if you think that's hard, just take a stab at it.
There's a lot of online courses make it a lot easier than you ever thought.
You know, I learned on some of those online.
I learned on scratch first.
It's made for kids to learn a program.
I learned on, you know, Udacity and Coursera.
You know, these websites are excellent at teaching you these things.
So I don't actually think that programming is that hard.
But even that said, I think that, you know, rather than saying I think it should be made so easy that people who don't program should be able to do it.
I might say, I think that programming should be made so easy that anyone can do it or something in between.
There's like that, that line should be blurred.
We're talking about computer enforced agreements and we want people to be able to interact with those agreements.
So the design space is wide open.
There's a huge opportunity to enable people to participate.
in digital agreements better.
It's a huge space.
And, you know, I think the way the wallets work today, and Metamask included,
we're hard coding the types of agreements that we can represent to a user.
And that's an embarrassing state of affairs.
You know, that's why things like, I mean, I really, I really feel terrible about, like,
the Seth Green situation because, like, you know, yeah, it said said approval for all on his
confirmation, but I don't think it said, like, the board apiote club.
Like, I don't think we'd loaded their metadata.
data in, you know, and today that metadata curation is a manual task. It's like a GitHub repository,
but obviously what we should be doing is, you know, broadening the reach of aggregating
all that kind of information. And, you know, again, it kind of comes down to that delegation
thing. How do we spread the right to populate our metadata registry more broadly, right?
Because we need to be able to protect people in so many use cases, you know, and we need people
to be able to inform each other. We don't want them to have to trust us. We want them to be able to
like declare what they trust and then get as informed as possible through those sources.
No, no.
I think this makes total sense.
I think there's, we're so early, right?
So basically if you look at the governance and security space, so basically if you don't
want to trust one single person, then basically how do you, how do you trust a group to
make the right decisions?
How do you, I mean, yeah, I think this is, yeah, it's just the kind of problems that
we're currently facing.
You talked about SNAPS earlier, and I would like to cover that.
Can you give us an intro on SNAPS?
Yeah, SNAPS is an extensibility system for the Metamask wallet.
There are a lot of dimensions to the wallet where we found ourselves being gatekeepers.
Inadvertently, we didn't try to be gatekeepers.
We just realized that everybody wants to add their network, everyone wants to add their token,
everyone wants to add their, you know, fraudulent transaction detection system.
Everybody wants to add their new blockchain, you know, their new EIP method for better
dat logins, you know, there are all these dimensions where we were just finding ourselves,
you know, us against, you know, of a large group of very passionate and intelligent people.
And we don't want to, you know, we don't want to be arguing against a large group of
intelligent, passionate people.
that's the worst. We want to get the hell out of their way. We want to let them just like ideal,
you know, it's like, I think people get held up on the open source component a little bit. People are
like, oh, yeah, you know, if you were just open source, somebody would fork it, they'd make a better
wallet. Well, the truth is, you fork it. You're going to add the one feature you have in mind.
You're not going to add all the features that every user wants. And so I think that the heart of like
actual like community driven creativity is more about composability. It's all about the
same way Ethereum is all about the contracts being able to interact with each other. I think that,
you know, the wallet is kind of your personal smart contract space where you declare what you care
about. These are your assets. These are the things you're willing to connect to and trust.
And so SNAPS was an answer. So how do we bring in all this innovation? How do we get out of the
way and let people contribute to wallet evolution at the speed of their creativity, not at the speed
of our review process.
And so, yeah, we did a lot of research on kind of secure code confinement,
and there's obviously a lot of interesting things on that.
It led us, in particular, to meet the agoric folks who were working on JavaScript
confinement.
And so they actually have, it's basically a JavaScript function that allows you to evaluate
code in a confined context.
So, you know, if you know JavaScript, you know the word eval is like evil,
because you call it and then the string that you pass to it can do anything and that's terrible.
And so you should never call e-vow.
But the Goric folks made this thing called a compartment where you can now call eval,
but it only has access to the things you give it.
And so it's this kind of local code version of kind of what I'm talking about when I talk about
connecting to DAPs.
You can now run some local JavaScript and give it just the permissions that you want.
And so very much like the way you connect to a DAP and you give it some, you know,
blockchain-based permissions. Now we can run some local wallet extensions and give them some local
wallet permissions, like the permission to add a new token type to your wallet or a new account
type. And so we've got prototype snaps for adding a variety of blockchains to Metamask, for adding
contract accounts to Metamask, for adding new fishing detection. There's a password manager one.
I was starting to prototype a new signature standard.
You know, there's EIP 712, but there's a fifth revision.
And rather than pull requested to Metamask, I just prototyped it in a snap.
You know, it kind of opens up the space of wallet innovation outside of a standards process.
I think standards processes are not permissionless innovation.
You know, right now there's a little bit of a movement to like, hey, all the wallets should make standards together.
And don't get me wrong, there are some things where we should just do it consistently so that we can interface and interoperate better.
But, you know, it's better to me than standards is spaces where people don't need permission.
You know, maybe this is just me because, like, I'd wanted to get into entertainment for a while, you know, and like, if you ever tried to get into entertainment, well, at least, you know, when I was doing it, it was like, oh, the Hollywood, you know, like establishment or whatever.
Obviously, it's different now with podcasting and YouTube and things.
But, you know, whenever there's a situation where you have to ask permission or you have to get other, you have to convince other people just to do it, just feels like the wrong way to me.
Like I really care about building tools where people can just have ideas and run with them.
And, you know, computers are great for that.
Computers, but as long as you build those computer systems in a way that are friendly to integration.
And that's kind of what extensibility is.
And so I think SNAPS is incredible for Metamask.
But I actually think long term, every application will be extensible.
And it won't be like you're an extension on one other thing.
It'll be like these things work together.
It'll be more just collaborative the way that contracts are on Ethereum.
Yeah, I do think it's like a nice extension of that Ethereum idea of like, you know,
permissionless innovation and just taking it on this wallet level.
And I also liked where you said, okay, general purpose wallet, other wallets are kind of building things specific for the use case.
I think that's a frustration for a lot of people that it's like, oh, when does MetaMask ask like this new network?
And why is it so hard to switch network?
I guess snaps would, as I understand, try to address that, but on the level that, yeah, I know everyone can add that.
But now, I guess my question would be, okay, we have all these people that can extend it in a way.
For a user, how does it actually look?
Do I have to, like, choose which extension I want to support from these snaps or is like there some automated way or how does that?
that actually from the user side's work.
There's a particular pattern that I think is going to be more and more important.
And it's like the process of adding something to your wallet.
Today, there's kind of a norm of auto-detecting tokens.
You know, I recently heard a wallet advertisement that said,
it detects all of your NFTs, for example.
Detecting all of your NFTs to me scares the crap out of me,
partly because we know that fishers will do airdrop attacks.
And so they'll air drop you something that looks valuable.
But when you try to send it, it'll give you an error message that's crafted to direct you to a fishing page, things like that.
Not to mention there's forms of abuse like air dropping people, lewd photos, you know.
And so I actually think that, you know, it's a lot like an email address where you don't actually want it to be public for anyone to just add anything to your wallet.
So I think that we have to eventually adopt norms where people are consensually adding assets to their wallet.
And I think that that addition can come from anywhere.
So, for example, today Metamask has EIP 747, and it's called the watch asset.
So a website can say, hey, care about my token, you know.
So I have a personal token called a dank, dink coin.
You know, nobody has, I've given it out to like 20 people.
You know, it's a joke coin.
But, you know, I'm not going to add it to some central registry where all Metamask users have to see it.
That would be ridiculous and a waste of network bandwidth.
But what we do have, we have an API method where if somebody goes to my website, they can press the add to my wallet button.
And then a little pop-up appears.
And it says, do you want to add that to your wallet?
And if the user agrees, now their wallet will load.
It has my face as the icon, you know, and they can use it.
Snaps worked very similarly to that.
when you're on a website that wants to interact with, let's say, another blockchain or another
token standard that your wallet doesn't know about, they'll just say, hey, to interact with this,
we recommend you have this governance module in your wallet. And you say, oh, okay. And, you know,
we're going to have a couple tiers of security, obviously. We're going to have, like,
indications of who's certified it. We're going to have a very responsive kind of revocation and,
you know, Fisher flagging system. And then the users, like,
going to have the list of permissions it needs.
You know, this snap may need network.
It may need a private key of its own.
You know, some snaps may even need a private key that's dedicated to a given protocol.
Like, if you're making another Ethereum sign or snap, it might need your Ethereum keys.
And so we're going to add, we have friction on that to like make sure people are extra sure.
But ultimately, yeah, there's a part of an interacting with a new entity that wants to rely on
some new kind of asset where they're going to say, hey, you need this to.
work with us. Once you have it, though, you don't think about it anymore. So it's a little bit like
micro wallet onboardings. You know, you can postpone them as late as you want, but as you use Web3
more and more, your wallet will come to represent kind of the places you go and the ledgers that you
care about and the assets that you track. And it'll just kind of let you use those. And so it'll be
a lightweight wallet by default, but it'll be a dynamic wallet that can become what you need
it to be. Oh, I'm sure we'll see a lot of innovation on that one. So basically in terms of
visibility and even reputation systems, right? So basically, yeah. I want to cover one last topic.
When token? When Dow Dan? Okay. Yeah, so we've been exploring, making a grants DAW.
You know, we want to, there's a lot of things that we'd love to fund.
And, you know, we've got a revenue model that's turning.
So we want to give some back to the community.
So we are exploring how we might run something like that.
If we do it, I would stress we're not exploring distribution mechanics that could be
gamed.
We would start with small groups of trusted people.
And we would probably take an iterative approach similar to what optimism's done,
where, you know, distribution can be continued.
And I think that more communities should embrace continuous, you know, continuous recognition of community engagement.
And I don't think things like that need to be a one-time event.
But, you know, we're exploring that.
And, you know, grants is one application.
Obviously, we have lots of ideas of what tokens can be used for.
And the truth is they can be used for a million different things.
And I also think people should kind of get off the idea that tokens need to be a singular great thing, right?
just because somebody makes a grant stow doesn't mean they never have another thing they want to make.
I saw a whole wiki portal that did a review of Metamask, and they were criticizing an idea I had once
about tokenizing our prioritization backlog. I just wanted to let our team kind of help weigh on our
backlog. You know, we got a big backlog. But they're like, they're like, oh, this is not a, is this
the most valuable thing they could do? It's like, get off it. We can have tokens about as many things as we
want, and it's all good. You know, but, but,
But, you know, I think the key thing is we're never going to, like, watch up for the scam bots.
I'm so apprehensive about when people start speculating that we have a token coming because, you know, they're like, oh, well, now they're suddenly looking out for some bot saying, hey, there's a, here, redeem your air drop now.
I promise you.
If you ever have access to metamask tokens, it will not be because some bot replied you on Twitter telling you to follow a link.
Don't follow links.
I mean, for crying out loud, if you're a MetaMask user, you might think that we'd have like a way of getting in touch with you, right?
So how about just like go to the wallet as your source of information about MetaMask?
And that goes for support as well as any other things like that.
So if you ever need support with any product, really, start in that product's interface.
Don't go search in Twitter.
Don't go searching Telegram, who does no moderation.
Search in the product.
Start with your root of trust.
What's the thing you trust most on that thing?
It's probably the product maker themselves.
go from there. So stay safe out there. We'll play around with tokens because we want to play around
with the whole ecosystem more. But, you know, please don't hinge your hopes and futures on the
prospects of flipping it or something. Yeah, I think that's a great way to wrap it up with
the token. Dan, thank you so much for coming on. It was like super informative. It took like a way
different turn than I personally expected it. I learned a lot and I hope.
our listeners too, and we're looking forward to seeing all these new, new things coming from
MetaMask and what people will build with it.
Dan, where can people come and learn about MetaMask?
Well, we have a Discord channel run by consensus, and we have a community forum, which is,
you know, you can vote on features there.
You can also follow us on Twitter.
We've got, you know, a fairly active Twitter thing.
you can add us, but be aware that there will be some scam reply bots. We are working on it.
But, you know, if anybody claims to be giving support publicly, don't listen to them.
Yeah, so you can ping us on any of those, it would be fine.
Community.medamask.io is our forum.
Perfect. Thank you, Dan. It was a pleasure.
Thank you so much for coming on.
Cool. Thanks so much for having me.
Thank you for joining us on this week's episode.
We release new episodes every week.
You can find and subscribe to the show on iTunes, Spotify, YouTube, SoundCloud, or wherever
you listen to podcasts.
And if you have a Google Home or Alexa device, you can tell it to listen to the latest episode
of the Epicenter podcast.
Go to epicenter.tv slash subscribe for a full list of places where you can watch and listen.
And while you're there, be sure to sign up for the newsletter, so you get new episodes
in your inbox as they're released.
If you want to interact with us, guests, or other podcast listeners, you can follow
us on Twitter.
and please leave us a review on iTunes.
It helps people find the show,
and we're always happy to read them.
But thanks so much,
and we look forward to being back next week.