[spinny]

the wallet in question is probably metamask, a browser extension. it injects a web3 provider in `window.ethereum`. connecting the wallet is done by calling `window.ethereum.enable()`, this pops up a dialog asking you to connect an address to the website. it just tels the extension that the website is allowed to interact with the extension

This article is about phishing in the context of cryptos.

Silent signing doesn't happen (unless there is some kind of bug in metamask). the user is always presented with the contract address and call data (the args to the contract call)

[mrep]

I have a CS degree and have worked at FAANG for 6 years and that was straight gibberish to me. I guess maybe because I have only worked at FAANG using traditional tech and not crypto startups?

[AgentME]

I think that explanation was just a little too jargony.

If you have the Metamask browser extension (or another compatible web3 extension) and press its browser button to enable it while on a webpage, then the webpage can see your wallet address and suggest transactions for you to make. When that happens, the browser extension then shows a window under its own control explaining the transaction and allows you to choose to sign or reject the transaction.

The webpage never sees anything about your wallet if you don't activate the extension on the page specifically, it never sees your private keys, and it can never silently sign a transaction from you.

[patch_cable]

The UX is similar to buying something with Apple Pay from a website in my experience.

[Phlarp]

Apple Pay doesn't run as a browser extension with a nasty habit of granting bad actors full access to drain your funds in a totally irreversible way.

Does any of that fall under "user experience" for you?

[patch_cable]

The distinction between “browser extension” and “baked into Safari” didn’t seem like an important distinction for this discussion.

The similarities are that in both use cases the user is presented with a request to approve or deny.

[Thorrez]

Yeah, I think the main differences are:

* Phished Apple Pay transactions can be reversed. Crypto transactions can't be reversed.

* Actors who phish Apple Pay transactions will be banned. Crypto bad actors generally can't be banned.

[xwolfi]

I work in a 100yo investment bank and am quite familiar with how it all works and yet, even if I didnt just work in a technical-centric company like you but a business and finance-centric one at that, I still think it's gibberish.

Worse, I learned to decode what they refer to talking like that and I still dont see a point: to the gibberrish or to the whole concept.

[justsomeguy123]

I bet a whole lot of your day to day technical and administrative work is gibberish. Your yearly evaluation alone probably would require training for an outside person to understand.

Which is to say... don't assume jargon is pointless.

[DonHopkins]

Unless it's crypto jargon, in which case it's carefully designed to be pointless and indecipherable. That's the whole point.

https://mashable.com/article/multiple-slurp-juices-single-ap...

>'Multiple slurp juices on a single ape' meme perfectly captures the stupidity of NFT culture

>If I know anything to be true is this mixed-up world, it's that ape holders can absolutely use multiple slurp juices on a single ape. Any fool knows that. It's as simple as two plus two equals four. An ape holder can use multiple juices on a single ape; this is fact.

[Kye]

It's reminiscent of conspiracy theories. You can sit there and untangle the jargon until you understand all the oblique references to events, and it's still nonsense.

[justsomeguy123]

There's crypto "pop-jargon" and cypto technical jargon.

The technical jargon does make sense like any kind of niche technical jargon.

[Yeahsureok]

Some js code makes a popup window appear for user to enter a transaction address (like bank details) so they can clicky click on it. Then it shows those details to confirm.

Is that simple enough for a senior FAANG engineer?