[justsomeadvice0]

Sorry, but this is an absolutely terrible idea.

Signing things is cool. Humans on the internet should sign more things. But why in the world would you want to use the same key that can instantaneously shred the dollars in your bank account to ensure authorship of some edit on a website article? The UX for these two things should be incredibly different; instead you are setting people up to get phished and lose their savings.

[40four]

I mean, to your point, why in the world would anyone use a ‘hot wallet’ or any wallet with anything valuable in it for this purpose. You wouldn’t. You would make a dedicated wallet for signing Wikipedia transactions.

[duskwuff]

> You would make a dedicated wallet for signing Wikipedia transactions.

Then why does it need to be linked to the Ethereum blockchain -- or, indeed, to any blockchain -- at all?

[justsomeadvice0]

Trying to be fair here - it's technically not linked to any blockchains. It's just (ab)using the cryptographic primitives provided by the Metamask wallet app to sign things with a key stored in the wallet. That key might (probably) also be used to sign things that end up on any sort of blockchain, e.g. ETH.

The reason to do this is some people do indeed have Metamask (a browser extension, yuck) already installed and a wallet set up - so technically this might be an easy way to enable signing for them.

The reasons not to do this, I already detailed above. It is a neat hack, that would fare tragically when applied to the masses.

[peyton]

Because that’s where the users are. Metamask alone has 10 million MAU.

[NoZebra120vClip]

No, the users are on Wikipedia. WMF has their own auth infrastructure already in place. It seems like the author of this "mockup" is proposing that WMF shitcan their entire user/auth infrastructure and replace it with a blonkchain-based one (and to be specific, this one particular ETH-based blonkchain.)

And then, of course, you'd apparently need to convince every Wikipedia user to get on the ETH PKI for this purpose? That does not seem like a rational choice.

Nothing about this mockup seems rational. It is entirely fake and frivolous. There's not even an explanation of the supposed benefits of this "endorsement" feature. Because it doesn't have any.

[spaceman_2020]

I really find that hard to believe.

If there were 10M monthly real users, large crypto airdrops would go out to way more people. But even the big ones like Arbitrum and Optimism went out to like 500k “wallets”. Many of these were multiple wallets owned by the same people.

Daily transaction data on Etherscan shows that the most popular tokens like USDT/C are traded at most by under 100k wallets. OpenSea has like a few thousand wallets trading daily at most.

Real onchain users are not more than 1M a month, and that’s a stretch. I would put it closer to 500k real users, many of whom might have multiple addresses (I have 8).

[duskwuff]

And Facebook probably has a couple orders of magnitudes more, but you don't see anyone lining up to make a Facebook app for this.

Besides, Wikipedia already has user accounts. They even have a system for users with the appropriate permissions to approve revisions of a page -- no external crypto-nonsense needed.

[troupo]

Internet alone has an estimated 5.18 billion users. That's where the users are.

Delusions of crypto bros would be funny if they weren't so sad.

[8organicbits]

Can I create 1000 empty wallets and endorse bogus edits 1000 times? It's really easy to create empty wallets at scale. What value does an endorsement like that have?

[xinbenlv]

> @8organicbits: Can I create 1000 empty wallets and endorse bogus edits 1000 times? It's really easy to create empty wallets at scale. What value does an endorsement like that have?

In a centralized setup, e.g. facebook and twitter, that's what they have suffered from.

In decentralized setup, however, it's possible that different reader will use different algorithm provider. If an algorithm provider uses something like PageRank/EdgeRank kind of graph-random-walk based reputation algorithm, 1000 empty wallets who doesn't have reputation will not increase any reputation of the edits they endorse.

[8organicbits]

Sure, public votes would allow alternate algorithms or even client side ranking. That's a cool idea. Wallets are not required for that and are a weak part of the idea.

You could, for example, apply your own ranking algorithms on top of HN, using things like karma to decide reputation.

[justsomeadvice0]

Because they clicked a button in this incredibly intuitive UX that said "Sign wiki edit", and then clicked "Confirm".

I think you massively overestimate most users' grasp on cryptographic primitives...

[xinbenlv]

> justsomeadvice0@: But why in the world would you want to use the same key that can instantaneously shred the dollars in your bank account to ensure authorship of some edit on a website article?... It is a neat hack, that would fare tragically when applied to the masses.

You are right that neat hack doesn't always applied to the masses. The assumption that we will have the level of mass adoptions will be a dream. Today, it doesn't. and we are just exploring and option. it's totally possible that this is a bad idea. And we have options to mitigate that such as using ERC-5453 endorsement, or using "semi sig" which will be e.g. a signature that's half size of normal etheruem size etc. but there is a long way to go for the whole industry to improve its UX.

I think we envision a (long term) future where most fund are kept in contract wallets that operated under proper limits and multi-sig or signaure aggregation requirments.

[everfree]

Same as with a CA system, you can simply use a high-security key to delegate signing privileges to a lower-security subordinate key, then revoke when necessary. ENS natively allows for this pattern due to it supporting separate ownership and resolution addresses, and so it might make a good integration with a signing tool like this.

[World177]

Ethereum is a blockchain of computations. The fact that it also secures billions of dollars is evidence that the records, such as domains that represent an identity, are highly secure. In the same way that someone can't change who owns a balance, they also are not able to change who owns a blockchain based domain.