[HN Gopher] Show HN: Vessel - Your Passport for the Internet
___________________________________________________________________
Show HN: Vessel - Your Passport for the Internet
Author : cco
Score : 30 points
Date : 2022-05-11 17:49 UTC (5 hours ago)
(HTM) web link (www.vessel.xyz)
(TXT) w3m dump (www.vessel.xyz)
| alangibson wrote:
| I'm not seeing any concrete reasons for why I would want to
| install this plugin.
|
| The Internet doesn't require a passport. I can already "Make any
| transaction on the internet safely" with PayPal. Etc and soforth.
|
| For me to install it I would need to see some examples of things
| I can't do now, or at least sites that I can use Vessel on in a
| way that enhances the experience.
| abetusk wrote:
| Vessel itself might not be a good example but there are other
| 'web3' wallets ([0] [1] [2]) that allow for authentication and
| digital payments that are, in my opinion, an order of magnitude
| easier to use than PayPal, etc.
|
| If you're really interested in experimenting with this type of
| interface, I would recommend installing one of the more
| established wallets, like Temple [0], and using it to explore
| various websites in this space, like FXhash [3], Versum [4] or
| Objkt [5].
|
| Happy to put some minimal funds in your wallet if you want to
| really explore, just DM me.
|
| [0] https://templewallet.com/
|
| [1] https://wallet.kukai.app/
|
| [2]
| https://chrome.google.com/webstore/detail/spire/gpfndedineag...
|
| [3] https://www.fxhash.xyz/
|
| [4] https://versum.xyz/
|
| [5] https://objkt.com/
| auslegung wrote:
| > allow for ... digital payments that are, in my opinion, an
| order of magnitude easier to use than PayPal, etc.
|
| Genuine question, what friction do you experience with PayPal
| that is so bad that something can become an order of
| magnitude easier? I use a password manager to fill in my
| PayPal creds if I want to pay with PayPal and it is very easy
| for me.
| abetusk wrote:
| I don't use a password manager, so I'm a bit at a
| disadvantage but, from what little I remember from others,
| the password manager basically lets you look up a password,
| put the username and password into a buffer so that you can
| cut and paste it. Not to mention that different password
| managers have different interfaces and interactions.
|
| It's "easy" for me too, in the sense that I can just lookup
| the credentials I need to fill it in. The wallet extension
| allows for a more 'integrated' approach, where the website
| communicates to the web extension via some standardized
| interface (or some semblance thereof) to authenticate and
| authorize.
|
| The point I'm making is that it's not about feasibility,
| it's about friction. These wallets allow for an experience
| with much less friction.
|
| I notice a pattern when new technology like this comes
| around. There's a contingent of people who are used to the
| old system and they say "works for me" without
| understanding how much a barrier to entry the system
| they're using is.
|
| As an experiment, try opening up an 'incognito' window and
| signing up for GMail, Twitter, Facebook or any of the other
| services (even trying to establish an account here on HN)
| without using your bank, your phone number or another email
| address. Now install a wallet extension (Temple, say) and
| try and log into one of the websites mentioned (fxhash.xyz,
| versum.xyz, objkt.com). This is a bit of an apples-to-
| oranges test as those services are for a different market,
| but hopefully you should get a sense for just how much
| easier it is to use those services, how much more
| integrated it is and what they're trying to accomplish.
|
| Put another way, 'web3' wallets are doing what OAuth
| promised but couldn't fulfill. If we used one monolithic
| centralized service, like PayPal or GMail, then maybe these
| integration issues would disappear but since we have a
| variety of platforms, in my opinion, the only way to get
| "persistent" identity across platforms is to have something
| like a decentralized network and/or monetary system.
| [deleted]
| aiibe wrote:
| I like the idea and the name. Nice landing page!
| gabereiser wrote:
| I'm not sure the target audience would be into this. This is a
| browser extension, that as far as I can tell is closed source,
| that handles the most sensitive information. Who are they? Why
| should I trust you with the keys to my life? At a time when
| Apple, Microsoft, Google, Meta are talking about eliminating
| passwords...
|
| If I knew anything about security (which I do), I would never
| trust a browser extension.
| cco wrote:
| > I'm not sure the target audience would be into this.
|
| Our philosophy is to round over the sharp edges of Web3 and
| make it far more accessible and safe for somebody new to
| exploring the world of crypto.
|
| > Why should I trust you with the keys to my life?
|
| Social logins like Google or Apple offer really frictionless
| ways to onboard to an app that you want to use...but the data
| ultimately under the care and control of Google or Apple.
| Vessel is non-custodial, we don't own the keys, and the
| attestations, like verified email addresses and phone numbers,
| that you can choose to share with apps when you sign up are
| only verified by us once, after that they are held totally
| within your Vessel passport and you are free to share them, or
| not, with whatever app you'd like.
| gabereiser wrote:
| But you own the extension and the passport so really, it's
| not mine, it's yours, for the pilfering and exfiltration to
| other sources.
|
| A browser extension has a vast amount of data at its
| fingertips. Browsing history, logins, protocols, machine
| access, etc. You may say you're non-custodial yet in one line
| of code in your close source extension, you would be
| custodial. I can't trust an extension. I will not ever trust
| an extension.
|
| I want web3 to be accessible. I want some of the claims you
| make to be true. I just can't, in good conscience, support a
| browser extension considering the history of security with
| them. I'm not alone.
| mritchie712 wrote:
| e.g. they could have JS in the extension sending every
| keystroke to their server.
| abetusk wrote:
| This is a type of project that will not go over well with the HN
| community.
|
| It looks like Vessel is a web browser extension that acts as a
| cryptocurrency wallet. The key words here are 'cryptocurrency',
| 'non-custodial' and 'web3'.
|
| Meaning, this is a wallet that you can access from your browser
| that will keep your private keys local to your machine (the 'non-
| custodial' part) and allow you to send and receive cryptocurrency
| as well as allow you to log into websites that allow you to
| authenticate via a local non-custodial wallet
| interface/extension.
|
| Some alternatives in this space are Temple [0], Kukai [1], Spire
| [2], to name a few.
|
| To all those asking "what does this offer", ask yourselves how
| easy it would be to log into a service like Google mail,
| Facebook, Twitter, Instagram, Flickr, PayPal, Tumblr, etc.
| without an established phone number, bank account, or extra email
| address. With 'web3' the authentication takes place through the
| wallet (via the browser extension and presumably standarized-ish
| API).
|
| Once a wallet is setup, the login process is a click of a button.
| From my own personal use, it's night and day compared with doing
| the login dance for the various 'blue-chip' companies I log into
| (GitHub, GMail, Twitter). Instead of a username/password dance, I
| can just click 'verify' and be logged in to a 'web3' website.
|
| The wallets have, presumably, a primary purpose of keeping your
| money, so they act as a kind of 'real world wallet', where you're
| not expected to keep too much money in it but you can use this
| money for online transactions with little friction. The idea
| being, purchasing digital services is much easier because the
| friction is so low.
|
| For me, the main point is friction. 'Web3' wallets like this
| provide an order of magnitude less friction to use online
| services. Whether you agree or disagree with cryptocurrency,
| think it's not needed or scammy, the 'strong-man' argument for
| wallets like Vessel and others is that it offers an order of
| magnitude less friction to authenticate and to use digital funds
| for digital services.
|
| Now, in particular, Vessel doesn't look to be all that open (as
| in libre/free/open source) so I would be hesitant to install this
| and would rather use one of the more established wallets that is
| libre.
|
| [0] https://templewallet.com/
|
| [1] https://wallet.kukai.app/
|
| [2]
| https://chrome.google.com/webstore/detail/spire/gpfndedineag...
| crtasm wrote:
| > Instead of a username/password dance, I can just click
| 'verify' and be logged in to a 'web3' website.
|
| So just like using a password manager but currently
| incompatible with most websites, I see.
| knowaveragejoe wrote:
| abetusk wrote:
| So, to be clear, you think OAuth are projects that have no
| place in the ecosystem because of things like password
| managers?
| nerdponx wrote:
| Maybe this is a silly question, but how does this differ from
| something like a client certificate? Or is that all this is,
| but with the "authority" being some kind of blockchain thing
| instead of a company?
| knowaveragejoe wrote:
| abetusk wrote:
| The 'certification' is coming from a decentralized network of
| computers running the blockchain and underlying
| cryptocurrency.
|
| So, yes, exactly, the decentralized blockchain instead of a
| centralized company. The decentralized part, and the
| implication of a standardized API, access and communication,
| is one of the main features.
| cco wrote:
| Hey HN, we here at Stytch (https://stytch.com/) are super excited
| to launch Vessel today! Vessel is a fully non-custodial digital
| passport and multi-chain crypto wallet. With Vessel, we've
| imagined what a passport for the internet would look like. We've
| combined the best of Web2 authentication innovations to simplify
| account creation and data provisioning with the power of Web3
| wallet architectures, to condense authentication, identity (e.g.
| NFTs), and payments into a single browser extension.
|
| Starting today, Vessel is now in public beta and anyone can
| download Vessel and start using it right away! This is a huge
| step for us in our mission to eliminate friction from the
| internet, and we're thrilled to have you join us. We'd love to
| hear your feedback!
| jelambs wrote:
| Super excited for this launch! We'd love to hear any feedback
| you have.
| 1970-01-01 wrote:
| Super cringeworthy, as the kids say.
|
| -Why do I now need a "passport" to use the Internet? Isn't that
| why SSO was created?
|
| -Why connect an ID to my wallet? What does that accomplish?
|
| -How is it a secure? Who's audited it?
| nrabulinski wrote:
| What is this exactly? Because from your comments and skimming
| through the website it looks like a centralized crypto wallet but
| I'd be very happy to be wrong about that.
| mcstempel wrote:
| Hey there, this is actually a fully non-custodial, multi-chain
| wallet. We use some familiar Web2 patterns to derive the
| private key for the user, but it's fully non-custodial and
| never touches a remote server. Here's some more info on what we
| do under the hood: https://vesselpassport.zendesk.com/hc/en-
| us/articles/5616100...
|
| Happy to share more details if helpful!
| mrozbarry wrote:
| Help me out, why does anyone want their crypto wallet connected
| to their web browser? Isn't that a huge security concern?
| hibern8 wrote:
| You mean like Metamask? It's how you interact with almost any
| web3 project.
| egypturnash wrote:
| This is a very pretty site but I have absolutely no idea what
| holes in my life it is purporting to fill, never mind making me
| sorry it only works on Chrome when I'm a Safari user.
|
| Is it a password manager that is also a "crypto wallet"? Why are
| there about four hundred things in the crypto world called a
| "wallet" anyway? Find some new terms, that one's getting really
| confusingly overloaded. It kinda sounds like it's got password
| manager functionality except then there's a FAQ that basically
| says "we want password managers to not exist" so I guess it's...
| not also a password manager? I can LeARN MORE about how my
| information is stored but this tells me absolutely zero about
| what a "Vessel passport" is and whether I can use it in a single
| place outside of expensive ugly monkey jpeg enthusiast circles?
| And if I _was_ part of those circles, how do I know this isn 't
| just a scam to steal those expensive ugly monkey jpegs anyway?
|
| I also like the "what sites does it work with" FAQ that takes
| about a hundred words to say "nobody yet".
| floatinglotus wrote:
| I can't imagine why someone would use this. It's sort of begging
| to get your wallet and accounts stolen.
| billdietrich1 wrote:
| Answer to "What sites does this work with ?" carefully gives no
| useful information at all.
|
| "Keep both your digital identity and crypto assets in this secure
| browser extension" sounds like a very bad idea.
|
| "Vessel does not hold or use any of your personal data and
| funds." but it sounds like the browser extension does hold it ?
| What distinction is being made here ?
| ohCh6zos wrote:
| Does Vessel give you any ability to interdict a site? Like let's
| say some time in the future a CEO decides to make an exception
| and kick off some undesirable site. Would you have to tell that
| CEO he's out of luck?
___________________________________________________________________
(page generated 2022-05-11 23:02 UTC)