You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I suggest to make the UI more vocal and educational about user's identity.
After talking to some users about their Pi/CMS experiences, I came to realize that the concept of "identity" is not well understood and it is easy for the users to not pay due attention to it.
In most messaging systems users are coming from (social media, chats, forums), there is no built-in signing of messages. Politeia-based systems demand more knowledge and effort from the user.
Identity is essentially a pair of cryptographic keys that signs your messages:
In Politeia, proposals, comments, comment votes, and now also updates, are signed with identity's key. These messages can have high impact on decision making and spending, so these signatures might become more important.
In CMS, identity is already used to sign invoices and comments, and possibly DCCs and DCC votes (not sure, need to check). In the future, I hope it will be also used to sign proposal owner's approval of billing against the proposal (and without such approval billing will not be allowed).
Once we get to Politeia-based forum, all messages in it will be signed by identity as well.
Losing identity is not a big problem currently because it can be easily re-created without major issues. In other words, identity is secondary to login credentials. But if we want to ditch the email (decred/politeia#554) and work towards better authentication (WebAuthn), autonomy and decentralization ("self-sovereign identity"), this key pair will become more important than the login+password pair.
The UX problem we are solving is essentially "help people not lose their keys". It is a big problem in crypto software, arguably one of the biggest blockers to mass adoption of self-custodied cryptocurrencies. Wallets address it with specialized backup flows, reminders, and strong messaging to explain that "if you lose your keys it is game over".
Among messaging systems, one newer system to learn from is Matrix chats. Its big goal was to enable encryption by default, and it required solving UX challenge of key backup and management. The approach they took is to introduce "cloud key backups" and "cross-signing", where key material is stored on the server to enable better UX and minimize key loss. I think we should not go in that direction and focus on supporting user's autonomous key management.
To make it real we need people to get educated and start treating "identity" seriously.
To do that, I suggest to make the identity training and backup steps visible and "unavoidable". One UX I imagined is top banner that can only be dismissed once the identity is backed up (decred/politeiagui#840), but there could be better solutions.
The above applies to Politeia and any of its derivatives like CMS or the possible forum, and any alternative clients. Currently Decrediton, mobile wallets and GoDCR are not capable of sending and signing messages, but if they ever gain such ability, they should implement similar identity education and backup flows.
I suggest to make the UI more vocal and educational about user's identity.
After talking to some users about their Pi/CMS experiences, I came to realize that the concept of "identity" is not well understood and it is easy for the users to not pay due attention to it.
In most messaging systems users are coming from (social media, chats, forums), there is no built-in signing of messages. Politeia-based systems demand more knowledge and effort from the user.
Identity is essentially a pair of cryptographic keys that signs your messages:
In Politeia, proposals, comments, comment votes, and now also updates, are signed with identity's key. These messages can have high impact on decision making and spending, so these signatures might become more important.
In CMS, identity is already used to sign invoices and comments, and possibly DCCs and DCC votes (not sure, need to check). In the future, I hope it will be also used to sign proposal owner's approval of billing against the proposal (and without such approval billing will not be allowed).
Once we get to Politeia-based forum, all messages in it will be signed by identity as well.
Losing identity is not a big problem currently because it can be easily re-created without major issues. In other words, identity is secondary to login credentials. But if we want to ditch the email (decred/politeia#554) and work towards better authentication (WebAuthn), autonomy and decentralization ("self-sovereign identity"), this key pair will become more important than the login+password pair.
The UX problem we are solving is essentially "help people not lose their keys". It is a big problem in crypto software, arguably one of the biggest blockers to mass adoption of self-custodied cryptocurrencies. Wallets address it with specialized backup flows, reminders, and strong messaging to explain that "if you lose your keys it is game over".
Among messaging systems, one newer system to learn from is Matrix chats. Its big goal was to enable encryption by default, and it required solving UX challenge of key backup and management. The approach they took is to introduce "cloud key backups" and "cross-signing", where key material is stored on the server to enable better UX and minimize key loss. I think we should not go in that direction and focus on supporting user's autonomous key management.
To make it real we need people to get educated and start treating "identity" seriously.
To do that, I suggest to make the identity training and backup steps visible and "unavoidable". One UX I imagined is top banner that can only be dismissed once the identity is backed up (decred/politeiagui#840), but there could be better solutions.
The above applies to Politeia and any of its derivatives like CMS or the possible forum, and any alternative clients. Currently Decrediton, mobile wallets and GoDCR are not capable of sending and signing messages, but if they ever gain such ability, they should implement similar identity education and backup flows.
Extracted from decred/politeiagui#2509
The text was updated successfully, but these errors were encountered: