MetaMask Monthly
Introducing Web3 Permissions
We believe the blockchain ecosystem needs to fix its consent experience once and for all. The days of repeated confirmations to complete simple tasks in an application are officially numbered. Read our recent detailed article Here.
In short we’ve implemented a new permissions framework for use with a branch of MetaMask that works with a sample dapp using our new permissions API. The prototype we share here is roughly equivalent to a pre-authenticated version of OCAP-LD. It looks something like this:
We have built this permissions system so that new restricted methods can be added easily. In other words, securely extending the useful API surface of MetaMask becomes about as simple as writing the method and a clear description of it. We are actively researching which methods developers want the most.
Some possibilities we’re excited about:
- Letting sites include a signature challenge at sign-in time.
- Letting sites specify the network(s) they need to connect to.
- Letting sites decrypt messages on a user’s behalf.
- Letting sites send transactions on a user’s behalf.
If access to a permission is power, then security is the degree to which that power is limited. Consequently, the permissions system includes extensible caveat system, which enables users to adjust the permissions they grant at the time of login.
Consider:
- An adjustable log-out timer.
- Selecting the account(s) that a site can view.
- Signing messages, but only within a domain.
- Sending transactions but only to a specific recipient, and only within a specific limit.
Of course, the purpose of this is to empower users and developers, and we will continue to support existing transaction behavior for those who prefer that. We want to know the permissions you want to exist, and what the API should look like. So feel free to weigh in and let us know! Again, try it all out using this branch of MetaMask and this sample dapp. If you want to dive into the technical details, you can check out the permissions module itself and our Ethereum Magicians post.
Incoming Transactions
Your wallets transaction history just became more extensive! We are glad to announce that with this new update you will be able to view incoming transactions along with outgoing transactions on MetaMask. Prior to this update only outgoing transactions were shown in history. Below is what you can expect to see.
Sign Typed Data v4 Support
Introducing Sign Typed Data v4! The method signTypedData_v4 currently represents the latest version of the EIP 712 spec, with added support for recursive types and null values. This was graciously created to support Kchannels which is an exciting new payment channel solution from the minds behind Infura!
If you didn't know The EIP712 standard is for typed message signing. This standard allows wallets to display data in signing prompts in a structured and readable format. EIP712 is a great step forward for security and usability because users will no longer need to sign off on inscrutable hexadecimal strings, which is a practice that can be confusing and insecure.
Shoutouts of the Month
Last week was BerlinBlockchainWeek ! A huge shout out to dappcon_berlin, web3summit, 1kxnetwork, meta_cartel, ETHBerlin, & Techstars, for setting such great events & kudos to those who attended & participated in workshops, panels & talks. This ecosystem thrives off of those dedicated to building.
Mapcovery
The @gnosisSafe team won one of the main bounties of ETHBerlin with Mapcovery allowing you to recover access to your account by memorizing locations from @foamspace! With this method you can recover your wallet simply and securely with 5 locations that you remember!
- Simply select 5 locations of your choice.
- Geo-data is hashed to derive the private key to recovery account
- FOAM is used as the decentralized geo-data provider
- Smart contract module is attached to your Gnosis Safe
- You can then enter the 5 Locations to get the private key for the recovery account
More Details on the project Here
Hotspot Me!
What could be a hackathons biggest nightmare? No WiFi Access… This project was actually inspired from lack of Wifi access at ETHBerlin.
This team built an app allowing an individual to become an internet provider by sharing internet data through their hotspot. In return they receive micro payments for the amount of data used. They were able to get a payment channel working smoothly that could transfer pennies with zero fee in just a couple seconds.
More Details on the project Here
Development What’s New?
MetaMask v 7.1.0 is out and auto-updating in browsers near you. Next time you pop it open, check out some of the improvements listed below. These changes are new as of this month.
- #6914: Adds Address Book feature! The Address Book is designed to provide convenience, transaction history clarity, and decrease the risk of sending to to the wrong address because the details will be saved to your account.
- #6904: Set privacy mode as default for all users. Rather than exposing users’ Ethereum addresses to all sites, Privacy Mode (detailed in EIP 1102) requires that websites ask for user consent before wallets reveal an address.
- #7013: This introduces a new Connections tab in settings that allows users to add and review sites that have access to their accounts. Also makes the list of connected sites persistent across MetaMask reloads
- #6996: Allows the extension to fetch & display received transactions now.
- #6930: Adds support for the newest Sign Type Data method v4
- #7047: We are removing the automatic refresh on network change behavior. A warning has been added to ensure sites know about this upcoming change.
- #7035: Filtered out non-ERC-20 assets during mobile sync
- #7021: Using translated string for end of flow messaging
- #6991: Updates the Share Address functionality shown in the popup to NOT reload tabs for that domain.
- #6944: Show recipient alias in confirm header
- #7046: Update Italian translations
- #6975: Ensure seed phrase backup notification only shows up for new users
- #6874: Allows skipping of seed phrase challenge during onboarding, and completing it at a later time
- #6967: Fixed Browser Extension-Mobile sync
In the past month…
✅ 64 PRs merged
🛠 63 commits
💫 69 Github issues closed, (47)opened
🔧 908 support tickets solved last month
💥 34,439 lines of code added and 60,184 deleted.
If you have any questions or suggestions, you can always reach out to us directly or file an issue on our Github.
Thanks for reading and stay foxy!!! 🦊
Jason & the MetaMask team
