Logging in with Bitcoin

I presented on “Business sensibilities” in the Bitcoin SV DevCon last July 19, where I discussed some tips and techniques on starting up a Bitcoin business.

I received some negative feedback on my assertions:

These assertions are not ideological, but about technical benefits, economic sensibility and user friendliness. While I did make bold statements, these are backed up by the Bitcoin whitepaper, features of the ledger, user’s feedback, and Satoshi Nakamoto himself, aka Craig Wright.

I have referenced the below snippet of the whitepaper many times:

logging-in-with-bitcoin
Source: BitcoinSV.io

As an application developer, the less information I need to collect from my users the better. The amount of information we must provide to online stores today is absurd. These data points are typically no less than the following:

  • Full name
  • Shipping address
  • Billing address
  • Phone number
  • Credit card details
  • Email address

All this is required just to purchase some batteries from Amazon. The more information online services collect the greater risk they carry, the more data they must secure, the more their operations will cost and the more likely a user will not use their service.

In an article from 2007, Co-Founder of StackOverflow.com Jeff Atwood complains about this issue:

logging-in-with-bitcoin-1
Source: Coding Horror

The Nielsen Norman Group has recommended against this practice since 1999:

logging-in-with-bitcoin-2
Source: Nielsen Norman Group

Given that Bitcoin presents less risky and more streamlined alternatives, why would we forego that and insist on rebuking criticisms of websites for over two decades?

logging-in-with-bitcoin-3
Source: PowPing

For example, RelayX does not require any user details or registration to begin. Once downloaded, I can immediately start transacting in Bitcoin and use other applications seamlessly.

This solution is possible because of the cryptographic signature framework provided by Bitcoin. If users can sign a message proving ownership of keys, an on-chain reputation, transaction history and control of a certain amount of funds, this is all the detail the application needs. While we still lack identity solutions, this process is a great first step in pioneering how users will interact with the ledger.

This example highlights the next question—if the barrier to entry to applications can be this low, why build your own, proprietary in-application wallet?

This adds to development time, increases complexity and delays release to market while adding yet another loophole potential users must jump through before using your application. Additionally, developers have an increased security risk, open an attack vector, and require a support avenue in case of lost funds.

To be clear I am not recommending against building a wallet—I am criticizing developers who choose to build a wallet only for their application. If wallets exist that support more than one application, that wallet is already (and will always) more useful than any app-specific one.

While the Internet has seemingly existed forever the technology is still quite young in the scope of human history. I believe we have not yet discovered the best solutions, given the disastrous consequences of its poor security that have unfolded from hacks, identity theft and overt fraud.

Craig Wright at the 2020 CoinGeek Conference in London spoke about the web of trust model we have today (timestamped link below):

Google, Twitter, and Facebook have built technologies that are useful but I believe their time is coming to an end. The security model and features of the Bitcoin ledger will either bankrupt these entities or force them to join.

See Blockbuster vs. Netflix for an example of how that turned out (h/t to T.K. Coleman).

Their OAuth and 2FA (2-factor authentication) systems are preferred by users, but simply kick the can of responsibility from web platforms to the giant tech companies.

logging-in-with-bitcoin-4
Source: Twetch

As a friendly reminder, this is what those ‘secure’ technologies give you:

logging-in-with-bitcoin-5
Source: Twetch

Despite all this, if Bitcoin developers still intend to force users to login with an email and/or username/password, build their own custom wallet and (god forbid) run a ‘full node,’ I look forward to how those applications fare in the market.

New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.