We went live with the first public version of Addresso at the start of the year, and we’re finishing the first quarter with an unprecedented way to share web3 names and addresses.
I’ll do the classic compare and contrast. I’ll briefly describe how we all share addresses today because, well, it’s not impressive to say the least! And then I’ll intro Addresso sharing.
Every active user will recognize the following sad sequence:
Copy the address ➜ Paste the address ➜ Describe the address ➜ Note the particular network(s) as needed.
And as someone who’s received such information, you’ll also recognise:
Copy the address ➜ Find some place to store it ➜ Paste it ➜ Copy the description ➜ Paste it ➜ Copy the network(s) ➜ Paste it.
This.
Is.
Seriously.
Clunky.
It’s a bit easier for NS names such as alice.eth because the name corresponds to an address and network(s), but it's not much easier. You still need to keep tabs on which Alice this is, if indeed it’s a particular Alice at all. And you might make a little description of the NS name some place so you can make sense of it at a later date. As the truism goes … identity is actually in the eye of the beholder.
To share:
Click “Share” ➜ Click “Generate share link” ➜ Sign the share ➜ Copy the share link
To accept:
Click the link ➜ and then one of:
Add to your Addresso Book
Create an Addresso Book and add to it
(You can also just copy the information if that floats your boat)
If the signing address is already in your Addresso Book, you’ll see the name you’ve given it instead of the address. You'll have added the signer to your Addresso Book because you have a level of trust in the corresponding person or organization, and can then take this into consideration when thinking about adding the shared info to your Addresso Book.
If the signing wallet isn’t in your Addresso Book, or if you’re starting your first Addresso Book via this share, then you’ll be adding two entries in one action: the info shared and the wallet used to sign the share. Sweet!
Addresso is yours ... a part of your everyday carry. Addresso runs across your devices under your control not someone else's at their whim. Your Addresso Books sync between your devices automagically without cloud storage. Not Your P2P Software Not Your Tech.
P2P is awesome. The local-first force is strong in our team. But it is challenging to live up to when we’re all the heirs of client-server architecture. We’ve worked hard to make our first version of Addresso sharing easy, private, secure, and local-first.
By private we mean there’s no way our team should know anything about who’s sharing what with who. We’re already totally ignorant of everything, so let’s keep that up 😆. And by secure we mean having confidence that nothing has been tampered with along the way.
So here’s how it works (sequence diagram below):
Your Addresso app generates a 4-digit PIN and derives a symmetric key from it
Your Addresso app uses the symmetric key to encrypt everything being shared
After you sign the share, your app sends the encrypted data and signature to the Addresso relay server and receives a 8-character reference in return
Your app generates and exposes a base64 containing the 8-char reference and the 4-digit PIN within a my.addresso.com URL
You share this link
When Bob follows the link his browser sends only my.addresso.com to its DNS and his browser is directed to the Addresso app (the progressive web app)
Bob's Addresso app unpacks the base64 to get both the reference and the PIN
His app uses the reference to load the data from the Addresso relay server
His app derives the symmetric key from the PIN and decrypts the data
His app presents him with the information being shared and the signing information.
While a relay server is in the mix, no-one controlling the server could possibly make any sense of what’s going on. And everything is deleted after 7 days — I can see our magnificent dev team named the server’s services StoreEphemeralData and GetEphemeralData.
We have some idea how we might further decentralize the process down the road. And of course, we hope you’re with us for the journey.
😍
Photo by Wesley Tingey on Unsplash.
Philip Sheldrake
bonj! social-proof is fine for low-stake fun and games how about looking at a CA and knowing if the creator signed it? enter **Local-First Sharing** of any address isn’t that an oxymoron? here’s the CA for $bonj: https://my.addresso.com/#/s/MlLVcZAVrvF4 signed by me, directly from my address book. the real deal here’s how it works: https://paragraph.xyz/@addresso/the-best-way-to-share-web3-addresses