Building Friendly User Experiences in Web3

Thank you for coming to my talk, building friendly user experiences in web 3. Talk to you a little bit about web 3 in general. Give you an introduction if you haven't heard too much about it or maybe clearing up some misconceptions about it or steering you away from the scammy part of it, hopefully.

So my name is Rahat, I'm head of developer relations for a company called Biconomy. So we do we're basically trying to improve on what we call on-chain UX, because right now it kind of sucks to use web 3. There's terrible experiences around using it, so we're trying to do some stuff to make that a little bit easier. Previously been a front-end engineer, Solidity freelance engineer, a few other things.

One thing I like to actually put into my intro slides, whenever I'm at a non-web 3 conference is aside from Twitter or X or whatever you want to call it, there's a couple other social platforms I use. These two are actually protocols, Lens and Farcaster. Both are web 3 protocols. There are different apps built around those protocols that you can use to have like a Twitter-like social experience. There's like Instagram-style apps built on top of Lens. I mainly use Farcaster right now. That's where I hang out with the rest of my fellow web 3D gens. And that little, tiny, pixelated thing there is a customized NFT. I will not speak about NFTs anymore after this. Cool.

I'm going to just acknowledge a little bit of bias just specifically about my experience in web 3. I work specifically in the Ethereum ecosystem. There are different chains, different ecosystems in the web 3 space with differing opinions around what it means to actually be decentralized, et cetera. I'm going to be speaking from my experience working in Ethereum. Ethereum is essentially where most of web 3 lives right now. Most at least somewhat usable applications are on Ethereum. That may change in the coming couple of years. I think it probably will, but that's just where I'm going to be speaking from. So if you have experience in web 3 before, have been in other ecosystems, you may find some things that you disagree with me upon.

First of all, what is web 3? There's three kind of things that I like to talk about when I bring up web 3 in general. First is decentralization, the internet, just like moving away from centralized servers to a distributed network of peers. Think about let's say we each have a node or a computer, node is just a fancy word for that has a copy of the same database across all these different nodes, that's what a blockchain essentially is, it's just copies of the same database across several different computers all around the world. On the blockchain, on these databases, we use cryptography and consensus algorithms.

Cryptography is used just to hash and keep certain types of data on chain. Consensus algorithms are used to figure out what data is actually legit. So kind of like one way to think about it is like we have, I don't know, A through Z peer nodes. Node A decides oh, I'm going to have this malicious bit of data here that is not real, it's not true. But nodes B through Z are like no, wait, we have the same copy of this database, this is not real. And that's like a very simplified, abridged version of a consensus algorithm. I'm not going to go into the deeper kind of stuff, we can definitely chat more afterwards if you want to on that.

But these two things allow for one other portion that doesn't quite exist on the Internet as much, which is user control. Users have more control over their data, over their identity and assets in a transparent system.

A blockchain is just a public ledger. That's all it is. A public ledger is just a database. It costs money to use, it can be a little clunky and we'll talk about that in a second. But it's just a database, transparent, you have verifiable data on it. Thanks to the different consensus algorithms, you have safeguards against malicious data being able to come into your database.

Web 3 aims to build a fair and more open Internet by leveraging blockchain's core components of decentralization, transparency and its permissionless nature. I talked about most of those things in the explanation I gave. One thing that I want to focus on is this concept of permissionless. A lot of web 3 talks exist. There's a whole conference dedicated to this name, just being permissionless, being able to come transact on a specific chain. What does permissionless actually mean? Usually permissionless stops at the first two bullet points here. For me, permissionless is no central authority deciding if my app is allowed for distribution, no central authority to decide how I should use my funds. And people usually stop there. That's permissionless for most people. That's permissionless for how we kind of look at it in most of the Web 3 space.

But there's two other points here that I feel like are important to be truly permissionless, to actually use a piece of technology without any other authority dictating how you should use it. Frictionless onboarding, as well as removal of economic constraints on getting started. Right now if you want to get started building on a blockchain, doing a simple transaction, just doing a simple action on chain. There's a lot of different hoops you have to run through. Requires real money to do so. And I'm hoping to solve a few of those issues. So is Web 3 actually permissionless right now? I don't believe it is. Not yet. We're kind of going towards the first two points. The second two points are only really being talked about in recent months, recent couple of years. So the current state of Web 3.

So the current state of Web 3. It sucks. And this is me telling you that as a Web 3 native user. I've been in the Web 3 space for a while. I absolutely hate it most of the time. It's complex. It's a very complicated Web 3 UX.

Just to get started using a DAP, you have to onboard onto what's called a wallet. This wallet, when you first decide to onboard to it, makes you gives you a whole bunch of words, and it's like here, keep these words safe. Because if anyone else takes these words, they can take all your money. That kind of sucks. If you're a developer and you're doing things with your wallets, this is something I've done. You have this fear of losing your private keys. On Blockchains, specifically on the Ethereum Blockchain, each entity or account or wallet is a private and public key pair, so you have a public address that everyone can kind of know and it uses to identify you. And a private key that you should never commit to GitHub, which I've done. And lost money because of that. But you know, there's that, right?

So not only does it kind of suck from like the consumer standpoint, it sucks if you're a developer, too. Because who really remembers to put in a getignore in there first? You know. Couple of stuff, you know? And then there's this other thing here that a lot of people hate. I hate paying too much gas fees. So I mentioned, even just getting started using blockchain technology, you have to have money, right? You have to pay for specific interactions on chain. Any type of mutation, any type of state change on a blockchain costs money. And until recently that cost was put on the user. That cost had to be done by the user just in the name of decentralization and all that. But we've done a few things to kind of mitigate some of this stuff and make Web 3 a little bit more usable. We're not completely there yet. But just wanted to go over a few of these things.

Coming to the last point which will be kind of the focus of this talk. There's been the introduction of different scaling solutions. They're known as rollups, layer 2 chains.

Data availability layers. I won't go into all of them. But very quickly layer 2 chains are where I got kind of my introduction into the Ethereum ecosystem. Ethereum is a block chain. It's known as what's called the layer 1 blockchain. It's a base chain where eventually all of your data can be stored. It's kind of like the source of truth for different interactions.

On top of Ethereum there are other chains built. Chains maybe you've heard polygon, solo, optimism, arbitrum. These are just different layer 2 solutions that have been built on top of Ethereum. As they've been built, one of the main things that they did was just make it easier for people to actually interact with Web3. Cheaper gas fees, sometimes fractions of a penny. Gas fees that are astronomically lower. And the fact that a lot of them actually use 99 percent less energy than Ethereum itself.

That was further kind of like exponentially pushed by what's called the merge. Over the past couple of years the Ethereum ecosystem has been working very hard and reducing the amount of energy that we use in terms of just blockchain interactions. We've moved from what's called proof of work over to proof of stake. And I've reduced 99.9 percent of energy in the entire Ethereum ecosystem just by usage of the way you interact with blockchains. And if you look back on those Layer 2 chains, those then use even further less energy for less costs. We've begun to do things like abstracting away gas costs. Because now there are interactions that are fractions of a penny, apps or dApps as we call them are now able to sponsor gas fees on behalf of the user. So now you're looking at gas fees as being more of like an infrastructure cost for your company rather than having the user having to come in and pay for it themselves.

There's new types of wallets, hardware, embedded wallets, but one of the main things I want to focus on is embedded wallets. This embedded wallet feature here is really cool because think about like just signing into a regular app, you use a Google OAuth, any other type of social log in or whatever, and in the background, an Ethereum wallet is created for you. You don't have to worry about a seed phrase. You don't have to worry about onboarding. You don't have to even worry about having an Ethereum account. It's simply there. It's simply able to help you transact on-chain without you even needing to know that you're on-chain. And the last bit here where I'm going to be focused on for the rest of the talk is around this concept called account abstraction, which is in a nutshell the ability to execute arbitrary validation and execution logic on-chain.

That's a lot of words mostly used for VCs to raise funds, but what that basically means is before a transaction is completed on-chain, what are some additional arbitrary logic that I can run beforehand. Some of that arbitrary logic could be that I want to sponsor the gas for an end-user. Some of that could be that I want them to be able to pay for gas and any number of tokens that they're used to using. Just like looking at different things around the UX of how we can make it easier to just transact on-chain.

And there's been more of a push and a need for better security practices in the Web 3 space. I'm sure many of you folks have heard about the countless hacks and unfortunate loss of money. This graph here is an audit done by Cypher and Audits which is a smart contract auditing firm. They'll basically go into your smart contracts point out any crucial security issues with them. And this shows just like the amount of money lost between unaudited and audited smart contracts. So you'll see audited will save you lots of money.

So coming back now to this concept of account abstraction. Account abstraction is an on chain solution for better UX. When I first started talking about Web3, we talked about this concept of wallets. This kind of removes the need to even look at wallets as wallets. We instead call them smart accounts. They're the replacement of traditional wallets. And these smart accounts rather than being governed by what's called the EC-DSA, which is the signature curve that regular wallets kind of run on for the Ethereum network, it replaces that with a smart contract. With code. So now because you have a wallet that is governed by code instead of a signature on chain, you have the ability to allow it to do more things. Rather than creating transactions, it creates objects that are known as user operations that eventually become transactions on chain.

And this is where we look into, like, because we're looking at this, like, new pseudo transaction object, this is what allows us to, like, actually execute some of that arbitrary validation logic that I mentioned before. We have entities on chain called paymasters, which can be set up to pay for the gas costs of the transaction for the end user. And this becomes really feasible, thanks to different LT solutions. Doing this on Ethereum, even now, when gas prices are relatively low, is just not feasible. This combined with LT solutions are...actually make it economically possible for you to just look at this as an infrastructure cost. Bundlers take user ops and bundle them together for execution on chain. So taking a bunch of different user ops, actually turning them into transactions, the more you bundle together, the more gas you save there. So they work kind of as what's called a sequencer, and looking at transactions and getting them actually on chain. And there is a singleton smart contract known as the entry point contract, which handles and facilitates this entire flow. On every chain, there is a different entry point contract deployed, which essentially of allowing this entire process to actually unfold.

So what does this achieve? Removing friction points with the count abstraction. So the gas abstraction that I mentioned a couple times. When transacting on L2s, DApps can easily sponsor gas for users utilizing Paymasters. Chain abstraction. You can actually just completely not even worry about what chain you want to interact on, because we can take signatures on one chain and revalidate them on other chains thanks to this. Smart accounts which are wallets powered by code, instead of the ECDSA, allow you just to now not even worry about having a wallet, having to keep track of private keys, seed phrases, that type of thing. It just eliminates that entirely.

Things like sessions. Transaction keys allow for users to not have to keep signing transactions on every single interaction. Normally in a regular Web3 dApp, every time you interact and every time you have to update state on the chain, you have to sign a transaction. This becomes a terrible user experience, because if you're doing something like social media on chain, do you want to sign a transaction every time you like, comment, follow? So session keys come in with this to allow, again, further validation logic where now I can just use one signature upon login and just have a session where I can conduct on-chain interactions without having to sign every single time.

And then there's basic things where, if we go back and look at it from the wallet perspective, your debit cards, your credit cards will probably have the ability to do things like account recovery and pausing transactions, adding a kill switch for your wallets and things like that. These now actually become possible. So even if you do get compromised, you have ways to get your money back. You have ways to stop malicious actors from actually taking all of your funds. So this is kind of like what I've been working in for the past year and a half. My company does a lot of work in the account extraction space. If you do want to learn more about that and how to build that around that, I'm around happy to give you pointers on that. So why do all of this stuff? These are some of my reasons for why I'm in the Web3 space. I do believe in financial solutions for all. And when I say financial solutions for all, I mean outside of just the lens of the West. There are folks in different parts of the world who do not have access to the same types of financial resources that we do. One example that I give a lot, in Afghanistan, folks who are living under Taliban rule have very limited resources in just... And they have a limited amount of transactions that they can do per day from their traditional banks and a limited amount of money that they can even hold in their banks. Many folks have gone around, like just oppressive government rules like this, using Web3, crypto, to actually do their transactions. I have friends who work abroad who have family in Afghanistan who are sending money back via wallets, crypto, and people who are doing transactions already between each other, peer to peer transactions, using the terrible UX that we unfortunately provide them. This further concept of like self-sovereign identity, decentralized verifiable credentials powered by zero-knowledge tech, that allow for verified on-chain information without sharing sensitive information. Imagine if you can do some type of KYC for a platform that needs you to be, I don't know, 13 and up, 16 and up, 18 and up, but you never have to actually share your date of birth. You never have to actually share personal information about you to prove that you are old enough to actually use this service. Things like that are possible using some of the technology that I've talked about.

This actual, like, being able to transact and use applications in the real world without sharing sensitive information is something that's pretty important to me.

Building censorship-resistant tech. The permissionless nature of blockchains allow anyone to interact and build, right? If we go back to some of the social media platforms that I mentioned, Lens and Farcaster, both of those are not actually social media platforms. They are protocols that you can build social media platforms on top of, meaning you have a front end, you have your platforms that are built on these protocols. They can have their own censorship, they can have their own user bases, but because you're specifically on the protocol rather than the application, you can take your social graph I lied.

There's one more time I'm going to talk about NFTs. So, verification of information. NFT use cases outside of JPEGs. That is, you know, there is a non-chain verification mechanism that you can use. So, when you are doing alterations by AI, video editing, deep fakes, et cetera, imagine just being able to snap a picture with your camera. And you have some encrypted on-chain data that saves the original state of that photo, video, et cetera. So, you can actually use a non-chain verification mechanism to say, okay, this is a deep fake. And the proof of concept is going to be much more important, especially as we're moving into a world where AI is just kind of everywhere around us. So, yeah. Thank you, folks, for attending my talk. I'm happy to answer any questions.

All right. Anonymous asks, how are they audited? So, we have a lot of audits that happen. There's different security firms that will do the audits. These are people who are trained in smart contract, security in development who look over specific aspects of the contract. There's a lot of people who actually have their contracts tested and audited by two independent sources first before we ever deploy anything. So, we'll get it audited, make any changes as necessary, and then what we also sometimes do in some cases is another cool thing that folks have is there's competitions where the public will actually go in and do it for the purpose of this competition. So, there's like tons and tons of money that are thrown around these competitions to actually go in and, like, find vulnerabilities in the smart contracts. Another cool thing if you're like a white hacker, come in, earn some money. That's another way to interact in the Web3 space.

Cool. What's the Web3 hiring space like? Right now, it's not great. It's a big market for black hackers. So, there's a lot of new protocols being built that do need to be audited. So, one of the graphs that I'd shown was from a company called Sypherin Audits. So, Sypherin does, like, both smart contract security education as well as audits themselves. So, you'll have, you know, different companies like that who do both, and sometimes some of those people, you know, do better than you if you go through, like, the security courses they have. They'll actually help you get a job, they may hire you if you're really, really good. So, yeah.

Cool. Hey, audience, can you clap if you're a web3 developer? All right? A few here and there. All right. Cool, cool, cool. All right. Well, you got a lot of interest. That's cool, right? Okay. So, are there interesting things being done in the client browsers for web3? There is, I think, a couple of things that we're doing, like, right now. Like, around, like, a few companies have experimented with having, like, wallets embedded inside of browsers. I know Brave has, like, their own wallet embedded within Brave. So if you use the Brave browser, you may or may not know, there is, like, a crypto wallet in there. I don't know too much about how it works. So that's something we're trying to do. We also have a mobile wallet. The mobile wallet also acts as, like, a browser. So if you go to different web-3D apps that are online, all of your, like, interactions just happen kind of more seamlessly through that aspect. So I really like to see more embedded wallets where, like, we just abstract, just, like, not even following the user, but kind of like just handling them locally. So that's something we're trying to do.

All right. Here's one. Kind of interesting. What steps are being taken to counteract nefarious actions such as wallet drains? Can I just add on, like, also spam stuff? Because, I mean, I've got to get crypto and spam and get a lot of this. But okay. So, like, I think some of the things I mentioned during the talk around account abstraction is being built to make, you know, just like the overall Web3 user experience a little bit better as well as the security side of things a little bit better. So, you know, things like, even just like removing the need to think about your seed phrases, removing the need to think about, you know, private keys and things like that. Like, you know, if we're, like, making certain things that are kind of simple and easy to use, so that you're, you know, depending more on, like, something that you're already familiar with versus, like, having to take care of, you know, specific, like, keys that, you know, people can get access to is one. Two, we're trying to get a little bit more agile to see, like, if it's a smart contract, it's going to make it easier for you to interact with the DAP. So there are wallets that now have features like it'll say, hey, you're interacting with this. This is the result of what's going to happen if you sign this transaction. So you get to know what will happen before you actually sign. So it'll read the smart contract. It'll actually take that, put it into human readable language and say, this is what it's going to do. And it'll tell you based more on per transaction, this is what it's going to do. This is, are you sure you want to do this? After this point, it's kind of your fault. We warned you. So yeah.

Okay. Let's see. There's a really good one. Oh, yeah. Although decentralization is a core concept for Web3, do you think there should be some type of regulatory authority to protect the DAP? Like for example, I mean, the DAP. I'm not sure if that's an appropriate term, but you're saying that it should be there for the users. Yes. Okay. While I do believe in decentralization, I believe that there should be like regulation in technology for average, everyday use cases is something that I don't think should exist. So I think that's what we should be doing.