Currently guardians are an opt-in feature pretty much hidden in the settings of each individual wallet. I feel like most of the “non-hardcore” users aren’t aware of this feature. I would like to change that.
As suggested on twitter ( https://twitter.com/janniksamc/status/1723324137085571118 ) my proposal is, that we see embed it into the setup of new wallets. Here is how:
-
XPortal: When creating a new wallet, we add a new page to the workflow, right after the mobile phone verification or somewhere there. there could be a page with a small description on what guardians are and how they work and why you should activate them. The page then has two buttons, e. g. “Activate 2FA now” and “Skip”.
-
WebWallet, DeFi-Wallet, XAlias: Do something similar.
-
Ledger: This is tricky and I don’t have any idea. Maybe skip it for now.
This way we guarantee that our users have the chance to find out about guardians early on.
Personally I think, invisible guardians is something everyone should have activated in the future.
Please note, that this change would require the foundation (or someone) to pay for the gas fees for the initial setup of the guardian.
4 Likes
I think this is a phenomenal idea.
One thought is that long setup processes can sometimes deter people. So if having it integrated into the initial xPortal setup process is not ideal then it could be added into the “Quests”.
Since it is an optional feature, requiring activation of Guardians to compete a quest is probably not the best. What can be done though is a short tutorial on what it is as well as a 2-4 question “quiz” to verify the user read and understood it.
Coinbase does this well with their in app airdrops that are paired with short marketing info. So maybe even an SFT can be obtained by completing the quiz and showing solid understanding of Guardians. An amazing feature that is probably underutilized due to lack of understanding.
1 Like
I think I disagree with you in this specific case about this making it longer, if they really don’t wanna do it, it’s just one more click to skip it. Yes, it’s one more step in the end, but I think it’s worth it.
Making it a quest is a good idea, but I don’t think any of my friends have done any quests actively, they simply don’t care about quests and just wanna hold their EGLD - and in very rare cases connect it to a dapp. But it’s not one cancels out the other - I think, both could be implemented together.
Yes, both could be done as long as it can be skipped.
I just recently downloaded and setup a wallet that I almost deleted before finishing the setup. It had a 5-6 second timer for about 10 info screens during the setup process. They couldn’t be skipped and it was very annoying.
2 Likes
One think I would like to add. Not sure, how you think about this:
If the guardian is activated on a “clean” account, there shouldn’t be any activation period for the guardian.
I define a clean account as:
- balance = 0 EGLD
- no esdts / sfts / nfts…
This can only work, if we have the foundation (or someone else) to pay the gas fees in the future, as mentioned in the original post.
Hmmmmmm
Not a bad idea in principle… but… what if a user has 0 egld right now and all in stablecoins, uses multiple wallets maybe… holds egld somewhere else…
Or what if the user deposited everything into dApps and DeFi.
Such wallets obviously should not have instant activation of the guardian.
If they did, then a seed-phrase-scammer can instantly activate the guardian and lock out the true owner and steal all funds.
How would you define such an empty wallet. It would be near impossible to check for all possible DeFi transactions…
Maybe check if the user ever received EGLD or ANY Tokens - if not, then allow instant activations of guardians.
But these instant activations have to be part of the protocol (obviously). So the nodes need to check if the user ever received EGLD.
But the validator nodes do not store the entire transaction history, so they cannot check it.
This is a very tough situation… from what I see, this is definitely not easy to implement
I know, this is a pretty complicated thing to check. Its just an idea, but I kinda see it being unreasonable.
My main proposal still stands as it is though. I really want to see more new regular users protected by default, and this will only happen (imho), if we lead them into the right direction by default, during setup. No non-tech regular user will scroll through the hidden settings at your profile, finding the guardians setup, on their own.
A whole lot of exploration and own interest for security is needed, my regular colleagues would never find and activate it on their own, let alone know it exists.