Exploring the Status Web3 Browser

Exploring the Status Web3 Browser

Status is an open source, decentralised messaging platform, non-custodial crypto wallet, and web 3.0 browser, designed to act as a network node which interacts with decentralised applications (DApps) that run on the Ethereum network.

Status is an open source community of people committed to building better decentralised tools for Web3, and making sure that everyone across the world can access these tools directly from their pockets.

The Status Network is an ecosystem of decentralised applications – building private, secure communication tools. We stand for upholding human rights, and empowering sovereign communities, therein becoming a gateway to undeniable free trade, peer-to-peer payments, and encrypted p2p communication for anyone with a smartphone and internet access.

Last week, I released the second in this mini-series of articles about The Big 3 functions of Status – namely: Messenger, Wallet and Browser. That article covered the ins-and-outs of the Status Non-Custodial Wallet.

This week's article is all about exploring the final of The Big 3 features – Browser. The Status Browser, similarly to Wallet & Messenger, is a privacy and security focused, Web3 enabled browser. A Web3 browser can not only open any website that your standard Chrome or Firefox can, but on top of that; allows you to utilise and engage with Decentralised Applications (DApps).

Having a Web3 browser within the Status client is not only just a cool feature to boast about, but really does offer palpable benefits, such as high security & privacy, and direct integration with the other Status features for totally linear transactions. In today's article, we'll look at exactly what makes the Status Browser a great feature, as well as the security powering it, and the functionality available within.

Prepare to dive on in!

What exactly is a Web3 browser?

One of the things that certainly surprised me when I first got into the Decentralised Web, was that a Web3 browser appeared to all intents and purposes, to be no different to a standard Web Browser. I expected many obvious bells-and-whistles, but it turned out that actually; the nuanced underlying technology was the impressive factor.

When it comes to the Status Web3 browser; in order to allow you to fully utilise Decentralised Apps, it injects an object into the DOM of a given site, allowing it to reference your account on the blockchain (with your permission first, of course).

Typically, DApps use the Ethereum blockchain to send and receive information and process payments that would conventionally be stored on a centralised server. This way; DApps present little risk of a single party controlling and profiting from your data. With the Status client having an in-built Wallet, this functionality is taken a step further into awesome – as processing payments is streamlined to the max!

Why would you want another browser?

The web today is broken. We don't even control our own data!  Thirty years into mass adoption of the internet, our data architectures are still based on the concept of stand-alone computers, where data is centrally stored and managed on a server, and sent or retrieved by a client.

Every time we interact over the web, copies of our data get sent to the server of a service provider, and every time that happens, we lose control of our data. Even though we live in a connected world, our data is still centrally stored; on our computers or other devices, on our USB sticks, and even in the cloud.  This raises issues of trust.  Can I trust those people and institutions that store and manage my data against any form of corruption – internally or externally, on purpose or by accident?

The current internet – with its client-server-based data infrastructure and centralised data management – has a whole bunch of points of failure, as we can see from both the recurring, and historical, data breaches of online service providers.

What makes the Status Browser so secure?

When browsing Web3, end-user data and browsing information is not accessible by any third parties without consent. Any transactions made while using the Status Browser implement the same security standards and best practices used in the Status Wallet.

Privacy Mode by default

I know I keep mentioning it, but Status really is all about privacy – and this doesn't change when it comes to the Browser. Browser Privacy mode is enabled by default, and this means that DApps will be required to ask permission before connecting to your wallet.

This being enabled means that DApps cannot see your user accounts (unless they implement EIP-1102, nullifying some backward compatibility issues). You can disable this by toggling the feature off. With Privacy Mode disabled, untrusted websites and DApps can inspect the Ethereum addresses within your Status Wallet.

Therefore, you can use a legacy DApp with Status, but you must disable Privacy Mode and, more importantly, remember to re-enable it for your own security.

Permission security

DApps must ask permission to view and use your wallet address and/or your chat key.  Usually, a DApp asks to Connect your wallet. When it does, you receive a popup asking to Deny or Allow this request.  Connection permissions to your wallet address are specific to each account you hold in your wallet. If you grant access for a new account, permission to the previously connected account is revoked. If you reject a permission request, the DApp requesting will not know anything about your Ethereum address, nor will it be able to initiate any transactions.

Go to Profile > Privacy and Security > Set DApp Permissions to see which DApps can access which of your accounts, and to revoke permissions if you would like to do so.

Note that if a DApp has stored your address, this cannot be revoked by Status.

EIP712

Status browser implements EIP712 which aims to improve the usability of off-chain message signing for use on-chain. We are seeing growing adoption of off-chain message signing as it saves gas, and reduces the number of transactions on the blockchain.

Currently; signed messages are an opaque hex string displayed to the user with little context about the items that make up the message.

The EIP712 standard is simply about signing messages and verifying signatures. In many practical applications, signed messages are used to authorise an action, for example an exchange of tokens. It is very important that our application behaves correctly when it sees the same signed message twice, to prevent replay attacks.

Within the EIP712 spec; this is solved with the implementation of a Domain separator, (in essence just a 256-bit number). This is a value unique to each domain that is ‘mixed in’ the signature. It makes signatures from different domains incompatible. The domain separator is designed to include bits of DApp unique information, such as the name of the DApp, the intended validator contract address, the expected DApp domain name, etc.

The user and user-agent can use this information to prevent phishing attacks – where a malicious DApp tries to trick you into signing a message for another / separate DApp.

Underlying Status security as standard

As I mentioned in my Status Tech Stack article, and touched on in the other two articles in this series (Messenger & Wallet), the Browser not only benefits from its specific security measures, but the fact that it is part of the Status application as a whole, meaning the underlying technology is guaranteed to be solid.

The Status Principles

Security: We don't compromise on security when building features. We use state-of-the-art technologies, and research new security methods and technologies to make strong security guarantees.

Privacy: Privacy is the power to selectively reveal oneself to the world. For us, it's essential to protect privacy in both communications and transactions, as well as being a pseudo-anonymous platform. Additionally, we strive to provide the right of total anonymity.

Decentralisation: We minimise centralisation across both the software and the organisation itself. In other words, we maximise the number of physical computers composing the network, and maximise the number of individuals who have control over the system(s) we are building.

Check out the full list of Status Principles here.

Status Integrations

One of my favourite features of the Status client is the tight integration between The Big 3. How streamline it is when performing Wallet transactions, directly from both the Messenger and Browser has always impressed me, and is what I see as actually the biggest selling point of Status!

DApps accessing your Status Wallet through the Browser is an absolute must, realistically, but I really appreciate the little things, too. For example – when browsing DApps; the integration with Messenger can prove immensely useful and great for community building.

In the screenshot below, I've highlighted the process of going from my own personal web app within the Browser, to a dedicated, public chat channel in Messenger (in one click!)

Of course, the obvious integration to show off here (as I mentioned just now), is the seamless connectivity between DApps in the Browser, and the stash of cash in your Wallet accounts. You can fund the many adventures you partake in via the Browser – whether gaming, gambling or whatever; directly from your Wallet funds:

DApps in Dap.ps!

Status comes with a built-in DApp Store to help users quickly and easily find the most relevant, useful and trustworthy DApps built on the Ethereum network.

https://DAp.ps is a decentralised, community curated directory of DApps built for Ethereum, enabling you to easily explore the best of Web3.

DApp developers can submit their DApps completely free of charge, but with the option of staking SNT to boost their DApp ranking! You can upvote or downvote DApp listings staking SNT as well. One of the coolest features, I reckon, is that the more SNT a developer stakes to boost his/her DApp ranking, the cheaper it becomes for us to downvote their DApp, should we choose to do so! This functionality reduces the risk of well-funded DApps taking over, and ensures that our vote on the DApps usefulness still count.

It's worth noting that voting, (yeah, I did that on purpose), requires SNT as well as a tiny amount of ETH to pay for the transaction.

Conclusion

I'll be honest, I'm pretty surprised that with the closing of this article, I've covered The Big 3 Status features, over 3 articles, in just ~7000 words. Considering that underneath the features, there is a HUGE array of complex and impressive tech, the Status client manages to use that tech to present us with a feature-rich, secure, and damn impressive piece of the Decentralised Web.

It's been a great pleasure writing this series of articles, and I hope that each has been truly educational to all who have taken the time to read them.  (A huge thank you to all readers!)

If you do have any questions about the Web3 Browser or DApp store, feel free to email us at [email protected] or better yet, join our chat.

Want to learn more about the tech used? Looking for a specific answer? Ask your question in our open forum discuss.status.im.

Not finding what you need? Get support in the #support channel in Discord.

Otherwise, if you would like to reach out to me personally, you can do so here!

- @rbin