Hey @Maaltir ,
I am not sure if you speak english, but I’ll try anyway. If not, you can still copy and paste in a translator that will give you the french version …
As discussed previously with @poka , it seems the team already decided that using local storage to store private key is not appropriate concerning security issues. I don’t exactly know when the decision was taken and who took it on what knowledge…
From what I know, I come from the Solana ecosystem where we had these discussions about web local storage security. Solana is in the top 10 crypto currency by market cap. Not so much to bolster up, but just so you know that some Solana wallets are handling millions of $ in value and so security is something really, really important for the dev community. Especially because we already experienced many clever hacks that could have endanger the crypto ecosystem as a whole because people would distrust the technology.
That being said and without further addue, there is clearly a balance to find between usability and security. The best solution by far is to have a seed vault in your cell phone (see Saga mobile phone > Seed Vault).
But let’s be honest, even if everybody will get a seed vault in it’s wallet eventually, it’s not yet there. And it’s hard to ask every user to buy a brand new phone just to use crypto payment…
So concerning usability, the second best solution would be to use Web worker / local storage as a ledger. With HTTPS encryption for sending transaction, X-XSS-Protection
to protect the local storage from cross-site injection and your key encrypted using AES, you’re pretty much protected against the majority of technical attacks.
Now, I don’t know if the June ecosystem long-term goal is to attract users, and especially non technical users. If that’s the case @vjrj 's solution is definitely beautifully solving the problem as it’s simple, can be used without technical knowledge and without having to download anything, and all that without compromising the security.
Of course, the web app can be hacked with great technical means like quantum computing, but so can a web extension and a mobile app. As a hacker, I can tell you that the easiest way to hack a payment solution is not to hack it technically but socially (= jack your password / mnemonic one way or the other, using phishing, scam, false app, keylogger, etc).
As a result, Solflare which is the most used wallet on Solana, has a web wallet, an extension and a mobile app. So far, the web wallet has still not been hacked despise billions of $ to get as a reward!
Having used it for 2 years, and make a lot of non-tech friends / family use it too, I realised that the solution they prefer is by far the web app. But they still consider it very complicated compared to Google Wallet. I know we are not competing with Google, still I really feel inspired by the simplicity and yet the security they offer to allow payments to everybody.
And I’m so far convinced that using a well protected web app with maximum security (encryption) and simplicity (get rid of wallet, address, mnemonic, etc) is the way to go. As most of users don’t care about those concepts as much as they don’t care about what is a microprocessor, ram, SoC when they use a mobile phone. They just want to use it without the constraints to enter a password, store a mnemonic, download an extension.
It’s just my opinion and I would be happy to hear your arguments / discuss about that