Status Pushes Out Renegade dApps with New Browser Standard
On the heels of the industry’s latest push to protect users, one of the top Ethereum mobile clients, Status, is implementing a new interoperability standard to “drastically improve user privacy.”
Where decentralized apps (dApps) once had autonomous access to users’ Ethereum accounts within the browser, Status will now force all applications to request permission, according to the company’s website.
While the full version will not be rolled out until Nov. 2, the Switzerland-based browser has released a preliminary update that requires dApp developers to make minor backend tweaks. Come November, however, all dApps will be forced to comply with the changes.
The company noted:
“After Nov. 2, you will have control over your personal information. dApps will need to request your permission to access your Ethereum account before any of your information is shared.”
The move, which Status says is “critical” to upholding its “core principles of privacy and security,” is in line with fellow members of the Ethereum ecosystem–MetaMask, Mist and ImToken–who have adopted the recently released EIP1102 Ethereum development standard in an apparently mounting attempt to crack down on privacy breaches.
Mirroring concerns of its cohort, Status maintains that the liberties currently granted to dApps have come at the expense of users–who may fall prey to hacks, phishing attacks and invasive advertisements when their Ethereum wallet information is tapped.
To date, the vulnerability appears to have claimed a number of victims industry-wide, with MetaMask, an Ethereum browser extension, reporting a phishing attack in June that, by obtaining the mnemonic seed words of wallets, could drain users’ funds without recourse.
For Status, such activities are inevitable in a “wild west” decentralized web. Describing the consequences of the vulnerability, dubbed by many as “fingerprinting,” the company wrote:
“Not only does this de-anonymise you, it exposes details about your balance and transactions. Bad actors can identify you as an Ethereum user and potentially use this against you. Once identified, you can be fingerprinted and tracked.”
Overcoming Over Phishing Scams
Phishing scams, which account for more than half of all stolen Ether according to MyEtherWallet’s CEO, appear to have become an imposing hurdle for users of the original smart contract platform, and evidently an even greater obstacle for its developers. What may bring consolation to both parties, however, is the ecosystem’s seemingly relentless growth.
Ethereum may have landed its most powerful ally to date earlier in August, when Microsoft unveiled its new blockchain-as-a-service, Ethereum on Azure. Should Microsoft subscribe to the notion of Ethereum as “World Supercomputer,” one might entertain the thought of the software giant expediting the blockchain’s teething issues with its weighty toolbox.