Maximise your Metaverse potential, giving you daily rewards and a passive income of 0.5% daily I'm going in!

DeSo wants your opening line. Let them come and get it

8 min reading

DeSo is basically created to develop web3 application and it focuses on content creators etc.


Late Sunday (January 9) DeSo founder Nader al-Naji announced that his "decentralized social media" service would renew its much-criticized inflow. However, experts are pretty much the same as saying that the update will significantly worsen the security of DeSo users - and will even break security in the new Web 3 landscape.

DeSo (formerly BitClout) is basically an example of how Web 3 can become. The system is based on a symbol economy and aims to help content creators get paid for their work and to help users manage their DeSo assets with digital wallets similar to MetaMask or Samourai. Other "Creator Token" systems, notably roll and rally, follow a similar model. However, critics have previously noted that DeSo encourages users to engage in a very strange and dangerous behavior: they must enter their wallet "put phrase" through the web interface to log into their DeSo web account. The opening phrase, sometimes called the "recovery phrase", gives anyone who knows it full access to the contents of the wallet and cannot be changed or revoked if compromised.

Because they are so sensitive, it's generally accepted to work with opening sentences so really never enter them into internet-related interfaces, with websites probably the worst option. Individual portfolio management responsibilities are key to the Web 3 concept, and training users on good security will be key to the success of the entire initiative. But instead of tackling the big problem of using greetings as web logins, DeSo seems to have doubled down: this new feature will encourage users to send their greetings to Google Drive.

This can't be true

This alleged change has received fierce scorn from cryptocurrency seniors, engineers, and investors – insults fermented by a cynical suspicion that, yes, the alleged $200 million Web-3 operation by Andreessen Horowitz and other blue web 3 chip backers actually did this. . . Key figures including Matthew Graham, CEO of Sino Global Capital, seem to agree: Using the cloud to store opening sentences controlling hundreds of thousands of dollars of potential crypto assets is foolish at first glance. Perhaps the loudest roar in response to DeSo's new "feature" came from Taylor Monahan, cybersecurity expert and CEO of portfolio developer MyCrypto.

What is a seed phrase?

Why is it so bad to ask users to enter the opening line from a crypto wallet into a web extension? In software portfolios such as Exodus or Electrum, the opening line is very similar to a "private key" that gives direct control over a single Bitcoin account in a chain. It's created by an automated system, and unlike Google passwords, for example, even portfolio developers can't see phrases - either reset them or recover them if they're lost.

And once someone has the opening line in their wallet, they can steal the contents — what al-Naji admitted on Sunday was exactly what happened to the early 10% of DeSo users. Therefore, in terms of cybersecurity, the opening sentence is almost as sensitive as biometrics. Biometrics form the security backbone of another highly flawed pseudo-crypto project, Sam Altman's WorldCoin, which has been heavily criticized on its model by experts including Edward Snowden. As Snowden points out, biometrics are dangerous because they cannot be replaced once compromised. Crypto unlock phrases can be replaced in a number of ways after expiration, but it's a complex process that involves setting up an entirely new wallet - and by the time you do, your compromised wallet may already be emptied.

In a narrower sense, this means that logging in with DeSo's opening phrase poses a great and constant risk to users of the system itself. In particular, phishing attacks that mimic official login pages to capture cryptographic credentials are very common. This has resulted in huge exchanges between users of platforms like OpenSea and Coinbase. But even hosted wallets are much more difficult to damage when used properly. Al-Naji, critics say, will make his own user portfolio vulnerable. (Questions to the DeSo team about the specific role of the opening line on the DeSo platform were re-entered into Al-Naji's Sunday thread.)

Al-Naji's narcissistic approach to the matter no doubt irritates people even more. His tweets make the completely wrong choice of "asking users to do better" or offer a much less security stream. But the initial problem was just DeSo's design, not consumer laziness. The new "solution" appears to have been chosen based on optics and not efficiency: Al-Naji and his team don't want to annoy users by downloading a secure software portfolio, but they shouldn't make the mistake of canceling it themselves beforehand. make design decisions. Instead, we got classic doubling.

UX is a security issue

As much as DeSo is dancing with its own demons here, the much bigger problem for critics seems to be their entry-level stream with opening phrases training users in poor security practices. This could lead to more misunderstandings and tragedies in the emerging Web 3 ecosystem. “DeSo infuriates me that they acknowledge portfolio responsibility while deliberately ignoring all the key best practices in this book,” Monahan told me as I sought more information. “Not only do they keep secrets in browsers in an insecure way or teach users that keeping secrets on old websites is a good thing, but this is the time they need to protect their malicious actions.

"This raises the question: If customer service is not a priority, what is DeSo's real motivation in the Web 3 ecosystem?" This is a particularly harsh criticism because DeSo is so closely tied to the issue itself that it aims to bring "Web 3" into the mainstream (or at least make money off of its efforts). In its early incarnation, DeSo raised funds from at least 19 sources while operating and selling tokens like BitClout, including Capital, Arrington XRP Capital, Winklevoss Capital, and most importantly Andreessen Horowitz. Andresen Horowitz supported Web 3, even during Jack Dorsey's recent attack against Web 3.

Of course, these funds do not directly control the choice of founders or the companies they invest in. But this isn't the first time DeSo has threatened to embarrass his supporters.

"Dark model"

The Google Drive disaster comes after another DeSo move that many have seen with skepticism or suspicion. At the top of the list is DeSo's ingenious initial fundraising design, which it did as BitClout. The initial sale of the CLOUT token used a so-called “bridging curve” which, according to critics, was an unusually generous payment to private investors prior to the sale (even by crypto standards).

BitClout also disappoints in what some consider a reckless disregard for individual property rights and privacy. To create an account on the first version of the product, BitClout searched Twitter for user profile photos and other assets. This then encourages users to pay for the privilege of taking control of BitClout accounts created without their permission and using their own intellectual property.

Some users think they are imitating a scratched profile. The former head of marketing at Google, Adam Singer, described the practice as a "consumer-friendly dark BS model". As part of DeSo's rebranding, the CLOUT token has now been replaced by deso. BitClout itself is now billed as a single application based on the DeSo blockchain. However, given the widespread response to BitClout on these and other topics, there is substantial reason to believe this was a renaming for convenience. It's also worth noting that, as Protos Media explains, the rebranding has been misreported in some cases because DeSo raised new funds when it transferred the same $200 million it raised under the BitClout name.

As a positive development, Al-Naji seemed somewhat embarrassed by the reaction to his remarks on Sunday. He's since joined Twitter, asking almost sincerely for better options for "full self-service, completely private (no PII), low friction, mobile friendly, and no expansion needed." The insistence on avoiding extensions or another layer of protection with a firewall, I personally think is wrong. Al-Naji rightly points out that downloading and installing extensions is a pain for some users - but downloading streaming apps to your Roku and Netflix also seems to work fine. There may be some tradeoffs involved in adding new users, but key management is an inherent feature of Web 3 and not a nuisance. At this stage of the game, it is the startup's responsibility to train future Web 3 users to improve it.

The decision to allow users to slowly bypass Web 3's core architecture could fuel the growth of individual operations like DeSo in the short term. But by teaching the wrong lessons, such practices add to risk for consumers and, in turn, undermine the foundations of other ecosystem projects. This helps explain precisely why so many people are going crazy: The DeSo vulnerability is, ironically, a kind of theft of Web 3's greater overhead.

Currency Exchange rate Buy cryptocurrency

Maximise your Metaverse potential,
giving you daily rewards and a passive income of 0.5% daily

Dear customer,

We use cookies to provide our services correctly and safely. Cookies are small text-based data sets that shall be saved on the device you are using in connection with the use of this instnat website. Cookies are created in order to ensure proper functioning of thes instant website. By clicking the button "I accept and go to the website", you implicitly agree to creation of the cookies on your computer and to deploy automatic tracking and data collection and processing on behalf of the Lushup Holdings FZ LEE. Click the above-captioned button is also tantamount to accepting website's privacy policy. Closing the notification by means of "X" is unequivocally connected with your consent. If you do not agree to any of the above, please discontinue using our Website.

“Cookies” shall make an identification of the software used by you and to customization of this instant website to your needs. Cookies contain the name of the domain from which they origin, duration of period of their storage on your computer and an assigned value.

Third party cookies:
We also use third-party cookies for the following purposes:

  • creating statistics - helping to understand the way Users use the Website, which allows to improve its structure and content with use of the analytical tools
  • defining a user profile - in order to display custom-tailored content in advertising networks.

External entities that might be source of any third-party cookies on this instant Website are as follows:

Using a settings of your web browser or by using pre-set configuration tools available in our service you can independently and at any time change the settings concerning your use of the “cookies”, specifying the conditionsof their storage and how your device is creating and downloading them. These settings can be changed to block the automatic handling of cookies in the settings of your web browser or inform about their placement on your device each time.

Detailed information about the options related to use of “cookies” is available in the settings of your software (web browser).

Service privacy policy

This instant document lays out the principles of the Privacy Policy on the website (hereinafter referred to as the "Website" or "Service"). The administrator of the Website is Lushup Holdings FZ LEE, Fujairah - Creative Tower, P.O.Box 4422 Fujairah, United Arabs Emirates.

The full document to read the ommyo privacy policy is available in this document.

Advanced settings can be changed in your browser.