Account Access & Recovery Issues to the Discontinued Internet Identity Support by dApps

The sudden discontinuation of Internet Identity support by a dApp project raises serious concerns for users who had created their accounts and stored assets using this feature. It raises serious concerns about user account access and asset recovery.

Users who created accounts using this feature and stored their asset inside it, may find themselves unable to access their assets if the developers don’t respond.

It highlights the importance of decentralized solutions that ensure user ownership and control of their assets, even in the face of changes or disruptions in the project’s development.

Is there already way or method to solve this issue ?

2 Likes

I think that is simply a matter of the dapp showing some basic respect to the user, same as in web2. If I offer login via email, Google, and Facebook accounts and simply delete one method overnight, a lot of users will not be able to login anymore. Most projects won’t do that because it’ll cost them a lot of trust and users, but there’s not much one can do.

Absolutely. In web3 you can have solutions where the user owns their data and can access it independently from the dapp/frontend/service, but it has to be explicitly set up this way

1 Like

It probably depends the architecture of the dapp, that’s an advantage of the IC. If the project creates a canister per user - e.g. in which the user’s data are saved - and let users assign additional controllers to these smart contract, then the main project disappearing does not mean the users lost their assets.

e.g. in my project Juno, the main app is “just” a facilitator, each user gets a personal canister to which they can add additional controllers. Likewise for other canisters they create. So if the main app would ever disappear (not the plan, just an example :wink:), they would still have everything because they control their smart contracts, they own their data (https://juno.build/docs/architecture).

Papyrs, OpenChat, Hot or Not (I think) use that architecture. In Papyrs it’s not yet possible to add extra controllets but, if the project would ever been discontinued, I would offer such a feature first.

Makes sense?

5 Likes

Wallet extensions like Metamask offer significant advantage for users, the ability to access assets with the same PID using other supported extension wallet with the same 12 seed phrases.
In contrast, this convenience is not available with Internet Identity, although I understand that the Internet Identity main purpose is to offer more privacy.

I agree with the idea of user independent wallet canisters that would provide greater control and privacy for users on dApps.

Would it be a good idea if this is enforced at ICP base protocol layer ? So it will become the standard of best practice for dApps that support Internet Identity.

2 Likes

Not sure you can enforce such an architecture on the ICP protocol layer (my two cents, might be wrong) but, there are some initiative from the community to implement this wider, e.g. the wApps (“Wallet Apps” I think) topic.

1 Like

Hi Sir, I am concerned about the privacy implications of the design that puts social identities and asset tokens in the same canister. This would make it possible for anyone to easily search for a canister ID in a browser and find out the owner’s detailed assets. Will Dfinity be addressing this privacy issue?

Papyrs, OpenChat, Hot or Not (I think) use that architecture. In Papyrs it’s not yet possible to add extra controllets but, if the project would ever been discontinued, I would offer such a feature first.

If I understand your question correctly, I would say that’s precisely why it’s important for identities and principals to remain anonymous. It’s also the responsibility of the canister developer to decide whether or not to provide access to sensitive data. Therefore, I don’t believe the foundation has any direct involvement in this matter. However, if you have more specific questions or concerns, I recommend starting a new thread to get input from others who might be able to provide better answers.

1 Like