Is a new wallet created on every dapp I log into using Internet Identity?

I am relatively new to the ICP ecosystem, but have been using crypto wallets for a couple of years now and am pretty comfortable with how they work on other chains. I’m confused by how the II wallet works in relation to ICP (sending/receiving) and NFTs.

When I log into identity.ic0.app, it doesn’t show me anything related to my ICP balance or anything else in the wallet attached to that II. When I go to nns.ic0.app, there is a button that says “ICP Wallet”, and when I log in, it shows me an ICP balance along with other information related to governance/canisters/etc.

Based on my prior usage/knowledge of crypto wallets, I assumed the ICP shown to me when I logged into nns.ic0.app using my II would also be able to be used when logging into an NFT web site like Yumi, or a wallet like Stoic. But, when I log into those sites, it looks like they create an entirely new principle id and wallet based on my II? Will any new dapps that I log into with II create a new wallet that I’ll have to transfer ICP into in order to make a purchase? Is this how it is supposed to function?

It seems a little counterintuitive to how other ecosystems and crypto wallets work. Not that it’s a bad thing, it’s just a bit confusing to someone who has been using other wallets on other chains for a while. I assumed every site/dapp that I signed into using II would all use one wallet that was tied to my II.

James

« Internet Identity is a gateway to applications on the Internet Computer. When you use Internet Identity, websites cannot collect and share information about your online activity. This is because Internet Identity helps you create and manage anonymous, independent accounts for every website so that you get the privacy of having many different accounts without the burden of managing them. »

« Internet Identity uses a different principal (a “pseudonym”) for each dapp that you authenticate to using Internet Identity. Since the pseudonyms Internet Identity generates for you are different for each dapp, dapps cannot use them to track you outside of their realm »

« Internet Identity will give the user a different identity for every canister front end that they log into, which is great for security and privacy. If it were not so, Internet Identity would allow every front end to log in under the user’s single principal. If that user interacts with unrelated services — for example, a message board and a shopping site — these could behind the back correlate the user’s behavior on these sites. And even worse, the front end of the message board could maliciously call the canisters of the shopping site and make orders in the user’s name. Therefore, the Internet Identity service generates a different identity for every front end that the user logs into, with the front ends differentiated by their hostname. This way, a user’s actions on different services are not so easily tracked. While the front end is still able to call any canister on the Internet Computer using the user’s identity, it is only ever the identity that is associated with the front end performing the calls ».

« Dapps that integrate with Internet Identity prompt the user to authenticate using an identity anchor. If the user doesn’t have an identity anchor yet, it is easy to create one and add authentication methods to it. For more details, see How to use Internet Identity. For each device added, a pair of cryptographic keys (private and public key) is generated. The public key is stored on the Internet Computer blockchain, while the private key remains locked inside the authentication device together with any biometric data that governs access to it. Adding multiple authentication devices to an identity anchor allows the user to access dapps across all of their devices.

When a user accesses a dapp that uses Internet Identity for authentication, they first specify the identity anchor they want to use. After authenticating using an identity anchor using an assigned device, their browser connects to Internet Identity and generates a session key for use with that dapp. Finally, the user is asked to authorize access to the dapp.

The user’s browser downloads the authorization and then redirects the user to the dapp. The dapp verifies the authorization from Internet Identity and grants the user access as an application-specific anonymous identity called a pseudonym. Internally, users have a different pseudonym for each dapp, but a pseudonym for any single dapp is the same across all of the user’s devices. All devices of a particular user simple represent different methods they can use to authenticate their Internet Identity anchor. »

I give you some links to read more about this marvel, but as you can see it is mainly for your privacy :

https://wiki.internetcomputer.org/wiki/Internet_Identity

Hey Roman, thank you very much for the detailed post and links! It definitely makes sense from a privacy standpoint. It’s nice to know I can use standard wallets across dapps, or use II if I want to maintain privacy. Thanks again.

You’re welcome James. And welcome on board !

Hey Thanks for your post. I have some related question that maybe you might know the answer. Is there a way to Use the Internet Identity Authentication to log in into web2 services? i mean, i am creating a chrome extension, which as far as i understand the whole code has to be hosted in chrome’s directory and run locally in every machine is installed. i would like to Authenticate with this extension using internet identity. is that possible?

I am having the same exact issue except I sent 37 ICP to the account that was generated when I logged into “IC scan”, which I’ve noticed many people in the ecosystem still use, but they have not said anything on social media in a year and their discord is gone.

Sorry, I’m new… but I sent tokens to one of my addresses but now I’m trying to figure out how to access that address to send the tokens back out. I can literally find nobody else to help me in the entire ICP community.

One person in the “ICP Devs” discord told me this :

“It depends on the token, but ICP supports account addresses that are a combination of a principal + a 32 byte subaccount if you know the subaccount or how it was derived you should be able to recover…”

but then he stopped responding to me. Any ideas on how to access ones sub accounts? I remember back in the day with MyEtherWallet you used to be able to access all sub accounts controlled by one private key. Is there nothing similar for ICP? I’m new to ICP trying recover

Any idea on how to get tokens out of an account that’s not a wallet front end?

I assumed the one that was generated when I logged into the IC scan frontend was my wallet address.

But if I still own this account, there should be a way for me to still send from the account?

correct?

I stumbled upon this post. Thanks for the detailed explanation; however, I am worried about what it could mean from a user experience standpoint!

Imagine I’m building a subscription-based dapp where users login using their Internet Identity. Imagine the subscription cost is 1 ICP monthly. After a user logs in with II, I’ve tried using the icrc2_approve method to allow the dapp to withdraw the monthly fee, but I get an Insufficient Funds error, even though that user has some ICP on its NNS wallet.

From what I’m reading in this thread, it means that the user would first need to transfer some ICP tokens to the wallet created on my dapp by the Internet Identity. That’s a horrible user experience ! Imagine if you had to credit your Netflix account to sustain its subscription for the coming month…

I’m hoping I’m wrong about this !

Could anyone shed some light on this ?

Cheers

As of this moment, Internet Identity is not a wallet but solely an identity provider.

The NNS uses this identity provider as login. The NNS itself offers wallet functionality but as far as I understand isn’t a full featured wallet (tokens are there primarily for e.g. governance purpose).

Work is ongoing to standardize dapp<->wallet communication in the WG. This is currently being implemented (or supported through a translation layer) by most major wallets.

Besides the NNS, there’s the ongoing development on the Oisy wallet. Not sure what the long term plans are for the NNS, I suppose it either becomes a wallet at some point or splits of its wallet functionality, or maybe it will do both

Libs for wallet interaction are work in progress, there’s @slide-computer/signer (with @slide-computer/signer-agent) and https://www.identitykit.xyz which offers a ready to use connect button and interface.

Great explanation, thanks !

It’d be so good if the Internet Identity was linked to a wallet. I think it’s the most trusted authentication method in the ICP community. IMO it’s required before we can start to see mass adoption.