NNS Wallet MUST provide a way to list ALL dapps tied to this Internet Identity with a way to manually export their private key/seed phrase or at the very minimum way to derive a private key/seed phrase for a custom domain(so you could recover your private key and import into a custom wallet)
1 Like
it’s absolutely unacceptable having no official user friendly way to recover the private key in case dapp developers just run away and ceased all services
hey, you still control internet identity and have funds sitting on your principal ID, it’s just abstracted away into oblivion with no direct access to the private key for the user
1 Like
An alternative solution would be an ability to login under custom domain name and get generic wallet-experience right from the browser(similar to NNS wallet or ICPSwap wallet just for custom user defined domain so that you can derive private key for ANY previously linked or not domain). This way we would not even need to expose the private key(can stay inside the browser)
But this can lead to phishing like attacks, so idk, shouldn’t be available for all dapp developers(only for one trusted NNS controlled dapp) 
In a way, there IS an official user-friendly way. It’s called DAO governance. In case something like that happens, the Internet Identity can be changed the way you want by the NNS to recover the inaccessible tokens. Such a problem hasn’t occurred yet that I know of ?, nor are users keeping a significant amount of tokens in dapps they think will disappear. II could allow the domain-identities to be used by another recovery domain in such a case.
It has to be forwarded to another dapp that knows what to do with the private keys. You don’t really know which canisters the dapp used and what it did with the private key from II - perhaps it derived another key from it and used that. Or perhaps a canister holds the ledger tokens with a custom interface and not the private key. These keys are also temporary. Not to mention you shouldn’t be putting a significant amount of funds in such dapps, because in the worst-case scenario, the devs are likely to take them before deleting their domain.
DAO governance is a replacement for trying to solve all possible problems that haven’t happened yet. If we try to solve them all with the current information, we end up with a rigid system that quickly becomes obsolete when disruptive black swan events happen like mobile, crypto, and AI.
3 Likes
I would still like to have a way to export my private keys tied to custom dapp(basically what II auth gives to a browser’s client) and this to be available to any user
It gives power users quiet some flexibility
Not your keys, not your crypto. II auth breaks this as of now
Unfortunately such problem did occure(idk, maybe 6-9 months ago), I cannot remember dapp name right now(was a wallet) but some users had their funds stuck(they don’t have privatekey duh) and dapp was shutdown
Some dude bought some ICP and just forgot about it, came when saw ICP soaring but surprise-surprise dapp was gone
Fortunately it got resolved, afaik original developers made it temporary available again so users could withdraw.
Not your keys - not your crypto
It obviously doesn’t protect you from malicious devs(who could probably snoop the private key out of the browser’s memory, should be possible?)
But this case was just legit devs who abandoned a project and didn’t migrate out all their users
There are 2 types of newcomers that will come to ICP:
- people never involved with crypto
- people from other blockchains
From UX perspective Internet Identity is far more superior for the group 1, it’s very hard to explain them why they need to install odd browser extension, then signing something more stranger…
But for the group 2 it’s opposite - try to explain to guy from ETH or Solana why he just can’t install wallet like MetaMask or Phantom and just sign into a game.
Because we are making a game that is supposed to attract players from other popular blockchains - I want to provide them with the same experience they’re used to.
Also that game is using ICRC-37 NFTs already (which is not supported by any wallets), so in the end I started my own wallet 
It’s far from being mature, but atm it’s just two-week project GitHub - dariuszdawidowski/grind-wallet
4 Likes
Great, the ecosystem needs more wallets! Could you please be sure to integrate standards ICRC25/27/28/34/49? You’ll also need a transport layer too - icrc29 if it’s web, and if not please join the working group to help create injected wallet or mobile wallet transport layer standards 
4 Likes
I want to support latest standards. How to join to the working group?
1 Like
Check the agenda: Internet Computer Events
Feel free to join any of the zoom calls, they’re public and recordings are available for these calls.
The first upcoming call is today in less than 2 hours.
2 Likes
Example of such a script is this where the script can just be run from the chrome developer console to trigger a certain action, in this case its focussed on adding an extra controller to a SNS neuron, but can be reconfigured to trigger any action.
credits to @peterparker
2 Likes
I literally used the script this weekend to check the status of the canisters that were returned to me and to add some more controllers 
3 Likes
Most people in the ICP community don’t know how to retrieve their tokens, and even some project teams don’t have a deep understanding of this (I’m not blaming Helix, they’re doing well). I’ve seen many, many examples where: sending unsupported coins or NFTs, sending tokens of an outdated standard, or handling some niche airdrops, all can easily mislead users into thinking their tokens are lost. This leads to aversion towards ICP and reduces liquidity because people are afraid of losing their assets. Regardless, there’s an urgent need for improvement in the wallet status within the ICP ecosystem. For instance, there could be a safer and more widely recognized method to manage assets associated with internet identities. Or a universally compatible and fast wallet connection system. Or the implementation of ICRC25 or any other that could enhance the user experience.
https://x.com/babydrick08/status/184475
5942677897701
2 Likes
If anyone knows how to push forward the implementation of ICRC-25, please do it; it hasn’t been updated for a long time.
Kudos for discussing identities—my personal favorite subject, even if the thread title is a bit demeaning and misleading.
The more I think about it, the mantra “Not your keys, not your crypto” was popularized by wallets to appeal to users. But at the end of the day, it’s the wallet developers who hold your keys, unless you can manually manage to calculate transaction bytes whenever you need to use your private keys. Better than CEXs, but still not entirely yours.
If a few lost NFTs sent to unsupported addresses are the biggest argument we can make against Internet Identity, then I’d say it’s a pretty good solution, and we should thank its inventors while discussing how it should be improved.
Even with hardware wallets, someone still needs to audit or review the upgrades. DAOs like the NNS are best for that, making it impossible for the core dev team to push unchecked upgrades. Can you say the same about extension wallets and hardware wallets? I doubt it.
Your Internet Identity is way more “yours” and community-verified than any other identity, even if it currently allows for mistakes to happen because of the freedom given to developers. SNSes with in-dapp wallets using Internet Identity attempt to continue the same pattern.
It seems that for your crypto to be truly yours, it needs to involve DAOs where the community is auditing the software that makes your wallets work.
ICRC25/27/28/34/49/29 seem to have been invented to allow a non-trusted dapp to use the wallet of a trusted wallet dapp, which is a great option to have.
4 Likes
i dont agree that it is “demeaning and misleading”. The fact is that there is a serious security issue here for people with a lot of money. If i’m trading on dex or swap dapp on stuff like Ethereum, Polygon, Solana, etc I can have confidence that my assets/funds are in my control. Where as my understanding is that if ICPSwap, for example, decided to upload malicious code to their canisters they could just take my assets and run off. I don’t see whales gravitating to ICP when someone can so easily rug everyone and run off with funds.
As a side note to that since canister owner have ultimate control over those assets they are no different then a CEX and really should have various MSB licenses and be compliant with KYC/AML regulations, but as I see it currently they are flying under the radar. So there’s that little issue as well…
ICPSwap and its site are DAO-governed. The identities (if II) - also DAO governed. I am not entirely sure where your confidence comes from when Eth, Polygon and Solana wallets are governed by Google, then the devs that make them, using sites on AWS, going through AWS APIs. First - you can’t trust what you see in the app, because of the centralized APIs and the AWS site. Second - you don’t know for sure if the transaction will go through and who will frontrun it. Third - Your keys are in an app/extension/hardware wallet where devs can hit enter and take them away.
4 Likes
Devs can hit enter and take away coins from a hw wallet? Bro be serious 
That’s good that the code on icpswap is Dao governed I wasn’t aware of that thought the devs have write access so that’s a good start, but there are plenty of dapps on the IC that aren’t.
There is also plenty of transactions that don’t go through on icpswap as well, and there is always slippage settings to control for price manipulation
I’m explaining why things like uniswap and solana are popular if you just want to argue and not listen you will never understand why ICP is lagging and struggling. You want to see icp at sub $8 in 2026 keep that mindset
Here is II source code. [GitHub - dfinity/internet-identity: Internet Identity, a blockchain authentication system for the Internet Computer]
Here NNS dapp source.[GitHub - dfinity/nns-dapp: The Dapp of the Internet Computer's Network Nervous System.]
Here is an example NNS dapp upgrade proposal [https://dashboard.internetcomputer.org/proposal/129396] and here II upgrade proposal [https://dashboard.internetcomputer.org/proposal/131052]
Show me the source code of your hardware wallet, where releases get voted on and how they get signed based on these votes. HW wallets protect you from random hackers, but hardly from the developers who make them.
3 Likes
I’m super aligned on your thinking here – that we need a governable digital identity system. It’s true that basically all wallets may give you sovereignty, but not influence.
Unless I’m mistaken, I think the thread here is specific to II not providing the same principal across apps, in which case I feel you’d agree it’s made data portability harder (if not outright impossible). Like I can’t sign in to another app and that app is able to pull relevant information for my stable identity across the entire ecosystem.