Dan Finlay 🦊 pfp

Dan Finlay 🦊

@danfinlay

191 Following
169711 Followers
Dan Finlay 🦊 pfp
Dan Finlay 🦊
@danfinlay
Yeah, it's basically: Proxying to service providers, swearing to not store data. Again, I probably prefer this to a huge behemoth company that is clearly collecting all data and suspect of assassinating their whistleblowers. But I'm not sure this doesn't create a new weird privacy power battle. I'd suspect there's a way to game the tokenomics to receive lots of sensitive user queries, and get paid to do it.
0 reply
1 recast
3 reactions
Dan Finlay 🦊 pfp
Dan Finlay 🦊
@danfinlay
Are they able to make credible commitments using their smart account, or is it all just "trust me bro"?
0 reply
0 recast
0 reaction
Dan Finlay 🦊 pfp
Dan Finlay 🦊
@danfinlay
There are a ton of great projects for running local. On a mac, LMStudio is great for just running right there on device, even opening an API server. I've done AI coding on a flight with no internet this way! For trying lots of models on a linux server with some GPU capacity, I've enjoyed vllm.
0 reply
0 recast
2 reactions
Dan Finlay 🦊 pfp
Dan Finlay 🦊
@danfinlay
No, I think “we promise” type privacy is not the kind I’m interested in long term, but I guess not bad to support smaller batch companies than the big three.
1 reply
0 recast
3 reactions
Dan Finlay 🦊 pfp
Dan Finlay 🦊
@danfinlay
Yeah I've definitely experienced the thing where a catch phrase catches on and then becomes dogma and then someone tries to use it in a context where it doesn't really make sense. One example is "avoid king-making". Some people eventually took that to mean "no decisions", instead of something more like "markets > favoritism".
0 reply
0 recast
1 reaction
Dan Finlay 🦊 pfp
Dan Finlay 🦊
@danfinlay
Maybe I should use that more. I sometimes feel like I just keep producing different models to describe, and never decide one is particularly good and just keep moving, hoping one sticks.
1 reply
0 recast
1 reaction
Dan Finlay 🦊 pfp
Dan Finlay 🦊
@danfinlay
That blog has a lot on it, said a lot of different ways, but maybe it needs a freshen up. If I were to remaster that blog, I would rewrite "Trust mapping social arrangements" with more meticulous examples of practical financial cycles, and draw it to how it could create insurance/liquidity for a variety of real issues today: Insuring an online purchase, creating private invite graphs for accessing sensitive opportunities/medicines. I took a stab to recently re-articulate some of it here: https://blog.danfinlay.com/protocol-seeking-protocol/
2 replies
0 recast
1 reaction
Dan Finlay 🦊 pfp
Dan Finlay 🦊
@danfinlay
Are you going to deprecate support for eth_sign immediately? If attackers can just request an unreadable signature from the hardware wallet they're going to do it every time. We cannot pretend a big screen provides safety if attackers have the choice to deactivate it.
1 reply
0 recast
2 reactions
Dan Finlay 🦊 pfp
Dan Finlay 🦊
@danfinlay
I sure am!
0 reply
0 recast
1 reaction
Dan Finlay 🦊 pfp
Dan Finlay 🦊
@danfinlay
There's still a question then about how the signer learns what kinds of permissions it's capable of granting (and how it is able to attenuate those policies). I haven't spec'd that out yet but conceptually I think there are established secure patterns to draw from: https://blog.danfinlay.com/permissionless-permissions/
1 reply
0 recast
1 reaction
Dan Finlay 🦊 pfp
Dan Finlay 🦊
@danfinlay
I think ERC-7715 is a goldmine for the first hardware wallet to do it right. Rather than sites proposing opaque bytecode and the signer trying to guess: The site proposes concrete specific permissions, and the signer chooses how they want to grant those permissions, ensuring readability is inherent in the handshake.
1 reply
0 recast
1 reaction
Dan Finlay 🦊 pfp
Dan Finlay 🦊
@danfinlay
I wonder what fraction of the NPS workforce could be crowdfunded with a transparent crypto DAO streaming salaries to vigilante rangers.
0 reply
0 recast
1 reaction
Dan Finlay 🦊 pfp
Dan Finlay 🦊
@danfinlay
Can they type? I think the rabbit r1 UX is pretty great for a pre-literate kid, but it ain't local/private. If they can type, LM Studio on mac is an awesome way to download/run anything you can run locally.
1 reply
0 recast
1 reaction
Dan Finlay 🦊 pfp
Dan Finlay 🦊
@danfinlay
As for "gaslighting people about screenshots", the first reports we received were only screenshots, not proof, so we mistakenly thought people were buying off screenshots, which seemed sillier. It got a lot more serious once we learned this was a real account takeover. https://warpcast.com/danfinlay/0xe4e586e5
0 reply
0 recast
1 reaction
Dan Finlay 🦊 pfp
Dan Finlay 🦊
@danfinlay
But yeah I agree you will do fine to basically trust nobody in this space. I'm not really asking for your trust, tbh. I'd be very happy if nobody had trusted any memecoins posted from my account, and would continue to. If I ever raise funds, it will be on comprehensible terms for a clear reason.
0 reply
0 recast
1 reaction
Dan Finlay 🦊 pfp
Dan Finlay 🦊
@danfinlay
"This" did not happen to me multiple times. I once toyed the memecoin scene, and had a bad time, and wrote about it: https://blog.danfinlay.com/meme-tokens-and-consent/ I ended up donating all the fees I received from the BASE coin to the Roman Stormf legal defense. The more recent memecoin & rug was a takeover of my DNS, I posted here on FC recently, and would link to it but my profile page isn't loading right now for me.
1 reply
0 recast
1 reaction
Dan Finlay 🦊 pfp
Dan Finlay 🦊
@danfinlay
I might recommend it as a step after any user connects a wallet. Most people don't dig into advanced settings.
0 reply
0 recast
3 reactions
Dan Finlay 🦊 pfp
Dan Finlay 🦊
@danfinlay
ERC-7811 looks great, I've wanted something like this for a loong time. I'll try to get us adopting it fast. As for 7555 and the plugin standards: I'm not sure that "add a plugin that can do anything" is a really acceptable security model, and I suspect 7715 makes a more private + consensual way to enable other contracts/acounts from any account/chain.
0 reply
0 recast
0 reaction
Dan Finlay 🦊 pfp
Dan Finlay 🦊
@danfinlay
Neat! Was I some inspiration here?
1 reply
0 recast
0 reaction
Dan Finlay 🦊 pfp
Dan Finlay 🦊
@danfinlay
Or like, could I opt into "only let me log in with my eth account"?
2 replies
0 recast
1 reaction