Henri Stern Ꙫ pfp

Henri Stern Ꙫ

@henri

370 Following
6466 Followers
Kartik pfp
Kartik
@slokh
things you love to see
2 replies
3 recasts
37 reactions
Henri Stern Ꙫ pfp
Henri Stern Ꙫ
@henri
3/ Check out our guide and a sample repo below! Guide: https://docs.privy.io/guide/react/recipes/misc/session-keys Integration 👇 https://github.com/privy-io/session-keys-example
0 reply
0 recast
1 reaction
Henri Stern Ꙫ pfp
Henri Stern Ꙫ
@henri
2/ Using AA providers like @zerodev_app and @pimlicoHQ, you can let users delegate permissions on their accounts to schedule txs, trigger recurring txs, etc. 1️⃣ Provision a smart wallet 2️⃣ Set up a session key w permissions 3️⃣ Request user approval And the user can always revoke access as needed.
1 reply
0 recast
1 reaction
Henri Stern Ꙫ pfp
Henri Stern Ꙫ
@henri
1/ This Friday's feature ✨ Triggering transactions on behalf of users can be very useful! Here's a quick walkthrough on how to set up Privy as an AA signer with session keys so users can easily delegate signature power to a third party! https://docs.privy.io/guide/react/recipes/misc/session-keys
1 reply
2 recasts
10 reactions
Henri Stern Ꙫ pfp
Henri Stern Ꙫ
@henri
Love the framing of building this for real audiences and concrete use cases -- very excited for the summer!
1 reply
1 recast
12 reactions
phil pfp
phil
@phil
ban first, ask questions later
0 reply
1 recast
1 reaction
Henri Stern Ꙫ pfp
Henri Stern Ꙫ
@henri
🙇😍 Long way to go but a certain 4.0.0 release will definitely help! Excited to keep pushing
0 reply
0 recast
1 reaction
Henri Stern Ꙫ pfp
Henri Stern Ꙫ
@henri
milquetoast platitudes are my fav though :b Learning about your moderation philosophy at Farcon changed my life for the better
1 reply
0 recast
1 reaction
Henri Stern Ꙫ pfp
Henri Stern Ꙫ
@henri
Noob question but where can I read more on @faust's work -- big fan :D
1 reply
0 recast
2 reactions
Henri Stern Ꙫ pfp
Henri Stern Ꙫ
@henri
Man -- I need to spend more time in hw. I have a lot of thoughts on the custody models of TEEs and HSMs fwiw. On the "security once compromised can't be recovered" it really depends on the compromise (same as for TEE or other archs) -- generally i think of bad tx submitted vs key compromise as the 2 big threats.
1 reply
0 recast
0 reaction
Henri Stern Ꙫ pfp
Henri Stern Ꙫ
@henri
Wrote a bit on this some while back https://www.privy.io/blog/metrocards-and-bank-vaults
0 reply
0 recast
0 reaction
Henri Stern Ꙫ pfp
Henri Stern Ꙫ
@henri
Sorry for lag -- it's a fairly even split overall. We depend on the app to make the option available but recommend users transition from automatic to cloud (and add mfa) as their assets grow. Thinking through ways of making these mandatory recommendations. How would you feel if it were enforced?
1 reply
0 recast
0 reaction
Henri Stern Ꙫ pfp
Henri Stern Ꙫ
@henri
Hold that thought 💪
0 reply
0 recast
1 reaction
Henri Stern Ꙫ pfp
Henri Stern Ꙫ
@henri
There are really cool ways providers can ensure users can always access wallets, outage or not, payment or not (in our case this is why we have a lot operating client side)
1 reply
0 recast
1 reaction
Henri Stern Ꙫ pfp
Henri Stern Ꙫ
@henri
Oh interesting — i hadn’t thought about embedded systems, for us was about the relationship to the product experience, trying to make onchain actions a natural part of user interactions. We actually wrote a bit about it at the time (https://www.privy.io/blog/embedded-wallet-launch) but iirc term was from @gaby
1 reply
0 recast
1 reaction
Henri Stern Ꙫ pfp
Henri Stern Ꙫ
@henri
Correct. The entropy is generated and stored using a kms. Insofar as this is powered by privy infra it implies more trust in it than eg generating the entropy yourself. With that said it is built such that only the user can access entropy (architectural guarantee vs cryptographic guarantees of other modes)
2 replies
0 recast
3 reactions
Henri Stern Ꙫ pfp
Henri Stern Ꙫ
@henri
That said, long way to go. We’ll keep pushing!
0 reply
0 recast
0 reaction
Henri Stern Ꙫ pfp
Henri Stern Ꙫ
@henri
That said — we still need to push to improve the tradeoffs!
0 reply
0 recast
3 reactions
Henri Stern Ꙫ pfp
Henri Stern Ꙫ
@henri
This is why we wrote the piece today (to provide clarity) and continue to push on the tradeoff space (w cloud and passkey recovery). There are security tradeoffs across these methods (and it’s why we offer different and are pushing here) but in all cases architected so Privy cannot access.
1 reply
0 recast
1 reaction
Henri Stern Ꙫ pfp
Henri Stern Ꙫ
@henri
Only the user can access their wallets in this system — the entropy is tied to their login. The user can also set their own password or use their cloud if they prefer. In all cases Privy can’t access it. At your disposal to chat threat models!
2 replies
0 recast
3 reactions