Metamask for Stellar

michelem

Hello,
I was wondering why there isn't a Metamask like extension for Stellar.

I tried Metapay https://github.com/zthomas/metapay-chrome but there isn't source code and author seems to be disappeared (scam?).

Me and my company workers would like to fill this lack and start developing something like Metamask for Stellar, what do you think?

Torkus

Mooney

https://galactictalk.org/d/1388-mooney-web-extension-for-stellar-payments

michelem

Hey that's great! Can we talk about it? I'm the CTO of a startup aiming to use Stellar heavily, I'm on stellar-public on Slack as "michele", please feel free to PM me.

Unsinkamoto

I also just learned about this
https://pay.meta.re/

MisterTicot

I'm developing another way of doing it called Cosmic Links. It's a stellar transaction embedded in a query and it can redirect to any compatible wallet:

https://cosmic.link/?payment&amount=10&destination=tips*cosmic.link

Works with any arbitrary transaction:

https://cosmic.link/?transaction&operation=manageData&name=migrated&value=true&operation=setOptions&homeDomain=anywallet.org

And with XDR:

https://cosmic.link/?xdr=AAAA...AA==&network=public

This allows any web application or software (via custom URI scheme) to handle those transactions, so any existing wallet can be made compatible.

Metamask was a big security improvement because it allows to share a transaction request directly from external service to wallet, while securing private keys.

However, this solutions is software-dependent. Meaning, it's not a way to share transaction request between arbitrary services all over the place.

Implementing a wallet (a pretty much anything) as a browser extension also comes with big security concerns. A browser extension can do pretty much anything with any page you browse. Now, browsers have a few ways to mitigate this power by checking extensions, but we regularly hear about malware getting inside. And it really goes against good security practices that consist in giving only the required permissions to an application and nothing more.

On the other hand, encoding transactions as queries can be universally supported by normal software and web applications without need to give them any dangerous superpower. As the pool of compatible wallet grows, you automatically get connected to them. It also comes with support for alternative protocols: for instance, Mooney doesn't support Cosmic Links but Mooney users can sign cosmic links anyway because they get translated to the protocol Mooney uses.