Yesterday in Keybase someone shared an interesting Chrome extension that might be of interest to the community – a new Chia light wallet called Goby. Now, before I get any further please make sure you understand the dangerous nature of browser extensions. They run in a privileged sandbox and can frequently access critical data if maliciously coded. This one can read all your webpages when installed.
I spoke to the Goby developer, and I do not think that is the case here but make sure you are aware of the risks to installing this. For example, I won’t be installing this on any machines with my password manager running where I log into sensitive data, like the back end to this site. But I take the same precaution with all browser extensions and you should do your own threat modelling.
I fired up a VM and installed Chrome on it, then installed the Goby wallet from the Chrome Web store. Obviously a very frictionless process, and a very good user experience. I was prompted to create or import a wallet, which I did. I was then able to copy my XCH address and send some coins to it. I did that, then sent some back. Functionality works, even if it is a little rough around the edges. This is to be expected, this is a very new release and I’m pretty impressed with it so far.
I went into the Goby discord and spoke to the developer briefly. He says that the signing of spendbundles is done locally, which looked to be true from what I saw. I am not experienced in debugging or reverse engineering Chrome extensions so I have to trust a little here. The developer did say that they plan open sourcing parts of it very soon and the whole thing by February so everything will be easy to verify then. He told me that keys are stored securely on-device and that they forked the mechanism from Metamask to be sure.
All in all I am pretty impressed. Again, this is very early, but this kind of very low friction, extension based web wallet will be key for getting DeFi portals and NFT marketplaces off the ground. If you have used Metamask the interface will be familiar, so the user experience should translate to that ecosystem as well. I expect this release will light a fire under the Nucle and Arbor teams who have already released multiple good products but no browser extension yet.