Back at SteemFest3 in Kraków, one of the many great meetings we had was the one organized by @dtube crew, with presence of many dApps teams, @ddaily and several creators, where we had an amazing discussion about how to get to the next level for Steem ecosystem.
Image from @meno's post
In that meeting we were discussing one of the main topics of huge importance to dApps which is user onboarding. How to make onboarding of thousands of users sustainable for dApps and even for Steemit.com, as for now it is a bottle neck and a bad user experience. We know that from almost all users that got to join Steem or our dApps, let alone the ones we don't even get to know about, because they simply were not persistant enough to survive the process...
This is a very important issue. I know we might have scalability issues if we onboard too many users, blah blah... Are we sure there will be issues? Is there any scientific analysis for that? All my life I have been a software developer and an economist as academic background, and I think that it is counter productive to be trying to solve issues that we didn't face yet! It might be a struggle when hundreds of thousands of users join, or even millions, but right now we are already struggling to onboard a single user, and that is far more important than the masses for now IMO!
The first set of ideas shared in that meeting about onboarding were unanimous: It is far from ideal to have users waiting 1 - 2 weeks for an account approval and a great brainstorm was started on the subject, ranging from possible offchain solutions to different onboarding blockchain, passing by sidechains, etc. One thing that we all agreed was that it makes sense that we find a common solution that any dApp can use and contribute to, so that we get the most easy and transparent user experience amongst all dApps.
On SteemFest I got to know about some projects that are already trying to help in onboarding, like @ura-soul's "Passport to Steem" or @anomadsoul's "Steem Onboarding". These projects will certainly be of extreme importance to the ecosystem, but we still need to be able to create the accounts and also, possibly the most important, not lose our users due to the steep learning curve required just to be able to login.
Relating to account creation, @meno made a very detailed explanation about what we talked about in our meeting in his post, which is a great read and details quite well the main issues about account creation and user onboarding. He also adds some ideas like incubation accounts, which I also thought about during this period of travelling after the SteemFest. It makes a lot of sense and can be implemented onchain. Each dApp can have a pool of accounts sponsored by the dApp developer that will be used to immediately onboard a new user, up to the limit of available accounts, which might grow in time, and the new user would have some simple gamification to fulfill, for a finite period (say one month, for instance), in order to achieve several objectives and learn how to use their dApp. During that period those users are supposed to raise enough money to support their definitive account creation.
As for account usage, I think that projects like SteemConnect are very important, to present the user with a unified way of signing in to all dApps of our ecosystem, but I really think that they need to be implemented in a decentralized way, where the user controls their keys at all time and they never leave their computer, and more importantly, that no authority sharing is required to a third party account controlled by the dApp developer. This is a security problem, because we saw accounts being hacked before, and if the dApp gets hacked, the attacker can gain access to all users accounts by using a single authority, which in my view is very dangerous.
So, my vision of the perfect onboarding unites the idea I share with @meno about the incubation accounts and a new SteemConnect set of apps, from desktop to mobile, that will hold the user keys in an encrypted storage, only accessible by the user's password. Those keys will never leave that storage, only being unencrypted when the user accepts to do so and for a limited period of time after the user inserted his/her password.
After some investigation and a few thoughts exchanged with the @steemscript crew after their post, I verified that probably the best approach is the way they are thinking of implementing the v3 of SteemConnect, using deep linking and url schemes from Steem URI protocol. This method allows even to use the keys on your mobile keychain to sign a transaction on your web or desktop dApp.
Imagine this scenario: A user talks with any of us and gets to know about Steem and DSound. He gets back home and he goes to DSound to check out some music. He likes it and, since he is a musician as well, he decides to give it a try, so he goes to the sign-in page and he finds instructions to install a SteemConnect v3 application on his laptop or mobile. He installs it and click a button to proceed with sign-in. Next he is informed that an anonymous account was reserved for him and is asked to create an identity on SteemConnect and store the new account dsound-u273544@posting authority, to which he just confirms by clicking a button. And he is ready to go have some fun playing songs and liking content on DSound.
Next day he wants to check out that Steemit.com website that we chatted about and he presses login button and the SteemConnect app pops up a message for him to accept the login with his password to open SteemConnect and approve the login. On any of the Steem dApps the process is exactly the same.
A couple of weeks later he already got enough STEEM/SBD to finance his own username and when he visits back DSound, by only using his password to open SteemConnect, the website tells him that if he is ready to create his own username he now can, so he clicks it and he is asked for his new username, he is asked by SteemConnect to create a new identity for @johndoe and store @posting, @active, @memo and @owner authorities, to which he just presses accept and he is good to go with the new account. Internally the old account posting key is changed and it goes back to the incubation accounts pool for the next new user to onboard...
For this new user, which key or password, private or public, is not a problem, as he doesn't have to learn it until he feels the need. He is using the applications even without knowing that keys are involved. I really think that this is the only way for us to get mainstream adoption on our ecosystem.
Any project or team that also feels like this is the way to go, please let me know and I will be happy to help out to make this a reality.
Let's take Steem to the next level! :)
Cheers, PRC