 founder and CEO of MyCrypto. Previously I was with MyEtherWallet. We did a little brand fork. We are a distributed team of about 20 people. We're all over the globe. Front row right here, this is my team. So find us afterwards, ask us questions. And if you wanna work for us, we're always tiring. So definitely, definitely talk to us. So today I'm gonna talk about the unintended consequences of product design. And some of you may be sitting here going, what the heck does that even mean? And basically it means in the early days we screwed a lot of things up. We made a lot of design decisions that were just not necessarily the best decisions that we could ever make. And they had some unintended consequences that led to things like lost funds, confused users, and generally just bad things happening in the ecosystem. Now I wanna be clear. I'm not giving this talk to be negative or to call out certain products, especially my own. But I want to make sure that everyone in this ecosystem is able to learn and grow from other people's mistakes so that we don't repeat history over and over again. I want this entire ecosystem to be safe and easy to use and better. So let's start with the most basic interaction that you do on my crypto, which is creating a new account. We have to go back in time to 2015. And in 2015, Ethereum had just launched. There was no real way to interact with Ethereum blockchain and we created a really, really simple interface. And when I say it was simple, it was really, really simple. It had a single button, a single little field, and it just said, hey, generate a wallet. It wasn't called my crypto. It wasn't even called my ether wallet. It was just called ether wallet and it had a GitHub pages URL. And basically what we asked users to do was type in a simple password and press a button. And then it would spit out all of your information just like that. And by the way, I loved this interaction. From a UX standpoint, it was as frictionless as it could possibly be. One click and you had all the information that you needed. How could we make it simpler? The problem was is that even though we really, really wanted to make the process really, really easy and quick, it resulted in people simply not saving their private keys. So if we go back and look carefully, that field right there under success, your wallet has been generated, is your address. And that's the piece of information that people need in order to send funds into their account. And so what people ended up doing was instead of saving the private key, saving the key surfiles, saving the QR code, any of that stuff, they would just copy the address, send funds to it, and then some point down the road, they'd be like, oops, I don't have any way of accessing my wallet. And we saw a ton of loss from this. So how did we sort of solve this problem? What steps did we take to mitigate that loss? This is the new interface on my crypto. And basically what we do now is that we have you enter a password. We have a whole bunch of algorithms that make sure it's a strong password, which is also a huge positive. And then you click create new wallet. And then it forces you to actually download the key store file. So in order to continue on, you have to download this file. And even then, we still don't give you your address. We give you the ability to unlock your wallet via the file that you just created. And what this does is that it ensures that the user has not only created the wallet, has backed up the wallet, but that they can also successfully unlock the wallet now and then obviously again in the future. And this cut down on the amount of loss and incorrect backing up of keys that we were seeing so, so, so frequently. And it had a positive, really positive impact on our number of support tickets. So what can we learn from this? Sometimes friction is a good thing. You need to force people to save the necessary information. You need to force people down this path. And sometimes that path does have some extra steps and it does require some more clicks. But if the ultimate end goal is to get people into this ecosystem safely and successfully and for them to back up their keys, maybe you do have to literally force them to do that or at least guide them down this safe, secure road and not let them take this alternative path. So my next example is one that is really, really, really terrifying. I've seen it with a few daps already. It's happening more and more frequently. And it's this practice of saving private keys or other secret information to local storage. So this is EtherDelta, which was one of the sort of original DEXes. And in 2017, almost everyone was using this if they were using a decentralized exchange. And EtherDelta has a create account functionality and just like we used to, it just sort of spits out your private key at you. It doesn't ask you to back it up or force you to back it up or any of the above. It just gives it to you. But it's kind of okay because they just save it to local storage. And for those of you that don't know, local storage is kind of like a cookie. It's a way of saving stuff to the browser. So if you leave the website or close your browser and then return to the website, it can read this data again. And so it can basically re-access your account or re-authenticate your account without you re-entering your private key. So looking closer, there's the private key that they spit out at you and there it is saved in local storage right there. And this is incredibly dangerous. Local storage is not a secure place to store keys ever. Don't ever put secrets there, don't put anything there. But it's especially dangerous when we're talking about cryptocurrency websites because they are such a huge target for attackers and hackers. And I know I said earlier that I wasn't gonna sort of call out specific products or shame people, but I'm kind of just gonna be frank with this. I'm shaming Ether Delta. Because in December of 2017, they got hacked. Their DNS was attacked, okay? They rerouted the DNS from the real valid Ether Delta site to a fake one. It looked identical to Ether Delta. People didn't know the difference. People were going and unlocking their accounts. People were sending money to a fake contract, all these things. But the worst thing was that anyone that read the news that day and got scared and said, oh shoot, I've used Ether Delta before and simply visited Ether Delta, then had their private keys and their funds stolen. And the reason for that was because the private keys were saved to local storage. The user had to take no action beyond simply visiting that website, okay? This is an immensely harmful thing to the ecosystem, to users, and to everyone's safety and security. Again, cryptocurrency websites are a huge target and we have to be secure and we have to be safe. And that's your own personal security, your company's security, your website's security, and most of all, your user's security. So we know the intentions of Ether Delta and other similar dapps, right? They're trying to make this process easier. They're trying to make it so that people don't necessarily have to back up their private keys. They're trying to make it so that if a user leaves the website and then comes back, they don't have to go through this other process. It's all about reducing friction and that's what we wanna do when we talk about user experience. But unintentionally, they painted a huge target on their back, like let's be real for a second, saving private keys to local storage. You're an immensely popular website. People see that you have users. People can see the amount of money flowing through your website. You've literally just painted a huge target on your back. You've waved at the hackers and the attackers and said, hey, I'm right here, come and get me. And then when they did come and the attackers did successfully find an entry point, it resulted in way, way, way more loss. And for me, this is simply unacceptable. So if you're a adapt developer and you're trying to make the experience more frictionless, I applaud you. But don't save secrets to local storage, okay? It's not philosophical. It's not complicated. It's just that, it's just that. Just don't do it. Don't do it unencrypted. Don't do encrypted. Don't save secrets to local storage. All right, so moving on. Some of you might be sort of arguing with me a little bit and being like, but local search is good. I can save stuff there, right? Yes, sometimes. Don't save secrets there. But local search can be really, really helpful because you can save things like user preferences or settings. You can remember what language a person uses or what currency they like or whether they like the dark mode or the light mode. And you can also do things that try to simplify the user experience. One example of this is the original, the OG ENS DAP experience. So if we travel back to last year, when you wanted to bid on an ENS name, you basically had to go, you had to bid on the ENS name, and then you had to wait a couple of days and other people would bid on the name and then you would reveal that name. And because it's all decentralized and it's all on the blockchain, you had to save three pieces of information. You had to save the bid amount. You had to save the mask bid amount. And then you had to save the secret string, which is just like a jumbled string of characters that acts as a salt for all the other information so that it's not public on the blockchain. So this DAP, sorry, this DAP really wanted to make the experience as good as possible. So instead of telling the user, hey, you guys have to back up all this information and please don't use it and make sure you save it and all of this, they decided, hey, let's just save that information at local storage. And they had the best of intentions with this. They wanted to make the experience more frictionless. They wanted to make it easier. They didn't want to have to explain to the user what this bid was and this mask bid was and the secret is and why they have to save it and all that stuff. The problem was is that, especially in the cryptocurrency space, we use incognito mode. We use different browsers. We use different devices. We use Tor. We use all these things that protect our privacy. And one of the things that these things do is, is it prevents things in local storage or cookies from persisting, right? So if you're in incognito mode, you close that browser, it's gone. So shortly after the first sort of bids were replaced and then we're ready to be revealed, the support tickets and on social media and everywhere were through the roof and people were like, I can't figure out where my bids went. I can't figure out what the secret is. I don't know what this is, et cetera, et cetera. And unfortunately, there was no way to even recover this information because it had been saved in local storage, the user never saw it, they never backed it up and you basically just had to say, sorry, your ETH is locked up in that auction. Luckily, the developers of this app were really, really on it and so the second they realized this, they changed the interface that basically, once you place a bid, it forces you to sort of download this bid and it educates you and it says, hey, so you need all this secret information, we know it's complex, but save a backup just in case anything ever happens to your browser, you can get it back. So, we know the intentions of this app and I'm sure many dapps that are currently out there and to come, we want to abstract things away, we want to hide these complicated and complex interactions from the user and we wanna have the user perform less actions because at the end of the day, the user does just wanna bid on a name or reveal a name, they don't want to understand the inner workings, they don't wanna know how the sausage is made. Unfortunately, in this case, it resulted in confused users who couldn't reveal the auctions and there was simply no way to recover the information and that's a real shame. I don't wanna toot my own horn too much, but this was sort of how we handled this same interaction. So, I had learned my lesson from the whole private key spitting out the address, not having people back up, I'd already learned that. So, when the ENS came along and I was making design choices with this, we basically told the user to screenshot it, we told them to back it up, we gave them an easy way to copy and paste the string and we told them this every single step of the way. We told them this as they were placing the bid, we told them this before they sent the transaction on the confirmation modal and then we even told them after they sent, we're like, hey, by the way, if you were too lazy to back it up before, please really seriously do it now and you see the little red bar there, like this is the middle step? The next step, it was really starting to yell at the user because if the user hadn't backed up by that point, we really needed to do something to grab their attention. So, what can we take away from this example? We know that we don't wanna save secrets to local storage. It's sometimes acceptable to save non-secrets to local storage, but make sure that you don't rely on that information because user environments can and do change. So, I like to play this game where it's called best case, worst case and when you're looking at the design or you're looking at your product, you wanna say what's the best possible outcome? And so, in this case, the best possible outcome is the user can place the bid, reveal the bid, get their name, everything's hunky dory, they don't have to take any other actions, they don't have to understand how it works, flawless. The worst case is that their auction cannot be revealed and their ETH is locked up, which essentially makes the ETH lost. And for me, that's not an acceptable amount of loss, that's not an acceptable experience. So, then you have to ask yourself, what steps can we take to mitigate that loss? How can we change this design, change this interaction, change this experience to make it better? And if you think about the same sort of game, the best case, worst case, with things like user settings, right? So, a user says, hey, I really like to use your app in dark mode and they change it. Best case, when they return to your site again, it's in their cool theme, they're happy, they don't have to take an action. And the worst case is, okay, they have to click the drop down and select their little dark mode again. And that's like a sort of perfect thing for a local storage, because it's not the end of the world if you lose that information. It has no value to hackers, you know, all those good things. All right, and then, so I want to, we've been pretty heavy on the crypto sites. And I wanna remind people that these sort of product design UX choices that we make are not limited to cryptocurrency. This is everyone everywhere, and even the big boys make these mistakes and make choices that do have unintended consequences. So, we're gonna take a look at Google's recovery emails and phone numbers and how they've set it up and what this sort of results in. So, when you first set up a new Google account, and this is like Google, I mean like everything Google, Gmail, YouTube, I don't think Google Plus is a thing anymore, but you know, it used to be. They ask you to enter some information. So, you gotta do your name, you gotta do your username or your email address, and then you gotta do a password. That's all pretty standard. The next step is that they ask you to verify your phone number, and you can't skip this step, you have to give them your phone number. And it has to be a valid phone number because they're gonna text you a little code and you're gonna have to enter the code on the next stage. And then once I verified my phone number, it asked me for another email address, like an old email address, and then some other personal information that you could enter, you could go and fake info, I give them fake info, you know. And then, once you've sort of successfully set up the account, you've given them your phone number, which has to be your real phone number, and a recovery email. And if you go deep into your Google settings, you're gonna see, it's like halfway down the page, nested under security, this place that says, recovery email and recovery phone. And then that's, this is the danger zone, right? You may think that having a recovery email and a recovery phone number is a good thing because it allows you to recover your account. If I forget my password, and I click little forgot password, it's right there. It's like, hey, we'll help you out. We'll get you a verification code. You wanna use your email address? No, you wanna use your phone number? Okay, cool. The problem with this is that attackers and hackers can also recover your accounts. And what ends up happening is that your, let's see. So right now you have an email called Dan Loves Crypto so much at gmail.com. And this is probably super secure, right? Like you've got 2FA on that shit, like it's the best. The problem is that it uses your email from a couple years ago, your Libertarian Dreamer email. And that one is also recovered from that email you use when you're applying to colleges. You're very professional, first name, last name. Which is also can be recovered with your old gamer tag from high school that you don't admit that you still have. And so even though you've secured your Dan Loves Crypto so much email and you have 2FA on it, really your queenbies in your Gemini and every exchange account that you have linked to your current email is only as safe as you're literally your old gamer tag from like 2006. And this is where the problem happens is that hackers will either get into one of your old email addresses and then work up the chain or they'll just port your phone number. And if you're in crypto, you may think that you're a small time and you're like, oh, I'm just attending DevCon, I'm just a person who watches the live stream. Every single one of you that's in this room, if you are knowledgeable enough to be here or be watching the live stream, you are a target. There are thousands of attackers that do nothing but try to social engineer the phone companies every single day. They try to port your phone number, they try to do a sim swap and they try to get into all of your exchange accounts, all your old Gmail accounts, they try to see what information they can get, they try to get your PayPal and they will take your money. And the best sort of money that they can take is your cryptocurrency because it's anonymous and you can go swap it in a Monero and now nobody can track it and then they can go do whatever they want with it. They can go buy new domains with it, they can cash it out into their bank account and nobody knows, right? So these are the things that are happening. And while it's a good thing that user accounts can be recovered and this is especially important when if you're an adapt developer and you're working in this ecosystem, you wanna figure out how to recover things, be very, very aware that these accounts can also be recovered by hackers. And so what choices can we make to mitigate that? Because it's not necessarily realistic that every single Gmail user uses like a Yubiqui, right? Like I'm not quite sure that we wanna tell everyone in this world that they have to have this hardware device. However, Google has a lot of information on us. Like they literally, they read all your emails, they read all your web browsing history, they know everything you do on your phone. They know if you're like a high target person, they know if you're in cryptocurrency, they know if you're a celebrity, they know if you're a politician. One thing Google could use or do with all of that data is they could figure out, hey, we got these average users and we've got these high target users and they could force those high target users to not use insecure backup, right? They could say, hey, your target for hackers, let's make sure that you get that hardware wallet or you use Google Authenticator, you use some other mechanism for 2FA. And that's something to keep in mind if you're building in this ecosystem is that every single one of your users, especially right now, are high target, right? They are at risk for being attacked or hacked. And you need to prioritize the security and the safety of your users, not just your usability. And then just PSA, you guys all have Google accounts, please go secure them and don't get hacked. Okay, so we're almost done. I talked earlier about one of the biggest mistakes that I ever made, which was this sort of account mechanism where we would just spit out your address and people wouldn't back it up and it was a mess and it was painful for me to watch that loss and everything, but this is one of my biggest mistakes ever and it had a huge effect on not just me and my company and my users, but everyone in the ecosystem because people started following suit. We allowed from the get go people to enter their private keys or their keys or files or their mnemonic phrases or their seed phrases on our website, we actually encouraged it. That was the flow, you created a new wallet, it could be your private key, you unlocked your wallet with your private key, you sent your money around, that was it. The problem with that is, so let's go back in time. When I first got into crypto, everyone said, don't ever put your private key on a website and I was naive and I assumed that meant because the creators of the website would steal my funds at some point. When I created my own website, I was like, hey, I'm not gonna steal people's money, therefore it's okay if we have people put their private keys on our website and that was just wrong, right? Because the attack factors are not just a website owner stealing funds, the attack factors are the user isn't on the correct site, they're on a phishing site, they're on a scam site, they get in the habit of entering private keys on websites all over the web, our DNS could be hacked, BGP could be hacked, the internet could be hacked, I could be hacked, you could be hacked, there's all these different things. And we did a lot to try to educate people. We basically added so much friction to the experience and we really yelled at people and we told them, don't use this method, don't put your private key on our website, check these boxes, acknowledge that you're being unsafe, this isn't recommended. We created this atrocious 10 fricking page modal that you had to click through and it forced you to click through and the buttons hopped around and we were just adding friction left and right. And the reality was is like, you can yell and shout and stomp your feet all you want but the user is always going to take the easiest path. And if we allow people, no matter how much friction we add to use their private keys on a website, they will use their private keys on a website and it will eventually at some point result in loss. So we removed private keys from websites. If you go to our current site right now and you try to unlock, so if you go to the website right now and you try to do this, we explain to you, yo, this is not secure, we're not letting you do this anymore. Download our desktop app, right? We push people down this alternate path. And we don't have analytics but if we did have analytics, this would be painful because I would be watching people drop off right here, like it just insanely large, right? The numbers would be like 100 people arrive and like only 25% continue on. And that's painful from a UX perspective. That's painful from a product design perspective. You want to get those numbers up but the reality is, is that if we allowed people to continue doing this unsafe thing, people are going to lose money, period. And so even if I'm losing some users because they're unwilling to click the button that downloads the desktop app, I'm okay with it because at least I'm losing users. I'm not having those users lose money. I always want to lower the barriers to entry. I want to make this as simple and frictionless as possible but unintentionally, by allowing our site and even recommending private key usage on our website, I inadvertently created like heaps of phishing websites, heaps of scam websites, registrars getting hacked, BGP, which is like the most depths of the internet is like how the internet works. Like hackers are attacking that to get at my ether wallet now. All these things because we put private keys on the website, we put mnemonics on the website, we put key cert files on the website, we put C's on the website and all these other websites do it as well. So it's not just our site, it's all the sites, it's all these scam sites, it's all the phishing websites and people will just sort of copy and paste willy nilly wherever it is. And so this is again, not philosophical, not complicated. If you're building a DAP, if you're building a user experience, if you're building a product in the space, I urge you, do not allow people to put private keys or mnemonics or key cert files or other seeds on your website. Create an app, do a Chrome extension, use MetaMask, use Trustwall, like some other mechanism, the hardware wallets, they're great, like any of those. But the reality is that if it's on a website, you have to trust that the website is the same, the code is the same as it was yesterday as it is today, you have to trust that the registrar wasn't hacked, you have to trust that the internet wasn't hacked, you have to trust that the user's on the right website, you have to trust that nobody's scamming you. There's all these different things and the easiest thing to do is just eliminate and focus on actually building your product rather than everything that we did for so long, which was like, oops, design pretty onboarding models to try to force you to be safe, like just, let's just be safe by default, right? All right, so I've got three minutes left, we're gonna move fast, I'm sorry. What have we learned? What are the glorious huge takeaways from everything that we've talked about today? First, do not underestimate the people using your product, okay, your users are talented, they are smart, they are intelligent, you can educate them, you can teach them, they can get into crypto because of you and your product. But they are also really, really, really good at screwing things up. Don't underestimate them on either end of the spectrum and be prepared for everything. Next, people will always, always take the easiest path. If you allow them to not back up their private keys or to just skip some other piece that they need of this puzzle called cryptocurrency, they'll take it and they'll skip right over it and it will eventually have a negative effect on your product and your reputation and their experience and all of that. Education, it helps a lot. I've been like really like constantly applauded for my work in sort of the education sphere and I'm telling you, like it does, it helps a lot. If you really nail copy on education, if you really nail like little helpful tooltips and stuff, it does immense things for your user base. But it really only goes so far. Like we saw, people always take the easiest path. And so, you know, the education, if you find that your educational sort of materials start being angry and start yelling at the user, it's time to take a step back and say, hey, how can we just build something that is secure and is safe by default? Because it's obviously telling the user or yelling at the user or making onboarding models isn't working anymore. And learn from others' mistakes. So work together, talk to each other, listen to this talk, read articles about bad things that happen in this ecosystem, study them and do your best to not repeat history. Which goes hand in hand with be really, really mindful of the attack factors that are out there. Again, this space, this whole blockchain and cryptocurrency world is really different. It's like everyone's used to undo buttons, everyone's used to being able to be a little bit lax. The reality is that the ROI that attackers get for stealing a private key is so high that they will do almost anything to get into your website or your app or your backend infrastructure or your hot wallets or whatever it is. And always consider the sort of the best case, worst case, that game that we played earlier where we say, what's the worst possible thing that a user could do or the worst possible thing that could happen? And what's the best possible thing that can happen? And how do we sort of find the right balance? And I just wanna remind everyone that building the decentralized future is really, really hard. And this is why it's so important that we all work together and we all learn from each other and we all build each other up. And that we all individually strive to be better and we push those around us to be better. We want to make sure that whether you're a developer in this space, whether you've been in this space for a year or two years or five years or two months, it doesn't matter. Everyone has their role to play. And if you're seeing another developer in this space that's sort of maybe making a lazy choice or not thinking about something, even if you're just a normal person who's reading Twitter, you have the ability to ask questions and to point things out and to question people's choices. And I still, to this day, read so many of our support tickets and so many of our Twitter DMs and our Facebook messages and all of the above. And I always, always, always cherish the ones where people are questioning my choices and are pushing me to be better because sometimes honestly I just didn't think about something and being aware of that is half the battle because then I can fix it. And then lastly, building together makes building this decentralized feature a whole lot easier, okay? We can't, this space is too small to have real competition yet, okay? We have to all work together, build this whole ecosystem up. And we need to think about it as us, us being everyone in this room, everyone watching the live stream, everyone on crypto, Twitter versus the world. And the world is the world out there that doesn't even know what cryptocurrency is and has no chance of using it. We cannot be fighting with each other. We cannot be instigating Twitter drama. We cannot be dealing with these little tiny pieces of bullshit. We need to be looking at the big picture and the world out there and conquering it. So I've met with a lot of people at DovCon and I've been noticing this little trend of people that are like one foot in this ecosystem. They're like, I kind of want to go full time but I'm not quite full time and I don't really know what to do. Every person has the ability to make this ecosystem better, okay? It doesn't matter if you don't know how to code because we need the people that can write copy, that can design, that can make the experience better. We need the people that are the mothers and the daughters and the grandmothers and we need the fathers and their sons and we need people from all over the world that have all different backgrounds that come from different experiences that come from different upbringings that have gone to different colleges because in order for us to build a global ecosystem that anyone in this entire world can use, the people building the ecosystem need to reflect that world. It cannot just be one demographic of people. It can't just be the technical people. It has to be everyone. So if you have one foot in, I need you to step all the way in. I need you to think about your unique skills, your unique experiences and I need you to figure out what you can do to make the ecosystem better and then I need you to email me at jobsofmycrypto.com because we are literally always hiring and thank you so much. I'm Taylor Monahan from My Crypto. I love you all.