Web3 Galaxy Brain 🌌🧠

Nicholas: Welcome to Web3 Galaxy Brain. My name is Nicholas. Each week I sit down with some of the brightest people building Web3 to talk about what they're working on right now. My guest today is Christian Montoya, Senior Project Manager of Metamask Snaps. Metamask Snaps is a major upgrade to Metamask slated for September 2023. Snaps transforms Metamask into a programmable platform, roughly akin to an app store. Snaps is an execution environment where third-party developers can, if granted permission by the user, run sandboxed, secure ECMAScript as a user prepares to make a transaction or periodically in the background. Snaps will debut in the browser extension, but Christian hints in this conversation that Snaps will eventually find their way to the mobile app too. On this episode, Christian and I discuss what it's like building inside of Metamask and consensus. Christian fields my various gripes about the Metamask UI with grace, and then we dive into Snaps, the tech stack, its security, and the user experience affordances it provides third-party devs. We cover a lot of nitty-gritty technical details that shed light on the Metamask Snaps thesis and provide hints at how listeners might start thinking about designing their own Snaps, which are set to launch imminently. It was great getting to know Christian better and learning about the Snaps project from one of the key people involved. I hope you enjoy the show. As always, this show is provided for entertainment and education purposes only and does not constitute financial advice or any form of endorsement or suggestion. Crypto is risky and you alone are responsible for doing your research and making your own decisions. Hey Christian, how's it going?

Christian Montoya: Good, how are you?

Nicholas: Good, welcome. Thank you for joining us. Thank you for joining me today to talk about Snaps.

Christian Montoya: Yes, thank you for having me.

Nicholas: How are you doing today?

Christian Montoya: Been a lot going on this week. I'm kind of just glad to be at the end of a big week relaxing. Yeah, I feel like we have a lot to talk about. Yeah, definitely.

Nicholas: Are there any like topical things that are on your mind in particular that you experienced?

Christian Montoya: Yeah, something that was really exciting was a couple days ago, this announcement from Google that on Android, they're going to start, you know, being more lenient and allowing applications to do things with crypto and NFTs and stuff like that, that they were pretty stringent about before. So that's a big deal. Like that's them taking a very different position from Apple. So that's exciting.

Nicholas: Because Apple also made some changes maybe a year ago, like being more permissive of NFT related stuff, but still asserting the 30% tax. Is Google changing on that in particular?

Christian Montoya: Yeah, so what Apple's been doing is like, they're still very like, they seem to be against you being able to do the transactions within a mobile app. And Google is saying that they're going to allow certain transactions. that, you know, Apple has been, you know, seems like they've been against up until now. So that's a big difference. You know, I mean, yeah, you can have NFTs in an app, but if you can't, you know, transact, then you know, Apple is basically saying, you can't, you know, you can't buy or sell or anything. And, you know, Google is now seems to be taking this position that it's like, it's not really a digital good in the way that like other, you know, in-app purchases are. So that's exciting.

Nicholas: It's interesting because they feel more like physical goods because they're decentralized, you know, they live in a decentralized blockchain. But yeah, so far they are treated as digital goods and they feel like digital goods to most people who, especially people who haven't played with like NFTs or tokens of any kind. They feel more like digital things, but they're really much more physical in a way.

Christian Montoya: Yeah, they're permanent in a way that like your typical digital goods in an app or not, you know, typical digital goods are like consumable. It's a row in a database, you know, the app is gone, the item is gone. But this is like an entry on a blockchain. It's a big difference.

Nicholas: Yeah, definitely. Was there anything else this week that caught your eye? I know there's been a lot of things going on, actually.

Christian Montoya: Obviously the case with Ripple, you know, it's a big announcement we weren't expecting to see. So it's exciting.

Nicholas: So Ripple was cleared, XRP is not a security. The way that they sold it.

Christian Montoya: On certain merits. Yeah, it depends. It depends how it's sold, which is I think, you know, what a lot of people have been speculating for a long time. that, you know, the underlying asset is a commodity. And you know, it's a security depending on how it's sold and how it's messaged, you know, but the idea that like, you know, it's an asset on a blockchain, you know, which is like just code would be a security in and of itself. It's like, well, that doesn't guarantee anything. It's how the company treats it. So it's kind of like in line with what a lot of people have been saying, like on the crypto side, you know, I've been saying for a while, this is what the regulation should be. It's like, you know, just selling a commodity is not a security, you know, but if you take that commodity and you say, oh, this is going to guarantee you something, you know, then that's a different story. So I'm not like a lawyer.

Nicholas: One thing I'm very curious to find out is if it will be possible, because one thing that blockchains really make easy is doing things like splits, where the comparative legal expense of doing something like a split between just two people if they're in two different countries is pretty high, actually. Whereas with crypto, it's very low. So it would be nice if things where you can do like revenue sharing were considered legitimate by the institutions because you get them for free and they can be really trustworthy in a way that you might have to worry more if it was like an international agreement with some lawyer in some other country you never met. Maybe it's not so safe.

Christian Montoya: Yeah, yeah. And I think that like, this isn't the end of how these things will be litigated. I fully expect that there's going to be many more instances of things that will possibly go to court to like, you know, drill down to the nitty gritty of specific use cases. And there's other like legal implications. It's not just securities law, but lots of other things like you said, you know, like, you know, when you talk about splits and cross-border transfers, that's a big deal. So you know, we're not out of the woods, but it's positive, you know.

Nicholas: Also like I think of like revenue sharing, like even not the whole of its tokenomic design, but like looks, style, like just revenue sharing off a fee to people who are supportive, who create the funds to fund the creation of some public good at the beginning. It seems like you can automate certain kinds of fundraising for making things happen, hopefully in software. It would be cool to have new open source models that are really, you know, deemed legitimate. So I want to, was there a decisive moment when your Twitter became a big thing for you?

Christian Montoya: My Twitter, like my account? Yeah. It was actually 2017 when I started talking about crypto, right? So I actually joined Twitter a long time ago, and this isn't even my first Twitter account. So when I started using this account in 2012, I was posting about music that I was working on at the time. And then like late 2016, I like started learning about Ethereum. I'd switched my whole persona, actually went like anonymous for a good, you know, a few years. Right. And I was like, Oh, these other people on Twitter are talking about crypto and I'm getting into it. I want to like connect with them. So I actually went through a few different, you know, rebrands. But it was in 2017, where I really started to connect with all these interesting people who were getting into crypto. And in some cases, they were like, you know, celebrities and like people who were starting these companies and all kinds of stuff. And that's when I really started to get connected with a lot of people. You know, so I'm like, technically like class of 2017. There's a bunch of people that I know from back then who are still kicking. There's also plenty of people that I talked to back then that, you know, didn't make it. You know, they're not online anymore. I haven't seen them in years. But yeah, that was when I really got focused on like, talking about crypto and you know, having a, you know, somewhat of a following of people who are like interested in what I'm working on.

Nicholas: And was it a particular kind of content that people clicked with or just that last persona was the one that worked the best?

Christian Montoya: You know, the thing that people have always had always clicked with was talking about like altcoins and some of the like nonsense that was going on with like ICOs and various like shenanigans in the crypto sphere. I mean, one of my most famous tweets is when there was a problem with IOTA and they had to like pause the blockchain. They like, you know, disabled their validators. Nobody could transact but it was just like so funny. You know, like this idea that like a blockchain could be paused because of some issue. Like you know, I was just making fun of it and like that was one of my biggest tweets that I ever had. So it was just kind of like poking fun and like making light and making jokes about stuff that was going on. I don't do that as much anymore because I try to be like a little bit more serious now. But it's just like, sometimes it's just like stuff is so ridiculous that all you can do is laugh at it. And so that's what I've been doing for years at this point.

Nicholas: Do you feel you have a good spidey sense now for what kind of tweet is going to hit or not? Or is it still like surprising sometimes what takes off?

Christian Montoya: No, it's interesting. I feel like stuff that, you know, was a total banger, like, you know, four years ago, it's like I don't have the touch anymore. And sometimes I'll post something and I'll be like, man, this would have killed it, you know, back in like 2020, you know, or 2019. Like, people would have been all over this. I don't know what's wrong with this new crowd. It's like, the meta is always changing. The vibe of what like people go for is always changing. And like, there's like new accounts now that are like, you know, really killing it. They're clever that I'm like, man, I'm like an old, I'm an old hand at this point. Like I don't have it anymore. New kids are running the show.

Nicholas: You know, but I've seen the opposite thing too, where like you say something and then like two years later, someone says something very similar and it pops off. And it's like, hmm, the same tweet might not work, you know, five minutes later. It feels to me sometimes it feels like there's some... Yeah, the like push of having like, we have such a lossy insights into what the algorithm is actually doing, that it's so hard to know. Like, I mean, maybe you can be like, I would actually I guess they released the algorithm, but maybe you can be on fire or something, you know, maybe you can be like, just more heavily promoted to an audience or gelling with your audience better in some phase. And it'll lead tweets to take off. I feel I don't know, I have like some kind of folk mythology, understanding of how like tweets take off, that it has to do with sort of like likes per second, very early on or always but especially early on it matters for launching a tweet and just the chance of the first few people that exposes it to being ones who interact.

Christian Montoya: I think that too.

Nicholas: Yeah.

Christian Montoya: Yeah, that's. I've speculated that too. I think that that's. I've seen similar behavior on some other platforms. I've also noticed that like, there's certain accounts that if they retweet something that gets a lot of visibility and it's like, there's certain pockets of users that are more likely to interact with what they see. Like. I have some followers that like, I'll tweet something. as far as I know, they don't interact with it. And a few days later, they'll say something to me that it's like, Oh, you're totally referencing that tweet. And it's like, I see that you don't actually click the like button or anything. And then there's other followers that like, if they retweet it, you know, that it goes to this pocket of users that are totally happy to like boost things, right? They're happy to retweet stuff. And it's just like, yeah, I think, you know, my followers are a little bit stingy these days and I just need to find the followers that aren't, you know, that's just part of the challenge.

Nicholas: They're, they're too cool. They made too much money and too many followers in the last bull run and they don't like shit anymore. And you know, it's because we we have there. maybe the reason the shitcoin audience is the one that propelled you to, you know, to another level of development of your account was because they're less stingy with their likes and their retweets.

Christian Montoya: Yeah, yeah.

Nicholas: It makes more sense to appeal to a kind of Logan Paul audience or something.

Christian Montoya: Yeah, yeah.

Nicholas: There's also like, It's not, because people blame it on like. people don't want to hear technical stuff or don't want to hear serious stuff. They want, you know, crappy stuff. But maybe it's actually also just like the tenor of those communities is so different.

Christian Montoya: Yeah, there's, There's definitely an element of like what people expect from your account. And I think like, I mean, there was a time when it was like, I mean, I called myself Shill House on Twitter. Like I, that was what I did. I shilled stuff like I would, you know, post trade ideas. I would like talk about certain coins or whatever. And that was like, I was consistent about that. Like I would, I would make jokes about stuff, but I would also like post my pathetic attempt at alpha. Right. And so like back when people expected that it was like people wanted to engage with my content because they were wanting to see what I was going to be talking about. And I don't do that anymore. Right. So now I don't like I don't meet those expectations. Like I talk about my work. I talk about like whatever random technical stuff. But I can't seem to commit to like be super on brand with any sort of message. So sometimes I'll just talk about random stuff. And it's like, yeah, okay. So when, you know, when people have different expectations, they're like, yeah, you know, that might be a nice tweet, but I'm not going to recommend your account to my followers because like, whatever, you're just like an account that posts dumb stuff. sometimes, you know, it's like there's a different mindset.

Nicholas: Yeah. Too much of a personal account. To me, it's always comes in the form of the hesitation that one of my like, followers who I admire, but never interact with, will unfollow me for posting some, you know, drivel stuff. And it just makes me hesitate sometimes. And it's why I'm constantly saying they need to do like, I mean, basically Google plus circles and just like or Twitter circles, but like more lean into it. Apparently they're killing it. I heard. But like, just let me talk to subsets of the audience so that I can have more niche takes that will appeal to and I don't need to pollute the timeline of someone who is definitely not going to like that stuff. Or, I mean, really just be a better algorithm. if they could just do a much better algorithm that would solve it.

Christian Montoya: Yeah. It's funny because like, Twitter has these communities and it's like a specific, you know, like specific circle of people who are going to see what's in that community. But like the engagement isn't that great. Right. And it's just kind of like, it's like in a different tab. Like I don't know, you know, I started I was doing it at first and then after a while it was like, you know, sometimes I want to talk about something that's specific to a certain topic, but I don't want it to just be limited to whoever's already subscribed to that. So to me it was like, true, true. I don't want to do that anymore. Like even though like I'm not necessarily getting a ton of engagement otherwise, but it was just like, it's not like I have like an inside joke, you know, that I'm like, hey guys, you know, this isn't for the rest of them. Let me tell you something, you know. But it's also weird because now like Twitter has subscriber only content and that whole concept and now there's just like too many different ways that like the content gets splintered and it's like, it's back to like, I'm just going to post on my profile because I don't know who's going to see it or who should.

Nicholas: Yeah, yeah. I just, it does just feel like the, I mean, people always complain about their reach, but I think Twitter's ranking your reach is to protect you from being unfollowed by people who would hate your tweets.

Christian Montoya: Yeah.

Nicholas: That's how I interpret it most of the time. Like this tweet is not a banger. It's better we don't show it to your high follower count followers.

Christian Montoya: Yeah, yeah.

Nicholas: We're doing you a favor.

Christian Montoya: Yeah, I get that.

Nicholas: But did your tone change when you started at Metamask? How long have you been there?

Christian Montoya: Yeah, so I've been at Metamask for a year and four months. I joined in February of last year. You know, and one thing is like, okay, you know, I, people look at you differently, right? It's like, okay, you're, you're part of Metamask now. And a big How's your spam? What was that?

Nicholas: How's your spam?

Christian Montoya: Oh, it's awful. Yeah.

Nicholas: You know, I can't believe you can use Twitter anymore.

Christian Montoya: I mean, there it comes and goes. There are days where it's like, I'm being targeted by bots. And then there's days where I see nothing, right? There's no like nothing happening, right? Like yesterday, I was getting hit with a bunch of like, parallel, you know, fake parallel airdrop, you know, tags and stuff. Right. And it's like, and what I get is, you know, other big accounts that aren't affiliated with anyone are getting the same thing. If you're in crypto, you're probably seeing these things. But the weird thing with being, you know, a Metamask employee, is that there are bots that try to pretend to be Metamask employees or consensus employees, and they will scrape your content. Right. And so they will like, repost your tweets as if it's them. And it'll be totally random. Like, I think they run some kinds of algorithms that just crawl a bunch of different employees and just pick stuff at random to repost. And so sometimes it's really odd, like what they'll choose to repost. And sometimes you'll get tagged in it randomly. But the other thing is like, I have a backup account that's like, also in my real name. And sometimes they'll hit that account because they're just looking for my name. So it's like, that account I don't even hardly use. It has very few followers, but like, they'll pull some of that content too. But yeah, I mean, the big thing is like, obviously, if I put Metamask in a tweet, I'm going to get a bunch of bot replies. But also, you know, the other thing that's annoying with Twitter is like, in some cases, Twitter will like de-boost the replies. So like the spam content, I won't necessarily see it. But you know, I always worry about if it's in the replies, I'm worried about other people seeing it. So like, and I try to fight it as much as I can. So for a while, I was using the hexagon, you know, the NFT avatar just as a way to like, differentiate myself from bots. And it was annoying. I got like, a lot of criticism from people who hate NFTs. And it was like, man, I'm doing this for a good reason. Like please, you know, like I'm trying to like, you know, prevent bots from pretending to be me. And then I, you know, I paid for Twitter blue for the same reason. And then I got all these people look this idiot paid for Twitter blue. And it's like, I'm trying to do it to prevent people from getting scammed by you know, someone else pretending to be me. Now it's so easy to get...

Nicholas: I can see like Elon verified the Elon fake account.

Christian Montoya: Oh, yeah. It's a huge problem. Like we have people, you know, It's completely meaningless, really.

Nicholas: Yeah, I mean, I guess it's a little more expensive to fake.

Christian Montoya: It's I mean, yeah, But it's like if you can pay $8 and make like thousands, you know, by scamming some people, it's negligible. It's a little bit of extra effort. I'm in some groups of where people...

Nicholas: That's the whole point. That's the genius of the Elon thing. He's really just monetizing the scams, not really stopping them.

Christian Montoya: Yeah, exactly.

Nicholas: He's the one who's going to monetize. it is the idea. Yeah. I mean, he hasn't said that.

Christian Montoya: Yeah, it's like it's kind of sad that that's what it's come to. But it's like, yeah, you know, there's like this weird, you know, gross incentive, you know, like co-incentive that plays out. But I'm in some groups where with security researchers who track like bots and scams and stuff like that. And you know, they're all just like, yeah, I mean, it's not even that expensive to like get a gold check and then like pay to have other accounts be affiliated with it. And like, it's just become like a typical thing now that you see these like blue checks popping up all over the place. And I think we're going to get close to the point where people are just going to eventually realize that like a blue check is meaningless. You know, a gold check is meaningless. It's just like, you know, noise instead of a good signal.

Nicholas: Yeah, I could talk endlessly about that debacle. It makes sense to monetize the one that was well known, but he should have kept around the celebrity ones and made them purple or something, obviously. Yeah. Okay, let's not get derailed. So are you a big Metamask user? How did you end up at Metamask? You were doing music more before or software as well?

Christian Montoya: Oh, I've been in software since I graduated college in 2007. So I'm going on 16 years in software. When I started out, I was a full stack developer, but I switched over to product management in 2011. I think I always get hazy with the dates, but I think I've been doing product management for 12 years now. And I had never worked in crypto before, but I had worked in software. And so I was actually doing AI for medical software before joining Metamask. And when I applied, it was actually like, I had been using Metamask since 2016. I had been doing crypto, I had done my own NFTs, I had been involved in the whole culture and learning about how it works and everything. And I hit this point a couple years ago, where I was seeing that all these people I knew from my startup days were getting jobs in crypto or they were starting like crypto funds or investing in crypto companies. And I was like, man, why are all these other people are doing jobs in crypto? And what am I doing? That's totally something I would want to do. Why don't I go and get a job? These people are beating me to the punch. I didn't even know some of these people were interested in it. And they're getting jobs in crypto. And I'm sitting here like I was at a job where it was a good job, but I didn't really know where I was going to go with it. It wasn't really a good fit for me. And so I started applying at some different places and Metamask was one of the places I applied at. And so when I interviewed with them, it was like, there's actually quite a few people at ConsenSys who are not like, they didn't come from another crypto job. They were working in a different field. And the cool thing about that is we get people who have a wide perspective. We're not just getting people who are living, breathing crypto for years. We're getting some people who are coming with more of an outsider perspective. Maybe they're a little bit more skeptical. Like, yeah, this stuff is difficult to use. How can we make it better? How can we reach different types of people? But for me, it was like, yeah, I didn't have another job in crypto, but I've been breathing this for years. I'm very familiar with the product. So that was a benefit for me.

Nicholas: Okay, so big into crypto and you applied to a lot of different jobs. Is there anything about Metamask in particular that you were excited about? Yeah. I mean, I watched your talk, or was it ETH Denver? And I think you gave a really great presentation about sort of why the wallet is an important surface. Looking at the landscape now, I still think wallets are basically one of the most important touch points for user adoption and interaction. Do you have thoughts on what Metamask is or why that's important?

Christian Montoya: Yeah. So I mean, a big part of why I wanted to join and why I was so excited to work at Metamask was, you know, it's still in a way a startup. I mean, we actually just celebrated our seventh birthday today. And so, you know, it's still a relatively small company. Yeah, I will let the founder know.

Nicholas: How big is it? How many people are there?

Christian Montoya: It's less than 200 people within Metamask. And so to me, that's still a pretty small company. Right. I mean, I've worked at places that have, you know, way bigger, thousands, tens of thousands, It's still a lot of people.

Nicholas: But yeah, how many do you have a sense of how many people are building Metamask like in one way or another, versus like, I don't know, customer support or something.

Christian Montoya: So when we look at like, how many people are in Metamask, pretty much everyone in that group is involved in building the product itself, because we have other groups within consensus that handle things like customer support and so forth. So it's actually like most of that number. And it's across things like the extension, the mobile clients, the portfolio product and so forth. And then, you know, there's a bunch of people like myself who are working on sort of like some new frontier applications, you know, so we have like, Snaps, the SDK, you know, we have the DApp API and a lot of like, like developer friendly tools that we're building as well. But a big part of you know, why I was excited to join was like, it is a crypto company, it's a crypto product, but it has a significant user base, right? And so it has like, actually, like users are using it every day, and for a wide range of use cases. And so it's really interesting in terms of like, okay, it's not like a super specific product, it's actually a product with a wide range of users, with like sort of like mass market applications. And you know, it's an opportunity to like dive in and work on something that like, you know, when we're working on it, we actually can go and talk to users. And we're constantly getting like real world feedback, right? So it's like, you know, I've worked on some stuff in the past where it was like, it was very early stage, and we really didn't have users, you know, and it's like, I love to be in that sort of phase. But it's also really fun to work on something that actually has a lot of users. And you know, I mean, there's pressure that comes with that, too. You know, every change that we make, you know, there's going to be a lot of chatter. You know, you're always worried about like, I don't want to lose our users, you know, I don't want to like do something that's going to make them unhappy. But that's like part of what's exciting about it.

Nicholas: It's interesting that you mentioned before that a lot of the people inside ConsenSys and MetaMask came from other industries, because it does sometimes feel like the ConsenSys projects are core infrastructure, but they're not exactly at, you know, within reach on Twitter. You're, I would say, one of the rare people from MetaMask who feels very like in touch with CT. And there's a handful, of course, but not 200 people are in touch as you are. It's interesting. I'm curious. So you're like. you're like me, right? You like MetaMask follows you around the web. It's with you all the time. It's your Pokedex. And you're you're. you're using it like multiple times a week, even maybe multiple times a month at least. Yeah. You're a big user, right? Yeah.

Christian Montoya: Like I'm still, you know, I'm still, you know, trading occasionally. I do a lot of stuff with NFTs. You know, I buy and sell NFTs every now and then. And, you know, I'm obviously testing a lot of new developer products, you know, with MetaMask now, you know, with the work that I'm doing, but also like stuff, other stuff that I'm learning about from working at ConsenSys. And so, yeah, I'm still using MetaMask almost every day.

Nicholas: Sweet, sweet. I'm happy to hear that.

Christian Montoya: Yeah.

Nicholas: I have a. I have a mean question I have to ask.

Christian Montoya: OK.

Nicholas: When did MetaMask give up on interface design?

Christian Montoya: You know, the timing of this is funny because we actually rolled out a major UI update recently. And the truth is like, you know, MetaMask.

Nicholas: It is and it's a. it's a decent facelift, right? There's like quite a few things changed. Yeah.

Christian Montoya: Yeah. I mean, the the the thing about MetaMask is like it's been around for years. And, you know, when you've been around for years, you know, every change, like I was saying earlier, is very consequential. Right. So, you know, you can't just say like, let's just completely flip this on its head, you know, overnight. Right. There's also a lot of stuff that we've been improving under the hood. where it's like the the changes are not obvious to users because the UI hasn't changed. But we've been like really revamping. Right. So if you go into like our code base, you know, our code base is open source, right? The extension and the mobile apps, you can actually go on our GitHub, our GitHub organization and you can see all the changes.

Nicholas: It kind of conforms. It's like an EIP, right? Like the underlying wallet conforms to an EIP on some level.

Christian Montoya: Yeah, there is an EIP related to like how the wallet communicates with Dapps. And there's other EIPs that we've been incorporating over time. So like we recently rolled out sign in with Ethereum and that's an EIP too. And we've been working with the people, some of the people who've been writing that EIP and actually giving feedback on it as well. It's actually I heard this morning that a couple of my co-workers, their feedback actually made it into an updated version of the EIP. So that's super exciting. But yeah, so, you know, if you go and look at our repositories, you'll see we've been making a ton of different changes. It's just not, you know, not necessarily all UI changes. But also I would argue like I know that some people feel like the interface of MetaMask is boring, but, you know, millions of people are using this interface on a regular basis. Right. So it's like, yeah, it can be a little boring sometimes. But like one of our main priorities is simply that it's super transparent, like you understand what's happening. Right. So in some cases, like people will say like, why can't you make these transaction interfaces like simpler? And it's like, yeah, the problem is the flip side of simpler is that it's less information. Right. And so it's like for sure. For sure. It's always a balance.

Nicholas: Yeah. I would love to have a struggle session with your design team about, I mean, many things have improved over time. I used to complain a lot about the transaction interpretation where it doesn't, now it gives you the data tab, gives you some, it's more reliable than it used to be and gives you some interpretation of what you're doing. But there are. So, OK. So my understanding of snaps, which we'll get into more, is basically, and it's the reason that I really like MetaMask is because I believe MetaMask has done the most for securing the JavaScript supply chain as compared to other wallets. It's Lindy. It's the most secure of the hot wallets with also affordances for cold wall integration, whatever. But the security story is really great. And that's why I stick with it. And primarily, or in some way primarily, and that snaps is kind of like, we can't handle all of the different things you're going to ask us to do. So we're going to make it into a platform and you can do it, whatever you want, if you want it badly enough. And we will sort of wash our hands of some aspects of the UI question by passing the problem on to the dApp developer, which is, I think, legitimate. I'm not criticizing. But it does make me wonder if, like, for instance, the new, I haven't seen it in the very latest version, but the gas, the way the gas is estimated is painful.

Christian Montoya: Understood.

Nicholas: Yeah. And I just wonder, like, is it maybe made by people who aren't making that many transactions? Is that why it's not really convenient to use? Because they're actually Web2 people who aren't. So I'm not asking you to answer for your colleagues.

Christian Montoya: No, but there's a funny thing about that, which is that, like, regardless of whether the people who are designing these interfaces are, you know, DGens or not, and some of them are DGens, there are some of us in the company who are DGens who will come and complain and be like, you are slowing down my degenerate behavior. Like, you're preventing me from getting my dopamine. Like, this thing is too slow. Like, we have to fix it. Right. But I will say, I know this isn't a great answer, but I am seeing things on the inside that haven't shipped yet that are like amazing. And that's all I can say. Like, we have really cool stuff coming down the pipeline. You know, we had this, we have this design update and it's like the tip of the iceberg that we recently released. And there's much more coming. And I will say with respect to Snaps, you know, there's a whole UI component to Snaps and we're building these UIs, these user interface components that are going to be used by Snaps developers in the future and are going to be used to build interfaces for all kinds of different use cases. And it's really fun because it's like similar to like in the early days when Apple released, you know, the app platform and they actually had like an interface kit. Right. And there were all these things, interfaces that you could build. But, you know, they looked pretty good because it used Apple's language. And then when Apple updated the design of iOS, the interface kit updated automatically. Right. And so you didn't have to like redesign all of your interfaces in order to conform to the new style. But there's actually a lot of UI work that goes into building a platform. And we build our own Snaps internally just to like test these things out. You know, we even have a simulator for Snaps where we can build out the interfaces by like just dragging and dropping components. And so we actually mock up all kinds of example use cases. And yeah, even things like, you know, gas calculation, like the gas fee interface is something that we play around with, you know, all the time. And we're like looking at ways to improve it. But all I can say is like.

Nicholas: But like that's an aspect of the UI that I as a Snap developer could not change. I could not change universally.

Christian Montoya: You can't change it today. You can't change it today. But like we do have this, you know, especially with account abstraction, allowing for like different ways of handling gas and different ways of handling how gas fees are handled, how they're paid and so forth. Eventually, we you know, one of our goals is that the wallet can become so modular that a Snap developer could provide a different gas interface.

Nicholas: So let's say I'm safe or someone like that with an account abstraction wallet. I could provide to you a UI inside of a Snap in Metamask that encourages you to sign a transaction that will permit a certain amount of gas to be spent from your account abstraction wallet. So I could present that to you with a completely alternate gas interface, basically.

Christian Montoya: Yeah. And you can do some of that today with custom dialog. So that's one of the first like Snaps, you know, UI surfaces that we've provided. So you can actually make your own dialogs. And so there are some Snaps that are doing like support for other blockchains like non EVM based. And they're using the custom dialogs to do their own like transaction confirmations. And right now, those dialogues are very static. There's very little that you can do with it in terms of like making a really rich wallet experience. But some of the things that we're working on are behind the scenes is now being able to use these dialogues to do really rich interfaces and to be able to do things like you know, how when you're interacting with the gas interface, it's updating periodically, you know, and it's actually like dynamically updating and everything and it's doing this little like fade out, fade in and everything. That's one of our goals is for a Snap developer to have access to that level of interaction.

Nicholas: Got it. So okay, so let's talk about Snaps. I guess we should define it. What is Snaps?

Christian Montoya: So Metamask Snaps is an application engine, right? It's actually like an execution environment inside of Metamask. It's a way that applications can be built to run inside of Metamask. And it uses a permissions model. So the users have the ability to consent to installing a Snap and then running it inside of Metamask. And because these things run inside of Metamask, they have access to APIs and certain functionality that dApps do not have. that, you know, typical just like a, you know, like like a mini program or a web interface inside of a wallet wouldn't have. They're actually able to do computations. And that enables all kinds of really interesting use cases. You know, like you can do ZK proving inside of a Snap and it runs inside of Metamask. The other cool thing about it is because Metamask is self-custodial. When I install a Snap into Metamask, that's just on my machine. Like I'm not, there's no server in the middle. Like I'm not sharing any data out. Like I'm not, you know, I'm not bringing any middlemen, any like, you know, third party servers into that experience. Like it's all running within my instance of Metamask. It maintains that level of privacy and it allows me to run things in sort of like a decentralized, you know, I call it portable computing. Like these Snaps are portable, just like everything that I have in Metamask. And I have control over that data.

Nicholas: And they, okay. So I want, I took a look at the example. I want to get a kind of sense of what the capabilities are of a Snap and also the architecture of a Snap. I looked at the Monorepo example in the getting started thing that Eric Marks did. There's a talk in Bogota also, if people are interested in looking that up. That goes through this, this getting started with Metamask Snaps guide and an associated like Metamask Snaps repo. And it's like a Monorepo that has a React front end and a Snap, like TypeScript Snap, I guess you would say back end. Is that a fair way to talk about it?

Christian Montoya: It's the application. Yeah. You could think of it as the back end in the context of the wallet.

Nicholas: Right. So the Snaps run code when Dapp communicates. Like so a Snap is kind of like a mini RPC. in a way, like you're implementing new functions that are accessed from Dapps as if it were, they were, they were functions that you could access on an RPC.

Christian Montoya: That's one of the entry points that we support. So there's two other entry points that we support right now. One is you can actually set up a cron job. And so the cron job will trigger the Snap and allow it to do things. And then we have the on transaction export. So there's a event that happens when you view a transaction inside Snap in the transaction, the pre-transaction window. So that's another entry point. So yeah, one of the main use cases is that a Snap can present an RPC API and can communicate over RPC with websites. But there are some other entry points that we're working on for Snaps that run entirely inside of MetaMask and don't communicate with websites as well.

Nicholas: Okay, so a Snap, just for the mental model, is either a piece of code that is executed when someone, you know, like a hook before a transaction is propagated into MetaMask or something that's running periodically, cron job in the background, even when MetaMask is hidden, I take it. And then, or something that you could build into your Dapp, specifically designed to anticipate the existence of your Snap on that machine, right?

Christian Montoya: Exactly.

Nicholas: And then I guess maybe you'll do something like Apple-like where if they try to execute something and they don't yet have the Snap, you offer them to install the Snap, maybe?

Christian Montoya: Yes. And so, you know, something that's interesting about this is that, you know, you can write a Snap that can communicate with multiple Dapps, right? You could make a Snap that is designed to have an interface to any Dapp that interacts with the Snap. And obviously there's a notion of like whether or not the Snap is installed, but then also the Dapp will connect to the Snap the way that a Dapp can connect to MetaMask. And so each Dapp that wants to connect to that Snap will actually request to connect to it. And so when you look into your settings, you'll actually see all of the Dapps that are connected to that Snap. And that's sort of like, so every Dapp has to cross that like permission barrier, right? In order to get the access to then communicate with that Snap. And you can see all of those like connections that have been made. And so when we talk about connections, it's kind of like the way we use connect in this in the context of wallets is a little bit misleading because it's not like I'm connecting two cords together. Like it's not. I'm like, like I'm plugging an Ethernet cable into my into my laptop. But it's sort of like you've just crossed that permissions barrier and now you have authorization to like send data back and forth, you know, when you when you choose to do it.

Nicholas: Between the Dapp and the Snap, which is kind of like the back end service running inside of MetaMask.

Christian Montoya: Exactly. Inside of Snap. Exactly.

Nicholas: So and may or may not include a front end.

Christian Montoya: Right. And so the thing is, so right now, there are some Snaps that use a Dapp for the front end. But really, it's something that's like, the Dapp is just there because there's no other way to give it a UI entry point in the future. One of the things that we want to do is enable a Snap to have its own page within MetaMask. And then it won't have to use a Dapp for the front end, like you'll actually be able to have certain Snaps that just live within MetaMask and you invoke it by going to that page. So this is like just something that's happened as a limitation. Right. Obviously, if you have something like a Bitcoin Snap or a StarkNet Snap, you want to be able to connect to it from multiple Dapps. And that's perfectly good as an entry point. But eventually, you also want to be able to say, OK, where do I go in MetaMask to see my Bitcoin Snap and interact and like see my balance and like see all that information? That's one of the things we plan to solve later on.

Nicholas: Cool. So right now, there's like some prebuilt components that you could use and display in like dialogue pop ups for signing requests, for example. But in the future, you'll be able to do like fully custom UI inside of MetaMask.

Christian Montoya: Yes, that's correct.

Nicholas: Very cool. It's interesting. I'm curious. I guess the sort of question in the back of my mind is like, is Snaps more like my trusted Kumavis Lava Mode secure supply chain stuff or more like the gas? Like is the design right? Is kind of the question in my mind. I don't know if there's a way to answer that. But I'm like, is it a good design? I don't know. I haven't thought about the problem enough to know if this is a good way to do this. But it's I mean, it sounds cool if it works. But I guess that's my question. Is it is this the right way to do it? You think?

Christian Montoya: So this is I actually tell people all the time that like Snaps is first and foremost, a security product and secondly, like a platform. Right. And so like, we've done a ton of work internally to design a whole security model for this and implement it. And we're actually going through audits, right? So we're at the tail end of a final audit phase of the actual Snaps execution environment that we're doing. And what we've what we've done is we're using something called secure ECMAScript, which is made by Agoric. And I think we're like the largest application of secure ECMAScript. And what that is, is it's a essentially hardened JavaScript. Like you take JavaScript, you eliminate a bunch of different like entry points and a bunch of different ways that sort of like allow for like developers to freely modify or freely like execute code. Right. So there's no eval. A bunch of prototypes are removed. There's a global objects that are not available. And so all of these different things essentially make it harder for a JavaScript application to escape a sandbox. Right. And so the Snaps are run inside of a sandbox model. Each Snap is sandboxed to its own execution environment within MetaMask. And so a Snap can't access information about another Snap and it can't access the information that is within MetaMask. that's part of like your core MetaMask, you know, functionality, like the accounts that you have in a MetaMask and so forth. And so the only way that Snaps can get out of that is through the RPC layer. Right. So when a Snap gets permission to talk to a website, then it can communicate with that website. But otherwise, it has no knowledge. There's it doesn't know anything beyond its own sandbox. And so like we take this stuff very seriously because like part of it is like if you're going to give people the ability to do something really powerful, obviously you have to be really cautious. The more powerful it is, the more cautious you have to be about how you approach it. And even with the launch of Snaps, you know, we're launching Snaps to the extension in September. But we've been working with all these different Snaps developers and we've actually been having them go through audits and get audits of their code. And we're working with auditors that are familiar with JavaScript and all of the like challenges of auditing JavaScript. And we're doing these audits because we're basically like, even, you know, we are, you know, we're certain that we've dotted our I's and crossed our T's and that we've built this really cool sandbox model that works. But even so, we want to be really cautious and make sure that there's nothing that surprises us, you know. So for this initial launch, we're making sure that the Snaps really do, you know, respect that sandbox approach, you know, that we expect them to. And so even like, like I built a Snap, it's a MobiMask Snap. It's a very simple Snap, but I got it audited. I went through the process like any other Snap developer would because it's like, you know, we're doing something that's totally new and that hasn't been done before. And, you know, we really want to make sure that we do it right. Like that's like priority one for us.

Nicholas: On the untrusted sandbox, you don't have access to the DOM. You have no, no JS built-ins, no platform specific APIs. So you're really just going through, you're being treated. Like the RPC, right? It is like you're writing a little RPC. The backend is like you're writing a little additional RPC functionality. Or you're saying there's multiple entry points. That's not the only way that things can be executed. So really it's just code that's running inside of a sandbox inside of Metamask that can interface with the user through very restricted ways and can't make like fetches and its own requests directly.

Christian Montoya: Yeah. And so it's very much, it is a lot like writing a Node.js application, but obviously you don't have access to certain environments like in Node.js, I can write to the file system, you know, I can make web requests and you don't have that within a snap. But what you have is there are certain permissions that you can request. Right. So at installation, you can request network access and then we give you a specific API. Like you can use the fetch API and that's the only way that you can make network requests. Right. And that way we control how you make network requests. But once you have that permission, then you can make network requests and you can do calls to servers and get data back and so forth. Similarly, you know, there's no way to write to disk and you can't use local storage. But if you request a managed state permission, you can use a managed state API that we provide that stores data within Metamask. And we sort of abstract it like you don't really have to worry about how it works, you know, how you're actually storing data on disk or anything like that. But that's your data storage API that you then have access to. And so and there are certain libraries that work right out of the box. So like if you import ethers into a snap, it works fine. Like there's nothing you know, it works under SESS. The SESS, you know, the hardening of SESS doesn't prevent ethers from working. There's some other libraries like I think like Web3.js, you would have to like patch it. There's a few things that conflict. I see. But in the MobiMask.

Nicholas: Ethers needing to talk to a provider, for instance, you just ask for the network access. You get some fetch.

Christian Montoya: So you actually ask. We have an endowment called Ethereum provider. And in the scope of the snap, it's called. it's called Ethereum. So instead of window.ethereum, there's no window. It's just Ethereum. So you pass the Ethereum object as the provider and then you have the same access that you would have in ADAPT. The same way that you can talk to, you know, the RPC provider through ethers works. And that's actually for the MobiMask snap that I built. That's what I do. I import ethers. I pass just the Ethereum object that lives within the snap execution environment to ethers. And that's the provider. And that's how I make the request.

Nicholas: Okay. So I was reading that a snap is considered unresponsive. Like MetaMask can shut down a snap whenever it considers it unresponsive. And it's considered unresponsive when it hasn't received a RPC request for 30 seconds or if it takes more than 60 seconds to process an RPC request. That's so long. Is that the level of responsiveness that I'm to expect in a snap? Like, oh my God, maybe it's hanging for 60 seconds.

Christian Montoya: So this is sort of like an initial default that we set up. Right. So the snaps execution environment and the way that background tasks run in the browser. It's not something where you can have something that's running indefinitely. Right. So you have this sort of like service worker model. And, you know, ideally, you know, if there's something running in the background, it should only run for a specific amount of time. Now, usually most snaps, when they're running in the background, they're pretty quick. Right. It's like less than a second. But there's one use case that gets pretty complicated. And that's if you're doing ZK proving with Wasm. And those things, especially because there are some things within sass that make things a little slower. Talking over RPC makes things a little slower. And so, you know, in the early days with the execution environment, we actually saw that, you know, sometimes to do ZK proving with Wasm would take up to a minute. This was like the safe max that we gave it. Now, as of right now, like the pipeline of snaps that we have, they're not really messing with anything like that. Like they're not seeing those types of execution and execution times. But we're actually working on some new approaches to handling background processing using callbacks and using like a better way to manage the timing of background processes that will allow us to move away from like the sort of like 60 second default, because that's not really what we intended to do. And we'll also be able to do some really interesting things with sort of like periodic actions where something can start and stop and continue processing. And there's one other interesting thing, which is, you know, if you look in the snaps execution environment and the way we were originally bundling snaps, we were using Browserify. And we recently made a change where we're moving towards using Webpack. And even that has shown some performance improvements in different places, even that we didn't even expect. So like we're constantly improving the way that the execution environment runs and the speed of how snaps can execute.

Nicholas: Okay, okay. That's very cool, because I like this service worker lifecycle for the snaps where they're designed to be running really quickly, really, you know, more like a cloud function than like a long enduring process. Does that apply, I guess, for splitting up? Like, let's say I have some UI that I want to display in Metamask. Is that there's a service worker running, executing throughout? or the UI, like a React UI is occasionally making calls that are is invoking, you know, cloud function like service worker style scripts? Or what's the model for programming it that you suggest?

Christian Montoya: That's a really good question. Because if you like, usually the the JavaScript application is running in its own thread, right? So it's got it has a thread and it's just doing computation in response to something. And usually, like, if you're able to return something like to a React interface, you know, you can just do that quickly and you're not locking up the interface. It's only for something that you would expect to take a long time that you would run, you would want to set up a background process. And if you're using things like callbacks, it's essentially, you know, when you when you set up a callback, you're basically saying, like, I don't have to lock up the UI when this thing executes, then like another event will fire and, you know, it'll pick up, you know, whatever the response of that is. But there's certain things where if you know that it's going to actually be doing computation for a long period of time, like running a WASM module that is just going to be cranking numbers for a while, then what you have to do is set up a background task, because otherwise you're going to be locking up the main thread. And that's bad news, right? So that's the sort of situation where you would want to set up a background thread. And the only reason it's difficult to do that right now is because we haven't provided a good way to do background task management across the entire snaps execution environment. But once we once we set that up, what we'll essentially be giving is an API for a snap developer to say, I want to do something that's going to take longer. And here's, you know, sort of the entry point and the exit point. And please go run this for me. And, you know, execute something when it's done.

Nicholas: Got it. I want to know a little more about the permissions. So when I install a snap, can you give like App Store style, the nutritional facts about what I'm giving them access to?

Christian Montoya: Yeah, so we actually and we have in our document, like we sort of set up our documents in such a way that the various permissions are explained as features.

Nicholas: And so that's a little bit like web extensions, right?

Christian Montoya: Yeah, yeah. That's one way to look at it. Right. So like some of the things that we that we allow, and we actually have a concept of like, there's some permissions that are like, you know, low risk. And then there's some that are a little bit more high risk. Right. And so we actually like categorize them this way. But there are things like dialogues, right, the ability to just display dialogues. And then there's notifications, which is just a snap can put notifications into a notifications menu within MetaMask. And then the storage, the managed state API means the snap can actually store data within MetaMask. And that data is specific to that snap. And it's specific to your MetaMask installation. Right. That being said, you know, that data could be arbitrary, whatever data is part of the use case of that snap. And then we have what's called, you know, endowment RPC, which is then the ability for that snap to communicate with either websites or other snaps. And the latter of that I won't get into right now. It's like super complicated. But to be able to then communicate with websites, the interesting thing then is it's like, OK, now you basically have a miniature sort of like wallet within MetaMask that can talk to websites. And, you know, you do have to think about, OK, what websites am I then going to connect to with that snap and what are they going to do? Right. So there are some snaps that are just like, you know, this snap can connect to websites and just share like decentralized identity information. Right. So you may have something in there that's just like, here's my like degenerate trader profile for this snap that certain dApps will leverage. Right. Or it could be something that's like, here's my private, you know, KYC information that I want to share with certain like DeFi platforms. It's all like opt-in. It depends like what's the use case for that snap. But then, you know, there are some snaps that, you know, there are snaps that do they derive private keys. Right. And the way that that works is a snap doesn't have access to your secret recovery phrase. MetaMask is the sole manager of your secret recovery phrase and your Ethereum accounts. But a snap can say, OK, I want to derive keys for Bitcoin or I want to derive keys for, you know, Solana. Right. And so it will specify like a certain path where it will be able to generate the entropy that it needs to make key pairs that actually work for Bitcoin or Solana or whatever. And then that snap is essentially able to manage keys for that chain. Right. So these are not the same keys that you manage within MetaMask, but those are keys for that chain. And then that snap can do all of the wallet functionality that it needs to do for that chain. Now, the interesting thing is, OK, if I have a snap that can derive keys for certain blockchain and talk to the Internet so we can talk to the node providers. Right. And now it can connect to websites right with the RPC endowment and it can store data. It's like, OK, this snap is a wallet. Right. It's a wallet inside of a wallet. And I should treat it like I treat MetaMask. Right. Like I'm cautious about what I connect to. You know, I safeguard the private key information that it has access to. And it's you know, it's really exciting and interesting, you know, that we can provide this level of expressibility for developers where they can build this wallet functionality for these other chains that MetaMask doesn't support. And so, you know, like we have a StarkNet snap that we built internally and we did that because StarkNet is non-EVM. Right. It's an Ethereum layer 2 network, but it doesn't work with EVM based wallets. So it has its own contract language and a totally different way of representing addresses. And so the only way that we could have, you know, MetaMask be able to talk to StarkNet was to build all of this functionality into a snap. And my StarkNet snap is my StarkNet wallet. And so I think of that like a wallet. And that's, you know, really powerful. And it's, you know, part of what we're going to be teaching users about is like, hey, in some cases, these snaps are providing wallet level functionality. And that's really cool. But you should also just be cautious with that and understand what that means.

Nicholas: And then they can do a StarkNet snaps on top of their StarkNet snap. Can have its own app store. No, it couldn't because of the snaps.

Christian Montoya: Yeah, I don't think we're at that level of expressibility yet. But I mean, like. I think if we got to the point where people started doing something like that, it would definitely mean that like snaps as a concept has already been successful.

Nicholas: Yeah. Your work would be done at that point. I guess I guess thinking in that direction, like the answer would probably be if that is if snaps is a viable pattern that developers pick up and start doing to give. I mean, in the case of like something like that, an alternate blockchain maybe wants to bootload its audience, you know, wants to convert the EVM audience to easily become fans and users of their network. You can airdrop them tokens and give them a snap. And while suddenly they don't need an extra password or anything, it's just right there on their computer. So I could see that. I could see that being popular. But they might. Yeah. If that was popular and there were multiple things that wanted their own experience, they might just build their own snaps. They don't need they don't need a superior level of abstraction on top of a single wallet necessarily. Although I guess they want access to the keys. This is the thing you didn't want to get into. Snaps. Yeah.

Christian Montoya: There's really cool things that can happen when you get to the point where snaps can talk to other snaps. And then when we get to that point, we might be really cautious about, OK, which permissions you basically have this union of permissions when snaps can talk to each other. So there may be certain permissions that we have to be really cautious about and allowing in a context where two snaps are communicating with each other. But like one idea we've had is like, what if there's a snap that just exists to, you know, manage private keys and do signing for Starknet? And you could build Starknet wallets on top of that. But those Starknet wallets aren't the ones managing the private key information. Right.

Nicholas: And so instead of going linearly up hierarchically, you go horizontally and they just all talk to a key store snap.

Christian Montoya: Exactly. Yeah. And so there are areas where it would make things, you know, even more secure than they are already. And there's areas where it would reduce the burden on the developer of a wallet that doesn't have to do its own signing. And that's really one of the cool things about snaps is that we're allowing people to build wallet functionality without all of the like table stakes that go into building a wallet, you know. And so like I talked to some developers sometime, sometimes who are talking about, you know, building their own wallets. And I'm just like, man, you have no idea the path you're about to head down. What the amount of work that goes into building a wallet. I mean, we deal with like the different platforms, the different environments we have to ship to. There's all these little intricacies of, you know, supporting an extension product and a mobile app and being able to connect to all these different dApps. Right. And like when you build a snap, you have access to the dApp API. that's like tested and true and like trusted, right, by all these different dApp developers. You don't have to worry about all of that. You don't have to worry about injection, injecting an API into a web page. We even have an SDK now that like gets around some of the headaches of that, too. Right. And so like, you don't have to worry about all that stuff. Like you're just building a snap that just interacts with these APIs that we provide. And like you kind of have like an existing environment with tons of users that you get to ship into, you know, because you're building a snap, you know, within MetaMask.

Nicholas: Totally. So, OK, what can I do with a snap, though? Like, can we think about like categories of applications that might be interesting? I mean, one obvious one is like, I think it's in some of the examples, the hooks that can be called before a transaction is accepted. So adding intelligence to transaction, maybe doing other things with a transaction before sending it to an RPC, even other kinds of augmentation or MEV resistance or something. I don't know.

Christian Montoya: Yeah, there's like five different use cases that I'm seeing right now just with the APIs that we currently offer. So one is the blockchain, you know, like wallet and a snap. That's that's an obvious one. You can do non-EBM blockchains in snaps and add support for those to MetaMask. Another one is the transaction security. Right. So we have this transaction insights feature and it allows you to, you know, a transaction insight snap will actually, you know, if the user gives a permission, it'll get the transaction object and it can even get, you know, the the dApp that's initiating the transaction. And if you have some like API that you use to simulate transactions or, you know, to track malicious contracts, malicious accounts, you can go and check that API and return a result and tell the user like, don't interact with this address. This is a scammer or don't interact with this contract. This contract is a drainer. Right. So you can actually warn people about that. And then we have with notifications, we're essentially enabling like communication use cases. So you can build a snap that shows notifications either from like a messaging protocol or maybe from an API. You know, like it's actually pretty trivial now to build a notification that just like tells you if you have like a new Dow vote on snapshot.org, for example, or you could build a snap that tells you if your ENS name is about to expire. Like. those are pretty simple implementations that you can do. And then we have, you know, because you can store data within snaps and because snaps can talk to websites, you can actually build decentralized identity snaps that like, you know, store verifiable credentials and store attestation information and present that to websites. And you can basically build like this sort of like connector snap that allows like this DID stuff to to to travel across multiple dApps. And then the last use case that we've seen is there are these different use cases where your Ethereum accounts can essentially communicate with like sort of like privacy preserving protocols, you know, like liquidity pools or dark pools on Ethereum or different like contracts that abstract like how you're interacting with DeFi. And the only thing that they need is they just need like a way to associate your Ethereum account in Metamask with an abstracted representation on the blockchain. And so essentially all they have to do is store that information within a Metamask and use Metamask as the signer to interact with those accounts. And now you basically have like your, you know, your privacy preserving, you know, abstraction of your identity in order to interact with these DeFi pools. And that's that's a really cool use case.

Nicholas: Okay. Is that kind of a variant of storing like credentials for another blockchain incompatible blockchain this way? It's almost in a way similar?

Christian Montoya: So the way that supporting other blockchains works right now is the snap is actually deriving it using entropy that Metamask provides through the API. And then the way that like interacting with like a DeFi pool, you know, that's associated with your Ethereum accounts is actually working with an API that would, you know, you would interact with through a Dapp. And then what the snap is actually doing is doing like authentication with Ethereum and then storing that generated API key that's specific to you. that allows you to interact with whatever that like on chain, you know, pool or protocol is.

Nicholas: So this is derived from your private key and gives you access to like. it's essentially information like access access controls that are derived from your private key off chain in a way that is invisible.

Christian Montoya: Yeah, it's a secure authentication. And because it uses signatures, it doesn't actually need to know your private key in order to do that. Like when you sign something that's based on your private key. But the the application that's generating that signature doesn't have to know your private key. It's just giving a message. And when that signature is generated, it knows that that signature came from you, even though it doesn't know the underlying private key that was used to generate it.

Nicholas: So there are API calls that a snap can make to have you sign something without getting access to your private key. But they are also able to ask for private keys, right?

Christian Montoya: Yeah. And so they're able to ask for privacy, private keys for other curves, like other derivation paths, like not the ones that MetaMask uses for Ethereum. So they can ask for private keys for Bitcoin or Solana, which use completely different paths and a bunch of others. And in some cases, they can even do like arbitrary entropy. Like there's a there's a certain method that's get entropy, which is just like, give me arbitrary entropy. that's specific to this snap and this this MetaMask instance. Right. And so it's just ways to like generate key pair information. And then, you know, what a snap can do with authentication is actually very similar to what dApps do today. Right. A dApp initiates a signature request. And that's just a way to create some sort of like identifying signature that can be secure. And it's just like a common model of like, I have a private key. I don't want to share the private key, but I want to be able to sign things with it that dApps can then use that are tied back to me. And this last part is it's a little bit of a preview, like. this is something we're shipping to Flask soon. So you can't actually do it today, but maybe in a couple of weeks. But it's this actually. it's also this concept of like a snap being able to do something that dApps can do today. But it then enables much more powerful use cases when you can do it within a snap.

Nicholas: It enables more powerful use cases when you can do it within a snap.

Christian Montoya: Why? Because because right now, if I sign something on OpenSea, that signature has to be stored somewhere for OpenSea to then have the authorization to do something with whatever those NFTs are. Right. So there's signatures that are going to be stored on servers or on chain or something like that. But if I can sign from within a snap, that signature, that information can be stored within the snap. And it's still totally private to my own machine. Right. So now I have like a signer and an execution environment that lives within Metamask on my device. And there's no server. There's no third party involved in that in that action. Right. So a developer will build a snap, right? That's a third party developer. But that snap runs inside my instance of Metamask. And that even the developer has no visibility into what that snap is doing within my Metamask.

Nicholas: So it becomes a kind of node or execution environment in which you can do interesting things and store the data on the same machine inside the snap. Yeah.

Christian Montoya: It's like a secure, like a personal enclave that can both handle private information and also do execution with that.

Nicholas: Yeah. I mean, in a way, I don't have deep understanding of it, but my impression is that Metamask is very serious about security relative to other wallets, especially. And it does make a lot of sense to give access to that to really make it. I mean, maybe even one version of the great form of Metamask would be just. it is a secure enclave. It actually is a software enclave that you can more or less trust as much as you can trust software.

Christian Montoya: Yeah. I mean, one of the defining really primary values of Metamask is that it's self-custodial. And we're trusting users to be able to do something really exciting, as opposed to a third party custodial service, which is basically like put your funds on this exchange and everything's handled for you. And so that value that we have of trusting users and giving them something that's self-custodial that they have total control over, that just continues with these new initiatives that we're doing. Right. So Snaps is just a continuation of that belief that we should be able to provide that power and we should do it in a way that at the end of the day, users are the final like they have the control over that interaction.

Nicholas: Do you have a sense of what the application would be for having these local signatures within a Snap? I'm not sure. I guess the dark pools you're saying are. I haven't used that technology, so I'm not as familiar.

Christian Montoya: Yeah, there's actually another use case that's maybe simpler to understand. Like there are some some Snaps developers who are doing applications where they have like a remote API. Right. And maybe that API does simulations of transactions. Right. And they have maybe like, okay, you can do 50 a day, but then past that point, like it's a premium service. Right. Like I can't run the whole thing for free, for unlimited usage. So, you know, please go and like sign up for an account, you know, and pay something. Right. And what they can do with a Snap is they can actually use a signature as the way to authenticate you to that API and say like, maybe you pay, you know, with crypto. Right. You pay for the service and then your wallet is actually your identifier instead of like an email or a credit card or whatever. And so you do that authorization with your Ethereum account right on chain. You pay for that authorization and then the signature is the thing that, you know, generates your personal API key that interacts with that API and now gives you unlimited access or metered access or whatever. And so it's just another really interesting use case where like at the wallet level, we can enable crypto applications that are really like Web3 natives that are impossible in any other context.

Nicholas: Yeah, that's really cool. The API key thing comes up over and over again. And I guess right now, this is somewhat analogous to like token gating. I don't know if I have never used Anchor, which is like the most Web3 centric RPC from what I understand. But maybe they do. You can pay for it in crypto. So I assume you can do something similar where you sign a message on their DAP in order to authenticate. But they don't. They maybe just reveal an API key to you on the website. And in this case, you're saying it could be stored inside of a Snap. And maybe even there's more sophisticated things you could do with storing like commitments that you haven't yet revealed or other kinds of things where you want to retain some of the data privately in order to be able to execute some transaction further. The closest one I've experienced is like ENS where I could imagine it would be superior to store. I remember I'm sure they fixed it by now, but a year or two ago, like trying to purchase two ENSs in separate tabs and somehow the local storage of the commitments being lost. So, yeah, you pay a transaction to commit and then because the page refreshed or whatever, it has forgotten the commitment. And now you can't claim the, you know, you wasted a bunch of gas basically.

Christian Montoya: So that's a really good example.

Nicholas: Yeah, it could be in Snaps. Yeah, that's cool. And I imagine there's ZK stuff that I'm just not yet versed enough to understand all the potential.

Christian Montoya: I am not even versed enough. Like I'm avoiding talking about it because it's like super complicated. But yes, don't feel bad.

Nicholas: But basically, what it sounds like is basically just keeping private off-chain data in something that's a little more durable than local storage.

Christian Montoya: Yeah, yeah. And there's certain things where it's just like, you know, there are things that you want to do on-chain, like you want to transfer value on-chain. But then if you can do computation off-chain in a way that's secure, then you really just want to do the computation off-chain and just have a way of validating that on-chain. And the thing is, like right now, a lot of that off-chain computation has to happen and adapt context and adapt context isn't really secure. Right. It's like it's in the browser. You know, you're leaking something to a website. You don't have total control over that. But if you can do that within an execution environment that is secure, like within the wallet itself, then you have a really cool way of having that on-chain and off-chain behavior be tied to each other without having to go through servers or websites or so forth. And you really maintain that level of security in a totally new way.

Nicholas: That's very cool. I have a kind of throwball corollary to this, which is, you know, people, some people are interested in serving things directly from the chain, NFTs as apps. Do you see any opportunity for snaps to enable web or I don't know, the front end or some interaction with a sort of generating part of the UI on-chain or if not generating the UI on-chain somehow, like eliminating a web server? I guess in your case, it's just everything should be inside of the snap. It should be the front end component of the monorepo snap. And you don't need to a chain necessarily.

Christian Montoya: Yeah, I mean, I'll give you an example, because that's what I'm familiar with. Like there are some NFTs that essentially what's stored on-chain is some entropy. Right. But then there's some off-chain things, you know, like a viewer and some JavaScript, you know, some scripts that actually like, you know, generate visuals from that. Right. And so that off-chain thing has to go somewhere. And in some cases, people will put it on Filecoin or Arweave or they'll put it on IPFS or whatever. But it's like, OK, where do I want to host this sort of like off-chain viewer that uses the on-chain entropy to then create the artwork? Right. And it's like, OK, you could actually store things within a snap that are sort of like the front end code. Right. Which then, you know, the snap could say to the dApp, OK, here's the viewer. You know, here's the thing that interacts with the entropy that's stored on-chain. That's kind of like a silly example, but it's like, you know, I can talk about what I know and I know NFTs.

Nicholas: But like, let's say I want to serve the snap because, OK, for a long time I've wanted, you know, an NFT that presents you a mint button, an NFT that is rendered on-chain.

Christian Montoya: Oh, yeah.

Nicholas: That presents you a mint button that you can execute upon, which obviously OpenSea will not allow you to do for good reasons. But I mean, they wouldn't even let you do it if you were serving it off-chain to the animation URL or whatever, the thumbnail in the details page. But in a snap, I'm wondering if there's any synergy between serving things directly from the chain or otherwise like creating these kind of like, because it's strange that the chain is not self-sufficient in a way like proof of stake is a move towards internal logic being the engine. And yet it's dependent on so much like RPC support infrastructure in order to serve anything to a user. So like you mentioned this example, which is kind of like Artblocks style NFT, where there's maybe off-chain JavaScript that's executing in your browser, that's rendering some on-chain entropy. And maybe they even went to the length of putting parts of the JavaScript on-chain so that it can be retrieved from the chain.

Christian Montoya: But it's like into another contract. Yeah. So like the different contracts would render that view.

Nicholas: Yeah. Yeah. There's other things like Lude or Terraforms or all the on-chain Maxi art where the contract is able to return to you and is really mostly limited by what OpenSea will show nicely. But it's able to return to you XML document directly from the chain. The XML is constructed on-chain and we can imagine also L2, etc. So it's not necessarily an expensive thing to write to the chain, but reading it is always free as long as it fits within the expanded gas limit of RPC view call. I'm wondering if there's any reason why a snap would want to go. I mean, obviously a big part of the purpose is to visualize something that's on-chain and then allow you to interact is often the two parts. Yeah. I wonder if there's a reason why you might even fetch the affordances for interaction from the chain. I guess that's just still the code of the front end of the snap at the end of the day.

Christian Montoya: Yeah. I mean, one thing, for example, the MobiMask snap actually interacts with the MobiMask phishing registry contract. Right. And so the ABI for this contract is stored in the snap, right, as a JSON representation. And so when I talk to the MobiMask contract, I actually like instantiate that contract within ethers. And then I'm able to like make specific calls to that contract. So there's some really cool stuff you could do where you're essentially storing that the interface to that contract in a snap. And then you can use specific functions of that contract from a snap and then also provide some things that are maybe not represented in the contract itself, but they're meant to interact with those contract functions from within the snap. And so it's like you can essentially build these really cool middleware, these sort of interface products within snaps that are designed to work in concert with contracts that are on chain.

Nicholas: Could you have something like Etherfunk.io, like the contract interaction page of EtherScan for arbitrary contract interactions inside of a snap? I don't know if that would be desirable.

Christian Montoya: Maybe. Maybe. I think if we get to the point where you could input the information within the snaps interfaces to then generate that, it may be possible to do that.

Nicholas: I guess. Yeah, I actually built. Yes.

Christian Montoya: No, I was saying I actually built like a. I call it contract explorer, but it's similar to Etherfunk. It's like a way to like generate any arbitrary interface for an on-chain contract. And it's like a very simple react application. And that's sort of like one of the like, you know, long term like North Stars is like. at what point could I do this entirely within a snap interface? That would be really cool.

Nicholas: Totally. Totally. I have a similar dream of doing the same thing or at least having access to the same thing, but drawn entirely from the chain that a contract returns to the interface and the interface is able to interact and propagate transactions to MetaMask or whatever wallet. I think the challenge becomes accessing the ABIs. In the snap case, at least it would be able to do a fetch request to Sourcify or EtherScan to get the ABI and populate. So that could be interesting. I don't know if there's, it's not clear to me that people are going to go the distance for things that they can get in a DAP. that's just as good in a DAP or bigger window or whatever. But it would be kind of cool to have a direct arbitrary contract access within MetaMask. Could be could be interesting.

Christian Montoya: Yeah. Yeah. There's a certain level of like, sometimes it's like I'm interested in doing something just to see if it's technically feasible. Like it's probably not even the best way to do it. And maybe no one would ever use it. But it's just like you learn a lot just by seeing if it's possible to implement it.

Nicholas: I wonder if there'll be, I'm just thinking of applications now, like revoke cash kind of application within MetaMask, like the missing settings menu or whatever, like homebrew for Mac. But for MetaMask, like the things you wish you had in MetaMask, you can just start building them. I won't.

Christian Montoya: I can't say anything about what's in the pipeline, but things like that could be possible.

Nicholas: Seems like a good thing. Very cool. Yeah. All right. Well, did we miss any topics that you wanted to mention about Snaps or anything you want people to know?

Christian Montoya: No, this has just been a really great technical dive. Like I said, we're launching Snaps to the extension in September. You know, we have a long term plan to eventually do some other things on mobile. But you know, this is a great time.

Nicholas: That was my question. How compatible is Snaps with the mobile app? My sense was the mobile app is like an entirely different stack. But is it shared enough?

Christian Montoya: Well, you can check out the code base. It's actually React Native. And so it is possible to run JavaScript within, you know, like a web view within the mobile app. And so, you know, you can do, you know, I won't say too much, but it's not that different. And so our intention is that, you know, the API will be the same, right? That like if you write a Snap, it doesn't even have to know about the environment. It's just interacting with the APIs that MetaMask provides. And so that can be environment agnostic.

Nicholas: Is there anything in Snaps or otherwise that's going to get us beyond the world of switching between Wallet and Dapp? And I guess Snaps is maybe one answer to that. You just do everything inside the MetaMask app.

Christian Montoya: Yeah, if you're modularizing the way that connections can be tracked and maintained between websites and MetaMask, then you can move away from that. You know, one of the cool things in the redesign that we just put out is that it's starting to improve how you manage Dapp connections and having, you know, like Dapps being able to connect to different accounts across different sessions and so forth. And we have some really cool things that we're working on in that direction. because like we know that there's like pain points right now when you're connecting to multiple Dapps that things can get hairy. And that's something that we want to fix.

Nicholas: Totally. I appreciate the wallet name search that was added. Search Wallets by name. I wish it worked on. It doesn't search parts of the wallet name after the ellipsis when it abbreviates. That's a pain. But.

Christian Montoya: That's I'll check on that one internally. That's a good. that's good feedback.

Nicholas: And also, I know I talked ages ago to people, but it's just too small. The scroll window to see. Nobody has three wallets.

Christian Montoya: I know it's like three. You can only see like three accounts right now at one time. I know. It's pain.

Nicholas: It's pain.

Christian Montoya: We're iterating on that one for sure. Yeah.

Nicholas: But sorry, I interrupted you. So in September, it's launching right now. People can check out Flask, which is like the Alpha Canary release. Purple version of MetaMask. And there's like things people should check out. There's like demo projects, I guess, that can fork.

Christian Montoya: Yeah, yeah. So I just did a thread today of like a list of resources. There's a getting started guide in there that even includes links to example projects that you can build off of. And it also has our template, which our template basically gives you a project with a snap and a website in packages. And it like has like the whole environment for you to like run the code, watch it, you know, do like really nice like development, you know, on your machine and be able to preview everything. And so, you know, what I was going to say was that now is actually a really good time to start getting familiar with all of the tools and tutorials and so forth and get into our documentation and start building your own snaps. And, you know, if this is something that interests you, you know, it's a good time to get started now and be part of our launch, you know, in September, you know, and through the rest of this year, you know, maybe you have a really cool idea and now's the time to build it. And, you know, you'll be able to get it in front of users when we launch.

Nicholas: Totally. I could see it being an interesting surface for projects to differentiate themselves by building experiences that you couldn't build without snaps. And you're saying snaps is rolling out to the main wallet in September? Yes. Wow, that's crazy.

Christian Montoya: Yeah, it's the extension.

Nicholas: I'm excited to see what happens. That's going to be crazy. Wow, that's exciting.

Christian Montoya: Very cool. We're not getting much sleep at MetaMask right now.

Nicholas: I'm not sure you're going to get much more after it launches.

Christian Montoya: No, no.

Nicholas: That'll be fun, though. And I guess it's cool because if people build something that they think is actually interesting, they might have a chance of getting it audited and paid for by consensus.

Christian Montoya: Yeah, we have a grants program, actually. So if you have like a really cool use case, you know, you can even apply through MetaMaskGrants.org. And I'm one of the like stewards of like the grants program. And so we've given, you know, some grants to teams that are building snaps just because they have a really cool use case and we want to support that.

Nicholas: All right, Christian, thanks so much. This was awesome. Thanks so much for explaining snaps and really getting into the technical stuff.

Christian Montoya: Thank you. It was great talking to you. Lots of really good technical questions here. So this is fun.

Nicholas: Sweet. All right. Thanks, everybody, for coming through. See you next week. Same time, 5 p.m. Eastern Time Friday. Next week, I think it's the ETHscriptions. Creator of ETHscriptions is going to be on. And I think there's going to be a bonus episode on Monday at 10 a.m. with Decent, which is they have something called the Box, which is a new NFT. I think you can basically mint an NFT without having a wallet. And then it's in a nice account abstraction, MPC, something, something way. I'm not sure of the details, but Monday, 10 a.m., I think there's going to be an interesting conversation about that, which will be released later because I'm taking a vacation at the end of the month. Thank you, everybody, for coming through. Thanks, Christian. See you on Twitter.

Christian Montoya: See you. Bye.

Nicholas: I look forward to seeing you there.