Apple just killed Local Storage: what that means for Burner Wallets
Browser based wallets known as “Burner Wallets” have become a popular part of the cryptocurrency ecosystem. Today, there are many variations of these wallets, such as the original xdai.io, the Dai Card, or the hundreds of wallets that have been deployed through the Burner Factory.
The one thing all these wallets have in common: they all store the user’s private key in the browser’s Local Storage. Wallets use Local Storage so they can remain non-custodial, while still letting users send transactions without installing any apps or extensions.
Unfortunately, a recent change by Apple to Safari its Webkit engine threatens this storage model.
What exactly is changing?
A recent blog post by Apple’s Webkit announced that it will begin enforcing a “7-Day Cap on All Script-Writeable Storage”.
This change was intended to disrupt third-party tracking, but has the side effect of effectively killing client-only Progressive Web Apps.
Apple’s post is light on details about how this policy will be implemented. Based on Twitter responses and a thread on Hacker News, it appears that every iOS will keep a “clock” for how long it has been since the user has visited a site. However, this clock is only incremented on days that the user opens that app. This means if you don’t open Safari over the weekend, your expiration clock won’t increase.
Note that on iOS devices, third party apps are forced to use Webkit for web rendering. That means that other browsers like Chrome or Brave on iOS will likely be subject to these same restrictions.
What does this mean for Burner Wallets?
Mainly, this emphasizes what we already knew: Burner Wallets (in their current form) aren’t good for holding assets long-term. This change currently only affects Safari users, but it’s possible other browsers may follow suit at some point. If you’re keeping money in a Burner Wallet, you should back up that key.
Currently, this won’t affect the primary use cases of Burner Wallets: events (ex. ETHDenver, Dappy hours) and demoing new technology (Fuel Burner, Dai Card).
Events such as hackathons and dappy hours take place over hours or days, nobody is expected to keep using their BuffiDai tokens after the event is over. Furthermore, many of these events use unbacked, “play-tokens” anyways, so no value would be lost.
How can Burner Wallets adapt?
Just because most Burner Wallets today aren’t used for storing significant funds, doesn’t mean that wallets can’t eventually hold real money.
So how do we work around Apple’s new restrictions?
Thankfully, there is one exception to this new rule:
…the seven-day cap on script-writable storage is gated on “after seven days of Safari use without user interaction on the site.” That is the case in Safari. Web applications added to the home screen are not part of Safari and thus have their own counter of days of use.
Websites added as “apps” to the home screen get a pass.
Unfortunately, there’s no “easy” way to prompt a user to add a website to their home screen, users must find the button hidden inside Safari’s “share” panel. Future Burner Wallets will likely display warnings to Safari users, prompting them to add the wallet to the home screen & secure their funds.
However, this is just a band-aid on the problem. The true solution is to not make accounts completely dependent on a locally stored key.
ETHDenver 2020 introduced an exciting new Burner Wallet feature: counterfactual contract wallets. Contract wallets allow us to separate the “wallet” that custodies funds from the private key that signs transactions. Contract wallets can accept transactions from multiple signers, meta-transactions, support social-recovery, etc.
These contract wallets can be combined with third-party key-management services such as Fortmatic. Having your storage cleared isn’t a problem if you know you can just log in to Fortmatic with your email address.
These technologies are still in the experimental phase, however this new policy by Apple will definitely expedite their development.
TLDR: Apple’s new policy is frustrating, but our wallets will live to burn another day. 🔥🔥🔥
If you’d like to support this project, please consider making a contribution on Gitcoin grants. Gitcoin CLR Matching runs until April 7th, so every contribution can have a big impact!
Token Factory: Build tokens & pop-up economies with the Burner Factory
The Burner Factory now supports creating new ERC20 tokens and adding them to Burner Wallets to power engaging crypto…