Blockstack ID identity address should not look like a bitcoin address

[larrysalibra]

Blockstack ID owner addresses are bitcoin addresses. These owner addresses secure the user's ID and own their username when they add one.

These addresses are user-visible in the browser interface.

I'm concerned that users will try to send bitcoin to them inadvertently - they might think that their wallet is the same address as the address on the Blockstack ID.

While we could retrieve the money since the private key of that address is derived from their secret recovery key, we don't have that functionality at the moment and probably want to avoid this type of confusion.

@yknl @guylepage3 @shea256 and I discussed a couple ways of doing this.

1. Appending the letter b to the address - we would then remove the b when using the address in the system
2. Using a different network version for the address (so that the address wouldn't start with the same character as a mainnet bitcoin address)
3. Displaying the public key hash

Since this touches the entire system, it would be great have input from the whole community before making such a change. I would love to hear your thoughts!

[guylepage3]

In my opinion. there should be a bit of a separator between the "b" and the address. maybe something like b- is enough.

b-1FfmbHfnpaZjKFvyi1okTjJJusN455paPH

[GinaAbrams]

Appending the letter b would signify the Blockstack ID owner addresses, correct? This seems like a straightforward solution to me. +1 on what @guylepage3 said 😄

[jcnelson]

Since this touches the entire system, it would be great have input from the whole community before making such a change. I would love to hear your thoughts!

Can you clarify this statement more? It sounds to me like this only touches the user-facing parts of the system (i.e. every time you print an owner address, you pre-process it to mark it as such). Is my understanding correct?

[jackzampolin]

I like the idea of displaying a public key hash unless we want the user to think of this like a bitcoin address. The b- solution above preserves a potential cause of confusion for users.

[muneeb-ali]

I'd go for #3.

Appending anything to the address will make it an invalid address and it wouldn't show up on blockchain.info and our explorer (unless we support it there).

2 wouldn't move the needle that much because users don't really know what bitcoin addresses should look like and whatever we display they'd think it's a valid address.

Public key hash also makes sense conceptually that you own your name/profile with a public key and should have an associated private key.

[larrysalibra]

Here's how it could look with the b

[yknl]

2 wouldn't move the needle that much because users don't really know what bitcoin addresses should look like and whatever we display they'd think it's a valid address.

Agreed, most people won’t know what a bitcoin address looks like. Also, adding a b in front is so subtle that I don’t think people will even notice. So I’m in the option 3 camp.

[larrysalibra]

Appending anything to the address will make it an invalid address and it wouldn't show up on blockchain.info and our explorer (unless we support it there).

2 wouldn't move the needle that much because users don't really know what bitcoin addresses should look like and whatever we display they'd think it's a valid address.

We're intentionally trying to make it an invalid address for apps that expect bitcoin addresses.

Public key hash also makes sense conceptually that you own your name/profile with a public key and should have an associated private key.

My concern with this is that it's pretty long and wouldn't work for verifications. Here's an example bitcoin public key hash:

0450863AD64A87AE8A2FE83C1AF1A8403CB53F53E486D8511DAD8A04887E5B23522CD470243453A299FA9E77237716103ABC11A1DF38855ED6F2EE187E9C582BA6

Can you clarify this statement more? It sounds to me like this only touches the user-facing parts of the system (i.e. every time you print an owner address, you pre-process it to mark it as such). Is my understanding correct?

@jcnelson You're right we don't have to implement it system wide just on user-facing things. I was more saying that it conceptually touches the whole project.

---

Here's a list of prefixes & address types used in bitcoin. I really like the xpub xprv prefixes that are used to denote those key types.

some other ideas: me17VZNX1SN5NtKa8UQFxwQbFeFc3iqRYhem ME17VZNX1SN5NtKa8UQFxwQbFeFc3iqRYhem BSK17VZNX1SN5NtKa8UQFxwQbFeFc3iqRYhem bsk17VZNX1SN5NtKa8UQFxwQbFeFc3iqRYhem

---

Another option besides changing this is to keep the bitcoin address as is and provide a notification if they select it and try to copy it warning them that this isn't meant to receive money.

[shea256]

@larrysalibra this is a public key:

0450863AD64A87AE8A2FE83C1AF1A8403CB53F53E486D8511DAD8A04887E5B23522CD470243453A299FA9E77237716103ABC11A1DF38855ED6F2EE187E9C582BA6

This is a hashmd160:

11b85ec7aa79d243e72e8295a03e4c1ee19270a2

This is 40 characters vs. about 31-33.

[shea256]

The ethereum format is to put a "0x" in the front to indicate that it's in hex format, like this:

0x11b85ec7aa79d243e72e8295a03e4c1ee19270a2

[xmakina]

Could it be worth literally putting Blockstack ID next to the id and a ? hovertext explaining that this is not a bitcoin wallet? I'm not someone who's very clued up with bitcoin and I've thought that was a wallet address since I picked up Blockstack until I saw this thread

[danielmcclure]

I agree that any "b" or "b-" is likely going to be too subtle for many users. I can't comment Public Key hash but seems like @shea256 has an idea to make it shorter (although equally mistakable by human error probably). Also @xmakina's idea probably works. Just prefix it with what it actually is.

[larrysalibra]

While we're having this discussion, I'm also proposing that we have been calling the owner address the "identity address" - "owner address" made sense when each blockstack ID had a name, now that you can add a name later, "identity address" makes more sense. Thoughts?

[danielmcclure]

Is there any reason it can't be a "Blockstack ID" because that is quite literally what it is? Or if it needs distinction from a user's name "Blockstack ID Address"?

[larrysalibra]

we went with ID-1FfmbHfnpaZjKFvyi1okTjJJusN455paPH - this turns out to have still caused confusion amongst users who think this is their bitcoin address.

[guylepage3]

Much like what @larrysalibra was suggesting above..

Here's a list of prefixes & address types used in bitcoin. I really like the xpub xprv prefixes that are used to denote those key types.

I feel we should have a unique first 5-6 characters.. The unique identifier could be.. bskID

bskID1FfmbHfnpaZjKFvyi1okTjJJusN455paPH
bskID11b85ec7aa79d243e72e8295a03e4c1e

[vsund]

To leave my feedback here as well, I think especially the - as separator separates the both parts too good. People still recognize the address in there easily. Using the first few characters without a separator should resolve this in my opinion.

[yknl]

What if we gave everyone a free subdomain on blockstack.id like:

1FfmbHfnpaZjKFvyi1okTjJJusN455paPH.blockstack.id

And just display that in the profile?

[dantrevino]

Can I ask, why even show the id to the user on the main IDs page? In my experience, this causes confusion with new users thinking that they have a blockstack id ... or the bitcoin address thing too... You already give users the option to enter a "Full Name", if they want multiple non-blockstack-id-accounts, they can use the name to differentiate. So ...

0. leave addresses the way they are
1. remove "identity address" from profile page (/profiles)
2. Add "Full name" to the profile list (/profiles/i/all)
3. Add two buttons to /profiles/i/all: 3a. "Set as default" - user action should be explicit 3b. "Show identity address" - will show the user identity address, if desired

[wbobeirne]

Looks like at some point we started prepending ID-${id} to all of them, so I think this is resolved.

[markmhendrickson]

I'm reopening this issue since although we did start prepending ID- to identity addresses, there appears to be lingering concern in this comment thread that it wasn't a satisfactory solution.

I also have two particular concerns about how we're currently showing the address in the browser:

1. As a developer, using that prefix causes confusion as to the actual value of the identity address. In the browser, I see ID-1789gBX7w1XFPeG5SFKkbfsUbrHvnTvYRC but blockstack.js returns 1789gBX7w1XFPeG5SFKkbfsUbrHvnTvYRC as part of the user data object. Had I not coincidentally found this issue or otherwise noticed the discrepancy, I could easily have assumed that the ID- prefix either was or wasn't part of the value.
2. It's not clear to me why we even show the identity address at all in the browser UI (or anywhere else user-facing). Per @dantrevino's suggestion, wouldn't it be best to just remove it from display? We're encouraging users to register names, which are much more usable in general. I'm not even aware of what a user would do with their identity address alone. And showing anything code-like is bound to scare non-technical users.