ΞXTΞND - Bridging the gap between popular websites and Ethereum blockchain
ΞXTΞND is a Chrome browser extension that aims to bring the power of the Ethereum blockchain to various social websites such as Reddit.
ΞXTΞND is a Chrome browser extension that aims to bring the power of Ethereum blockchain to various social websites such as reddit. This is accomplished by making slight modifications to certain web pages (such as adding “tip” button to reddit posts) while having an Ethereum light client integrated into the extension. In the initial release, a user can send tips to other reddit users or buy them reddit gold with ETH directly.
Security and transparency
We are aware that user trust is of paramount importance here, so we did everything we could to make ΞXTΞND as transparent as possible. We have therefore open sourced every part of the project, including extension code (front-end), Solidity smart contracts as well as back-end code that is being executed both on our servers and on Oraclize. You can inspect the code on the project’s Github repository. This extension was built primarily as our contribution to Ethereum subreddit communities such as /r/ethereum and /r/ethtrader, so we decided not to charge any transactions fees when someone uses any of the ΞXTΞND functionalities.
User authentication and verification
The major technical challenge while building extension like this was to enable users to reliably link their reddit accounts to a specific Ethereum address without revealing any sensitive information or relying on a single server. We have managed to achieve this by combining OAuth process with Oraclize service. When doing initial registration, extension will prompt the user to perform reddit authentication via reddit’s OAuth2 API. This will allow the extension to obtain user’s reddit access token which can only be used to retrieve the username and some other non-sensitive user data. This token is then encrypted with Oraclize public key and sent to our smart contract. The contract temporarily stores the username that someone wants to claim along with Ethereum address from which the request was was sent and then initiates a nested call to Oraclize service which will perform the final step of user validation. This will essentially run a Dockerfile that is hosted on IPFS (so that anyone can see the code that will be executed).
Dockerfile linked above contains a Python script which uses decrypted access token obtained during the OAuth process to make a request to http://oauth.reddit.com/api/v1/me, an API endpoint that returns details about the access token owner. Only username is extracted from this response and written to standard output, so that Oraclize can forward it to the smart contract via callback method. Finally, the callback compares username that came from the API response with username that user originally tried to claim and if those two match then the username gets permanently linked to the Ethereum address from which the entire process had been initiated (the user is able to override this address with a different one at any time). This user can then receive tips directly from other users and will appear as verified, as shown in the image below.
Extending web pages
The extension injects a content script into posts on specific subreddit pages (currently /r/ethereum, /r/ethtrader and /r/ethdev). When a post is fully loaded, the content script will alter the page’s DOM by inserting “tip” and “buy gold” icons under the post and under every comment. A check mark icon will also appear if certain user has linked his reddit username to an Ethereum address via ΞXTΞND. Clicking on these icons will trigger a popup dialog where the sender can specify the tip amount or the number of months of reddit gold that he wants to send.
Buying reddit gold with ETH
Buying gold for someone is the best way of showing appreciation for a post or comment on reddit. During the past year or two we have come across dozens of comments from different people saying how great it would be if they could buy gold with ETH directly. Therefore, it was a no-brainer that we should integrate this feature into ΞXTΞND. In case you are interested, here is a short description of how this feature works behind the scenes: when you buy gold for someone through ΞXTΞND, the extension will first send request to our server for the current ETH/USD ratio (taken from Kraken API), which is then returned along with a signature that is used to prove that the price indeed comes from our server. After that, the buyer is shown the total amount of ETH which will be deducted from his account. If he agrees, an Ethereum transaction will get dispatched, triggering a specific blockchain event. Our server, which is constantly listening for such events, will perform signature verification and finally send gold to the recipient through ΞXTΞND’s reddit account. The recipient will also receive a private message notifying him about where the gift is actually coming from.
Further work
This initial release implements only two basic functionalities that we thought would be most commonly used, but we also have a number other ideas for features that we might implement down the road. Furthermore, if ΞXTΞND actually becomes widely used throughout Ethereum community, we would like to extend it to other popular sites where Ether payments could be useful (StackOverflow is currently on top of that list).