Originally posted by the Wombat team
As of release 1.0.12 we are excited to announce that Wombat offers whitelisting of trusted actions. Users can select specific actions to be whitelisted so they don’t have to sign them manually any longer. This features gives every user full control to decide when manual signing makes sense and when it limits the user experience — for example when playing a game.
Why does whitelisting matter?
Wombat is all about lowering the entry barriers for first-time EOS users and always optimizes for great user experience. As a result, we challenged the current dogma of asking the user to sign every transaction, no matter how repetitive or low-risk those are. Of course it is at the heart of blockchains to give proof of the users legitimacy by asking the user to sign the transaction with the correct private key. However, we believe that not every action should be treated as the equivalent of a 1 million EOS transfer. Many actions, especially in gaming dapps, are low risk, they do not have much at stake and are quite repetitive (and let’s be honest, sometimes annoying). These actions can now be whitelisted. As a result it is less disturbing and more fun to play games on EOS.
How can whitelisting be activated and managed?
Every time a dApp asks you to sign a transaction a small pop-up appears and outlines the transaction details (as shown in the screenshot below) as usual. From now on you have the option to check the box “whitelist transaction” before you sign it. Wombat then adds the respective action to the whitelist and will automatically sign the next transactions for you until you remove the permission. All whitelisted actions are grouped by their smart contracts and are listed in the settings section. You can easily remove individual actions, or multiple actions belonging to the same smart contract if you no longer want Wombat to sign them for you.
One cool aspect about the whitelist is that it is synced with your Wombat account. So every time you use another device your whitelist will already be there. For example, if you use our Google Chrome extension (coming soon) with the same account as on your mobile device you will also directly benefit from your whitelist settings.
Why is whitelisting in Wombat secure?
Building Wombat is all about a fun but secure experience, so we make sure that users are aware of what happens with their private key. Once you turn on the whitelist, Wombat will always inform you whenever it signs a transaction on your behalf. Of course you can disable these notifications at any time if you choose to.
Whitelisting is based on the action that is being executed, but it doesn’t consider the individual parameters within the action. So you either trust an action to be whitelisted or you don’t. Because of this we will always ask you to sign EOS transfers manually, guarding you against any dApp asking you to transfer your precious EOS without your consent.
Disclaimer. EOSwriter does not endorse any content or product on this page. While we aim at providing you with all the important information we could obtain, readers should do their own research before taking any actions related to the company and carry full responsibility for their decisions, nor this article can be considered as investment advice.