Here are some thoughts:

Blink journey:
1: the user uses a builder or a blink metadata JSON file generator, generating a format similar to solana blinks.
Sample from a live solana blink: https://www.quick-blinks.xyz/api/actions/mint?create={"code":"H4sIAAAAAAAAA5WQb0vDMBDGv0oodL6Z7ZaxTQdlbNMhIjpwf5hvJGvONrZL2iRdt4nf3aSVgiCIkFzujie/3JMPRzOdgjNyZhKIBnRL1AlNU8YT5bQdCiqULNNMcCPZigJRwS804gAUaYESLkoUm23yUFBAO3gTEtDJKMMauKtYbVQoQHnBwuS7gwinKAJdl4xH5jm2J5GdJdY6UyPfL8vSq+5c1ne84+nsv3I4ar+SjguZBi6eVxrvPYtaZYD7g1YeDPsGl0kWWlzH69iShNbH8qffDdMxsgL0/PTQiFYy/WsMkjG/Fit/z7geK+A0cIdTF2OrMofbm5hYUap0btZvLNM2NBtrnsks0RLwzMSSpCnoCaUSlGq43R7NH8uuKvBquV2sD/liQOL1lbjTUXwQgBMcnhN5vC429y8NqvqSBmF922J4Y5z/eMW4/w/f+fwCBQDG3EkCAAA="} with the format being: https://docs.dialect.to/documentation/actions/specification/action-types

Problem statement: So now we have generated the format, how do we distribute it in a decentralized way that does not rely on fetching it from a centralized domain?

2: in order to avoid centralized solutions an option would be to upload the JSON file to ipfs, ideally using crust(Crust Storage 101 · Crust Wiki), this JSON blob contains the pallet call to use and substrate chain to use(so that blinks can work/trigger pallet calls on all chains)
3: a link gets generated in an easy to parse format such as:
polkalink://<cid of uploaded file>

The link format can be whatever is most liked by the community

4: the users browser wallet detects the link by scanning the current website(polkadot-extension/packages/extension/src/detectlinks.ts at c3717383230f046905fd67cba5625c5ad15e2d68 · XcmSend/polkadot-extension · GitHub), if a link is detected(with a regex like:
/polkalink:\/\/([A-Za-z0-9]{46})/g, it will download the JSON metadata file from ipfs and insert a html tag that is rendered after the metadata specs In the JSON blob. Getting the input fields, the pallet call, the image link etc from the downloaded json file.
The browser extension also needs to verify that all fields in the file doesn’t contain any malicious script tags. So proper Input sanitization/escaping all malicious tags that may inject or trigger tags.

5: the html is now rendered and once the user press the button it will trigger the browser wallet to prompt for an transaction to sign

Twitter problems:
Anyone can create a “send me all your coins” button on twitter and in order to scam the user.
A recent interesting case study of malicious content on twitter is the $hacked token on solana:https://x.com/2600/status/1836480305634439334?t=K_i4WtUjbjtzGhcqcXkvAQ&s=19

Where a third party twitter app had post access to its connected tweeter accounts. Causing a publication(2600 magazine) that has been publishing security related content since the 1980’ies to have problems with twitter,. So one could assume that malicious links will always be posted by trusted accounts

Solana is aware of these problems and has implemented a trusted authority in the role of repository. Having blinks manually reviewed before published to there blink distribution server/repo.

An alternative solution could be to force the user to sign the JSON metadata before uploading it. In this case browser extension providers could verify that the blink was issued by someone that has a legit identity on-chain. “Has the above link been creaeted by a trusted account and signed by the actual person behind it?”

Goals:
Not rely on a single centralized site.
Have an open standard for the Json metadata that everyone can implement.

ps.
it would also be super cool if this can be combined with .dot domains, .DOT Authority Registration for the Polkadot App so a user can generate a link that ends with .dot and the .dot domain can point to the metadata file for the blink

~ flipchan

Blink MVP

Here is the MVP for the DApp Builder to generate a Blink. Still in testing, so expect bugs (and please notify us on the tg group).

The user then signs the blink metadata data and puts it on-chain (currently, all the blinks are stored on asset hub).

Notice how nice and small the URL is with the block number and tx index to locate the metadata.
<URL>/#/<chain>:<blockNumber>:<txIndex>
e.g. https:// blink.bagpipes .io /#/polkadot:7158641:2.

polkalink://

this approach is not as useful, because we want a URL that is also clickable so that users who dont see an app still have a link that works.

Metadata

Here is the metadata on-chain @ blockNumber 7145864, txIndex [2]:

this is naturally how its done above. The creator generates the blink by putting it on-chain. Then the People chain is queried to view their identity. But really, it is primarily down to when the blink is viewed as an app (whether embedded in a twitter post or viewed on a website) how the safety rules are enforced. They will have to check if the creator has the sufficient on-chain ID verification.

Here is a test blink created by Jay:

Extension (still experimental)

Here is the mini app in a twitter post:

The injected app will ofcourse look way nicer, it will target specifically the mini app window, currently its just injecting the whole web page. But hopefully it gives you sense.

above is enabled by using a fork of the polkadot-js extension, with content-script which detects “blink. bagpipes. io/#/::” and then injects an iFrame which fetches the (whitelisted) blink.bagpipes.io… URL.

The iFrame approach was suggested by Kheops at Talisman. This appraoch has trade-offs, in a sense it’s safer because iFrames are completely sandboxed from the Twitter site; it also allows the URLs to fetch, to make updates an uninhibited way. But of course it is hoping that these URLs are not malicious.
But we can also explore the approach which does not inject an iFrame from a URL but instead has the app code in the extension (and of course still fetches the metadata from assethub with the :)

See a video link to the current MVP and user journey of Blinks here… ^^

Setting a (standard) format

Just for clarity on the status of standards, currently you are seeing a focus on a simple-to-use DApp builder that can generate a mini dapp for you, which then creates a link that is shareable anywhere, and which takes the user to their personalised DApp.

At this stage, we make no claim to be setting a standard about the Polkdot Blinks specification/protocol.

“Standards”

The conversation of standards should always be open for discussion of what is the best approach. We will indeed adhere to (and/or contribute) to the specification of those standards, because that is best for the experience of users in the ecosystem, and perhaps yonder.

Currently, we have extended the metadata spec of Solana, purely as a “black box” approach to bootstrap something usable in tempo. This can be swapped out after some open gov or implied consensus is met.

This conversation on standard can be had after a technical post is shared, and this may be more suitable in a GitHub issue. This is still a TODO.

Or perhaps standards, similar to the Polkassembly proposal and comment standards happen organically when another provider Open Square, share data across from each other. I dont know what the Law on this is.

Maybe an open gov system remark as an intent might be a good consensus signal?

Some people may ask why are you not doing standard upfront? Because we want people to try stuff out and get some insights through doing, its just the approach we are taking. Its a very producty approach.

here’s a nice quote:

i dont want to run the risk of ruining people’s day claiming we are enforcing some “standards” and not setting up the due process - we have no authority to lay the law - its more of a conversation with relevant stakeholders (extension providers are an important stakeholder), and other people who are interested in Blinking.

Re: Twitter embedded Blinks you make good points about activity being mostly on mobile.
After basic research, it seems its a lot more of a challenge to do this for mobile, unless by a very hacky approach. or a behaviour change from users…

If we can really do this things permissionlessly and it’s not dependent on the whims of Elon Musk, then go for it.

yes, agree, browser extension approach is quite permissionless and less hacky than mobile. but of course, mobile need a solution.

A key point is though with an extension, it doesnt have to be just twitter where the blink unfurls into an embedded dapp, it can literally be anywhere the blink is shared!

This, may at least be a nice place to start?

<i’ll share a screenshot> of this link (https://blink.bagpipes.io/#/polkadot:7165967:2) which has become an embedded Dapp, because i’m using the extension.

---

Screenshot 2024-09-22 at 13.11.091227×776 161 KB

the screenshot above is showing the link https://blink.bagpipes.io/#/polkadot:7165967:2, which has now become an embedded dapp, because an extension is running, which is detecting the link and injecting the app (as an iFrame)

^^ : D

That’s so cool! So much effort you put into this! Amazing work, thanks for sharing!

At Distractive, we always want to shine a light on use-cases and give our target audience something to try out directly. Please reach out to us to include you in any future plans.

Hi all. You may have seen this too, but it landed in my email last night and I happened to be looking at this Blinks thread last night as well, so thought I’d share here.

https://earn.superteam.fun/listings/project/develop-blink-on-poster/

As parts of the Polkadot community work to extend the memecoin culture I found this interesting, both 1) Post Memes/Art/Posters to X and 2) Generate AI Posters via Blinks…so if anyone here wants to try and build something similar for Polkadot, great.

In general, I think in the Solana eco, SuperTeam does a great job of sharing developer opportunities via https://earn.superteam.fun/ and I would like to see more of that on Polkadot, but I digress…

This is a nice use…

Blink posters for “CT reply guys” to earn for distributing on-chain adverts with memes attached.

1. guy creates “Blink poster” in builder.
2. shares the blink in a reply (to express their personality lol)
3. whoever interacts with blink poster, the guy can earn some reward.

Exploring Approaches to Blink Extension

The extension is required to enable embedding of blinks.

Current Approach:

Extension detects the blink on a web page, then injects an iFrame of the DApp.

Issues:

Because the iFrame source is coming from a different origin there are some limitations and blocks.

Plan:

We are exploring all the other approaches to understand the upside /downsides and trade-offs. See the google doc to see a table of approaches. Feel free to make a comments and suggestions in the doc; select your preferred option, or if something is missing please add.

The feedback provided will give inform the approach we selected as the best path ahead.