CommunitiesEcosystem
Search
Login
Signup
Write a post
Switch dark

Steem Tools Development - Centralized Steemit.com vs. Decentralized App Center (Security Concerns)

73
8 years ago
in#security

I find it very cool that there are so many great tools being built for the Steem blockchain. There are several tools that I use on a regular basis, and fun new ones keep popping up all the time!

There is one tool in particular that I think brings up an interesting security concern regarding the long term future of decentralized Steem app development - www.Streemian.com created by @xeroc. This site allows you to follow voters, and it will automatically upvote whatever posts they vote on for you. I think this is an awesome idea for a tool, and would love to use it. There is only one problem though - I don't trust it.

Don't get me wrong. This is not an attack on @xeroc or Streemian.com. I actually think that out of all the apps out there which would require me to provide a key, @xeroc / Streemian.com is as close as one would get to being "trustworthy". @xeroc is obviously a trusted member of the community, and has the best interests of Steem/Steemit at heart. This is why I think it makes such a good example. If I can't trust @xeroc / Streemian.com, then who can I trust?

That gets at the point of my article. Who can we trust? As the site scales to millions of users, most of whom are not going to be technically or security savvy, are we going to expect them to start plugging in their keys to a bunch of random sites?


[Image from Pixabay]

Now I realize that Streemian.com only requires your posting key, which means they cannot access your funds - so in this case the security risk is not that high. But there still is a risk. Someone could post a bunch of content I don't approve of as me, or upvote a bunch of things that I didn't authorize to vote.

Also, there probably are some good applications that could be built that would require more authorization than a posting key.

This seems like a long-term problem with the idea that decentralized Steem blockchain development is going to have. I know that there are a lot of anarchist users here who probably think the opposite of me on this, but personally the only site that I trust to hold my keys is Steemit.com.

How do we address this?

securitysteemitsteemprogrammingsteemtools
8 years ago
timcliff73
$ 1.92
49
H2
H3
H4
3 columns
2 columns
1 column
14 Comments