Ok, this morning when I wrote the post about @dlive Force Following and pushing content, I didn't think through all of the potential ramifications of this. Now that I have had more of a think inspired by @personz comments an hour or so ago, I have to write this post.
Have you corroborated this with anyone else? And can you post more "proof"? This on it's own doesn't stand up as conclusive. @personz
No, I have no proof, can anyone find it for me? This is the blockchain, all the information for every transaction must be there. I have this from steemdb:
The only ones in there that are mine are those following the musician @benleemusic and @exyle's mum, @clio.
If someone with some blockchain exploring skills (@paulag or @miniature-tiger perhaps) is able to trace the actual blockchain transactions that would be great.
Now, as annoying as the force follow is, that is not the problem at all. The problem is that there is no way to indicate that the action and subsequent transaction isn't made by me as far as I am able to tell. This is a massive, gaping hole on an immutable blockchain.
Do you check every transaction recorded to ensure that it was actually made by you? Does @ned and @dan? Have they signed into Steemconnect anywhere?
Are you seeing the problem yet?
If there is no way for the transaction to be traced to the real transactor (@dlive in this case), that means that the it is attributed to me and I have no way to prove otherwise. I haven't been hacked, I haven't lost my keys, all I did was to use Steemconnect to sign in to a service.
That means that any Steemconnect enabled app provider can post as me without me being able to prove otherwise. What happens if they do not like me, what happens if someone pays them to plant something somewhere on an obscure post, what happens if I was a politician or celebrity?
I like conspiracy theories so let's create a quick scenario worthy of @v4vapid.
I am a young politician running for office and have a Steem account. I sign into @dlive to deliver some speeches for my fans. @dlive can now follow whoever they like and post as me. Someone running against me decides to skew the game. They create a few alts, set up some very questionable material in an obscure corner of the blockchain and pay @dlive to post under my name. With the flood of campaing actions I am making, will I notice? Perhaps they will introduce a few confessions, upload a few inappropriate images. At this point, they can either leak it to the press or use it to blackmail me. How can I fight it on an IMMUTABLE blockchain?
Blockchain technology is supposed to protect us from this possibility, it is meant to save us from fake news and false information. It cannot do that if I can't even prove if the transactions on the blockchain are mine or not.
From what I understand, @dlive has been pretty quiet about this so far and it is a closed project (with a massive Steemit delegation). How I see the options going forward:
- Introduce a marker to Steemconnect ASAP and cross fingers
- Shut down Steemconnect ASAP until the marker is created
This is a gaping hole in my opinion (if there really is no way to track it) and MUST be treated as such and with speed and decisiveness. With the amount of poor, scamming behaviour running rife on the platform and the amounts of value and future value at stake, there should be no shadow of a doubt as to WHO is making any of the transactions.
I know many of the whales here who commonly use these services and with the amount they are targeted already, this should raise many concerns. There are also many people scamming but now they have a Steemconnect scapegoat 'It wasn't me!'.
I am hoping that as a community we can force action upon this very fast so I ask to please share this on and bring it to the attention of anyone who is potentially using Steemconnect as it might be important to them to understand that there is a potential security risk.
This may sound alarmist but I mean it to be precautionary as the whole idea of the steem blockchain and the future of its value depends on immutability, trackability and the ability to TRUST IT completely.
Thank you.
Taraz
[ a Steemit original ]