Posting Authorities

in blog •  6 months ago

Because of the rain and storm HF20 brought, I highly increased the times I go and visit - I bet you did too, because we were all busy checking out our RC and VP (no, I refuse to call it as VM because the latter is also known as Virtual Machine, this is too confusing) with the new calculations used by the new system. It's pretty neat that the site can approximately tell you about how many comments, votes and transfers you can do with the current mana, although it's not too important to me for now, because with around 100 SP I can do more than 100 comments with a full mana, I will never use up that much. Also, it gets a little painful if you are looking at low SP accounts (those around 20), Steem really needs more patches in this period. Witnesses, stay strong and keep rebuilding and replaying :) we're with you. 

Apart from showing a huge list of what your account did in the past and its stats (in which you might not understand at first sight, it's okay because I didn't too), Steemd also gives a small panel showing who were authorized by you to do certain stuff for you. Steem apps that require you to log in are likely to want to post stuff using your account, so it's pretty self-explanatory anyways, especially for custom Steem UIs like Busy and Patriko. They can't do a thing if you don't give them the posting authority. 

Let's take a look at my authorities panel...

This somehow gives me some mixed feelings...

This somehow long list actually reminds me of how my Facebook account was used to look like. Since, well, logging in with Facebook is such a wonderfully convenient thing. No email confirmation, no strange password requirements, no new subscriptions that might be automatically added to your inbox, just a simple "Log in with Facebook" and use the good old credentials you have remembered for life, and whoosh you are in, saving tons of time and money that might be used for buying Panadols. It is so convenient that for one time I actually get hyped every time I see this button since that means convenient one-click access to the site. Now thinking about this, having convenient log-in methods really help to drive traffic to the site, eh?

But as you know, logging in with Facebook gives those sites access to those privileges you agreed to share with them when you click the "Continue" button. It is pretty much clearly listed out there but most people just click on that blue button without caring that much. Most of the times, it doesn't matter too much if the application only requests for your age, name, and stuff that can be accessed from Facebook by anyone. However, for some apps it gets a little more exciting. It is indeed possible for an app to get your workplace, access your posts, write posts for you, and share pretty sensitive information if you allow them to do so. And, it is perfectly fine for them to do so because you agreed upon that on pressing the "Continue" button. So in the past, it is pretty famous for people to have their Facebook account "hacked" and start posting various spam on everyone's wall just because they accidentally gave a bad app the posting privilege. Luckily I was never a victim of that despite at some point I have 100+ apps connected to my Facebook account.


Now looking at my authorities list...wew.

I said that it gave me mixed feelings, because it shows that I have gave posting authority to so many stuff and all of them are fully capable of writing posts, commenting, and vote stuff on my behalf. On the bright side, it shows that I have been actively using the Steem blockchain and abused what it has to offer...somehow.

I actually believe that stuff on my list are actually managed by people that has morals and won't use the privilege to do bad stuff, but it is always good to revoke them once the application does not need it anymore. Since well, having another person holding the privilege increases the likelihood that it gets misused just in case an attack on that privilege holder is launched.

So now let's revoke some stuff.

Actually the thing that brought my attention to this is DLive's migration away from the Steem blockchain. One of the posts talking about this reminded readers to revoke the posting privilege from them, so I actually wanted to do this for some time already but just kept on forgetting about it. So now, let's just do it right away so that I don't forget it again.

But how to?

Steemit is not the typical social site we used to know. On Facebook or Twitter, we have a dedicated page for us to manage the connected applications (or in other words, allow us to be amazed at how many applications we connected over time), but this is not the case for Steemit. So we need a workaround. Although I do agree that we deserve a better way to manage those connected apps, but workarounds seem to be the only way for now.

I'm not sure if there are some direct documentation in Steemit, but searching it directly seems to be the most straightforward way to find a solution. So a search on some search engine gave me this. It seems straightforward enough anyways, so let's start revoking stuff.

Starting from the top of the list I'll try revoking Utopian first. So by using SteemConnect, I used this link to do the revoking.

It will require you to log in, and after that, woosh, it's done.

If we look at the transaction, it is actually an account data edit that changes the list of authorities, removing the one revoked. Might be a little complicated on the code side, whatever, we have SteemConnect to do the job for us :)

Since I only use Steempress, Steemauto and Patriko for now, it would be fine for me to revoke everything else. To be honest, I don't even think that Steempress is in the list because it uses my posting key in the configuration instead. I don't even know what is dreply.

After some intense cleaning...yep, I'm done.


It's quite important to make sure that you only give authorization to those who need it to work and review them from time to time. Remember, it's your stuff, you won't want random people to read and maybe abuse it as they want.

After finishing Steemit's side, probably we should also do the reviewing for Facebook...wew, it's really not easy keeping online accounts safe.

If you are also cleaning your authority list, no matter on Facebook or Steemit, have fun :) see you next time.


--- Posted from my blog with SteemPress.
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

You’ve been upvoted by TeamMalaysia Community :-

To support the growth of TeamMalaysia Follow our upvotes by using and follow trail of @myach

Vote TeamMalaysia witness bitrocker2020 using this link vote for witness