How to deal with "clone" or alternative website accessing the steem blockchain
I am trying to start a discussion and find a solution about the following problem:
As steem.it is now Open Source, we will watch alternative site of steemit.com pop up everywhere.
So I guess we will want to login, sometimes if we want to interact with these sites. How will we know we can trust them ?
Anyway, whatever happens in the future, NEVER, NEVER put anything else than your posting key to any website other tham steemit.com (even if they look the same). I on purpose created this url https://steemlt.com, replacing the i with an l to make the community aware of the security problems we could be confronted with.
If you want to build your own alternative of steemit.com, you can read my instructions here (https://steemit.com/steemit/@artakan/how-to-build-your-own-steemit-com-website).
But my main point is how we will trust the future alternative of steemit.com ?
I'm not sure this is a problem exclusively with steemit and it's source code. It's the same risk as someone running a fake store online or performing a phishing attack. This kind of stuff happens all the time! Peoples credit cards, user credentials and personal information gets stolen all the time.
This isn't a problem with steemit alone, this is a problem with the internet itself. Vigilance on the part of the user is the solution here.
Ok, but I do not feel comfortable giving my private key to any third party website. Steemit.com should create a service like the OAuth protocol.
On the one hand, that's desirable, because the blockchain is open and decentralized. There have been other decentralized social networks out there already for a while (Diaspora*, Friendica) that also have different "pods" or "hubs" in the web (though you can mostly log in only at your "home pod").
On the other hand, of course someone who runs a web frontend could be malicious. Though your wallet keys and passwords could and should all be handled client-side (in javascript), an evil web administrator can of course serve a modified version that sends home your passwords and keys.
But you also have to trust the guys who run steemit.com that they don't secretly store your private keys and passwords.
That's why the best solution for a blockchain-based social network would be its own client, its own app to install and run.
Well for steemit.com, I have to trust them, no choice, but for the future clones to come, I am not sure ... There should be something more secure put in place.
@arkatakan your site is listed with the 'scam' tag over here - https://steemit.com/scam/@ash/scam-alert-steemlt-com - you might want to go over and put their minds at ease.
Thank you, at least there was a reaction, that's good. But my intention were not to scam anyone, just to raise awareness.
And thank you to defend me over there, I appreciate that.
Upvoted
Keep up the great work @artakan
Upvoted
Keep up the great work @artakan
Upvoted
Hi! This post has a Flesch-Kincaid grade level of 10.8 and reading ease of 56%. This puts the writing level on par with Michael Crichton and Mitt Romney.
Nice @artakan
Shot you an Upvote :)