You are viewing a single comment's thread from:

RE: Warning to users using third party applications - Be extremely careful providing your keys to anyone or any site!

in #security4 years ago (edited)

@timcliff and @sneak i am having a problem with exactly this issue.

I gave my active wif to streemian yesterday, before i really understood how powerful it was. Streemian misrepresented and said they could not acces funds with it.

Now i want to rescind all of the permissions but i have reset my master password twice - and checked to make sure it also reset my active wif, BUT STREEMIAN STILL HAS THE SAME PERMISSIONS.

I don't understand what's happening and all efforts to contact streemian and @xeroc, with no responses. Streemians permissions removal app is not working.

There must be some way for me to remove wif permissions, but i dont know what to do.

More details here: https://steemit.com/steemit/@dber/need-help-i-think-streemian-is-procuring-active-wifs-from-new-users-under-false-pretenses-2017616t93220644z

Sort:  

It looks like you actually setup new keys for these services to use. You did it with two different services. At least based on what it shows there it does look like it is posting authority only, but I have no way of knowing if you gave them access to owner authority as well.

You should ask for help in the #streemian channel of Steemit chat. There should be users there who can walk you through the process of removing their authority from your account.

IMG_0149.PNG

Thank you so much for responding - this issue is coming up hard against my slowly receding ignorance. How dod you see this information? Through cli wallet?

Also i definitely didnt give them the master password - and i have definitely changed the active wif twice now - is there any way they could still have owners permission after that?

Also, checked out the #streemian chatroom and there are a few people asking to leave and no answers from streemian.

Steemd.com/@accountname. I doubt it, but I cannot say for 100% since I don't know what was actually shared/done.

I gave streemian my username and my active wif.

Then I changed my master password twice.

That's the extent of it.

But the chatroom has no responses from streemian people and @xeroc is not responsive, and the emails to streemian are not returned in about 48 hours.

The fact that they request the active key at all, in hindsight, seems unecessary. That they says right above that that they cannot access your money, even though you've given them the active strikes me fundamentally false... though perhaps I'm missing something.

As far as I know you should be good if you shared your active key, and after that you changed your passwords and confirmed that your old active key no longer works.

Hmm - I definitely changed my passwords, but I didn't have the old active key written down.

I went through and found the actual transaction and update notice from streemian:

streemian.png

Then found only one other update:

update 2.png
That's all I can see as far as updates go, and neither seem to add any authority to the active or owner slot. This doesn't alleviate my concerns that they are collecting active keys, but if I changed my active key twice, that original should no longer be useful if I'm understanding correctly.

Really appreciate your help with this - really put me at ease. Thanks.

Hey, if you would like to revoke posting authority you can use this page: https://v2.steemconnect.com/revoke/@streemian Let me know if that worked for you.

Hi, thanks for link, how to confirm was it successful revoking?

thanks a lot! ive spent 2 hours trying to do this lol

good information to have on hand