Steem Tools Development - Centralized Steemit.com vs. Decentralized App Center (Security Concerns)
I find it very cool that there are so many great tools being built for the Steem blockchain. There are several tools that I use on a regular basis, and fun new ones keep popping up all the time!
There is one tool in particular that I think brings up an interesting security concern regarding the long term future of decentralized Steem app development - www.Streemian.com created by @xeroc. This site allows you to follow voters, and it will automatically upvote whatever posts they vote on for you. I think this is an awesome idea for a tool, and would love to use it. There is only one problem though - I don't trust it.
Don't get me wrong. This is not an attack on @xeroc or Streemian.com. I actually think that out of all the apps out there which would require me to provide a key, @xeroc / Streemian.com is as close as one would get to being "trustworthy". @xeroc is obviously a trusted member of the community, and has the best interests of Steem/Steemit at heart. This is why I think it makes such a good example. If I can't trust @xeroc / Streemian.com, then who can I trust?
That gets at the point of my article. Who can we trust? As the site scales to millions of users, most of whom are not going to be technically or security savvy, are we going to expect them to start plugging in their keys to a bunch of random sites?
Now I realize that Streemian.com only requires your posting key, which means they cannot access your funds - so in this case the security risk is not that high. But there still is a risk. Someone could post a bunch of content I don't approve of as me, or upvote a bunch of things that I didn't authorize to vote.
Also, there probably are some good applications that could be built that would require more authorization than a posting key.
This seems like a long-term problem with the idea that decentralized Steem blockchain development is going to have. I know that there are a lot of anarchist users here who probably think the opposite of me on this, but personally the only site that I trust to hold my keys is Steemit.com.
How do we address this?
Very good and valid points here. The way streemian.com deals with it it the following: users add the 'streemian' account to their posting authority. That step does not add a key but the actual streemian user name to your posting authority. The (big) difference with using accounts instead of keys to 'share' permissions is that can change the streemian keys any time without the need to inform the user or ask him for permissiobs or worse, ask the user to change the key.
This way, the whole concept can be made bery secure by using rotating keys on the streemian account which can of course also be automated nicely.
It's not yet implemented, but the idea is to automatically (and seemlessly) change any (hot) keys in the atreemian account once a week or every day. Its just a matter of organization to keep the service up and running during transition.
That said, the underlying tech is so great that it can be made robust and secure for the end user while no funds or identities are at a risk for very long.
Interesting. So instead of handing over my keys, I am basically saying that another user is authorized to post/vote on my behalf? I did not know that was even possible. I still don't 100% trust that, but it does feel better than handing over my key :)
I still feel though that there is a lot of potential for new app/feature development that is going to require the use of keys though. And even with just granting authority, there is still the problem of trusting random app developers with the authority to take actions on behalf of one's account.
I think it is something we need to think a lot about, because a lot of users are going to be very wary of who they grant authority to, especially when money is involved. Trust is very important.
I fully agree with all you say!
From the perspective of streemian, this is the best option that offers what is needed and keeps a minimun of security over users accounts (in this case reputation, not funds)
I wanna know more about streemian.com, especially the voting system. Did it mean that it will vote automatically?
@xeroc may have more to add, but here is the post that has all the main information about the site:
https://steemit.com/streemian/@streemian/streemian-com-operation-follow-the-votes
Problem is only those who have cli_wallet are qualified to use the tool. I dont have cli_wallet and I dont even know how to use it.
I like how instead of it just being controlled by one giant whale, it's a scheme to allow users to follow the votes of others. I imagine that eventually it will be a feature integrated into the platform and work as a smart contract, obviating the security problems.
I totally agree. That kind of gets at the point in my article too. If this was integrated into the main site, I would totally use it!
@xeroc is the number one Steem app developer, IMHO. I'm pretty sure they already have some idea to put it in as a feature down the track. I'm quite sure they will soon. Not sure if it was your article, or another (I'm reading without full context) but they have a concept for Steem Curator Guilds coming up, where you 'lend' your SP to other users to curate with. Obviously that will be a reward for you as well.
It'll probably be called SteemTrain too, cos when you get a vote from a Streemian curator, next thing you know, 20 more votes come in. I just had it happen to me today even!
Replying here due to the nesting level.
Right on; and that's awesome. Either the integration of Streemian or the voting guilds would be a great enhancement!
My article was more on the broader topic of Steem app development though. Even though @xeroc may be able to and is likely to do this, the general trend has been for developers to build separate apps that stand alone from the main Steemit site.
If most of the apps are their own stand alone applications, then the security concerns brought up in my article will continue to be a concern.
@xeroc - I came across this post yesterday. I don't have as good of an understanding of the technical details behind how it all works. Would this potentially be a solution to the problem? The main downside I see is that it would probably require the user's browser to remain open and logged in to the site for it to work.
https://steemit.com/steemit/@digital-wisdom/introducing-steem-browsifier-full-access-to-the-steem-api-from-the-browser
That's a good question. The hierarchical threshold multisig permission model used by Steem (and BitShares) is much more flexible and powerful than Bitcoin-style multisig (for example @xeroc mentions in a comment here that a member of a multisig authority is free to change their own keys at any time).
The problem is that our current permission types -- posting, active, and owner -- are too coarse-grained for third-party integrations. Finer-grained permissions seem like they might have some value, for example I can think of a few services off the top of my head:
The management of third-party permissions from the UI perspective could probably be improved.
From a blockchain backend perspective, the blockchain isn't really designed with flexible permissions in mind. The internal blockchain API's, objects and the public protocol fields don't scale to M different possible permission types which may be delegated to N different third-party service providers.
It's going to take some design work to get this right.
The additional granularity of permission delegation would definitely be a way to improve on security. For a user like me though, that still might not be enough. I probably won't be trusting any apps that can do things with my account unless they are actually integrated into the Steemit website.
I don't know how many users are like me, but I am very wary of trusting any delegation of control over actions taken with my account. Even with voting or posting authority, a malicious app developer could do a lot with that access. (Especially if they wrote a good app that attracted a large user base.)
The thing that I am curious to see is whether this is a hurdle that we will overcome, and a decentralized network of stand alone apps is where we will end up; or if we will need to head more in the direction of a centralized Steemit platform with everything baked in.
I totally agree with ue with what has been published in ete post thank you very much