The Joy of flashing the STEEM account-value!!

in #serious-security6 years ago (edited)

Never flash your money around said my dad, it attracts thieves and thugs. Keep it in your pocket or keep it safe and out of sight of strangers.


Because of a few million dollars on steem-display and an Internet full of scammers and thieves our company has had to pay a lot for extended security. No problem for us, we can afford it - but not everyone can and in the class society people in ghettos and slums get beaten up over nothing, what can steemians expect when the whole world can see they have something?

We as a company now have Israelian mossad-trained UN-approved military-protection 24/7 + more cameras, electric fences, and all kinds of cool shit we did not need before when we were somewhat anonymous or at least shielded from a public google search, however it has done wonders for the company in regards of credit-worthyness - but it is kind of sad to now have to experience how tough we have to be, simply to manage our stake properly.

We have heard many stories about extortion, we have heard about murders done to crypto-holders who lived in the wrong community and the reward to risk must have been worth it.

Real Power is something you must TAKE - It cannot be given to you!

What good does a trezor wallet with maximum protection do you if you are kidnapped and extorted to give up your keys? What do you do when strangers send picture of your children from the school or kindergarden extorting you, or else you may never see them again?

Yes - Some of you need to be stressed about these REAL ISSUES!

Basic security for your coins does not stop at encrypted papperwallets and hidden encrypted volumes, password managers and 2FA solutions... That is where it starts!

How to hide your STEEM ACCOUNT BALANCE from anyone but yourself?

By public demand of course. If you as a private citizen, entitled to privacy for yourself and your belongings - you must start writing posts here on STEEM why you want some privacy when it comes to information outsiders can find out about you... like your introduction-post with image of your face + your wallet a click away...

The technology for PRIVACY exists and can be implemented - but ALL OF YOU need to start demanding it!

The technology is easily deployed, you can ask any C++ developer with crypto experience about that. So If you want it, start writing posts about it and make sure #privacy #witnesses #developer and @ned or @sneak know what you want.

Our witness: @fyrst-witness will support steem-wallet and transaction-privacy when proposed - Do you vote for it?

Over at you should easily find a button to click on to vote!
Thank you for reading, now it is up to you if you want to act!



yes sir..
you are right..
Hello @ebargains
I realized that you are a good will person..your mind is so high..I feel in always time.. it is my changing in my life... in a middle I need a many contribution ... I hope that I always time help getting for you.. every time I am following for your post because your post informative for us......

I will try.. I always time.. I followed you and other persons I inspired in your post.

Your one 100% upvote changing my life...

Yes upvotes do change lives, ive gotten a $1000 upvote once from @thejohalfiles and it inspired me to go all out on steem everyday and he changed y life forever and I a forever grateful an I tru to do what he did for me to others below me on the steemarchy and I love finding potential human capital, we have a responsibility to help foster n intelligent discord where the smartest OR most productive people are rewarded for their smartest and most productive of posts..

OH and I wrote a steem rap for @fyrstikken while thinking about how that name "Norwegian for Match Stick" is so fun to say! ":D

Ruba Luba Lick it When you Thirst again? You needa make some Liquid wif Fyrstikken! Wanna make money Last again or First again? Lemme Bust it open on the verse again, Fyrstikken, First a Can , lemme bust uit open on the Verse Agaian, Fyrstikken, First I can, Ruba luba Dub Dubs on that First Again! First Again! Wuba Luba Dong Dong on the verse again! Cuz you Thirsty man! so come on make some money with Fyrstikken!
First I can, Next i cant, Ima fuck it up with the First Offence! Fyrst i can fyrst i can't, Never wuba lub dub when you cursed you damned, so come on make some money with fyrstikken
dropps mix

I cant believe no one saw this as a problem before the site was created!

I thoroughly concur with this!! As cool and spurring it is for apprentices to see the potential on Steemit when seeing Wallets, I can perceive how it could likewise maybe turn into an unsafe thing. I think where it counts that is the reason I would prefer truly not to uncover excessively numerous insights about myself while blogging, in spite of the fact that I know individuals like to become more acquainted with the individual behind the words. It's a hard choice to make, without a doubt. Incredible article! Re-steemed also!! we may begin seeing bigger record holders being the casualties of a wide range of malacious assault..

great to see this addressed.

I've definitely debated Powering Down as Steem price increases, for this reason alone.

Should Steem moon at some point, I really don't want it publicly visible what my SP is worth.

That alone should be something to consider, if we're collectively wanting Steem value to rise. Both from the side that it may be a deterrent for large Steem holders to keep Powered Up, and that potential investors may not like the idea of having to keep their investment size publicly exposed.

I've rarely ever gotten involved in the the witness voting, but you've got my support for this issue alone.

Appreciated your service in bringing voice to this matter and initiating the change towards a solution that protects the privacy of Steem investors. 🙏

Exactly my point. Why would any big holder keep holding SP if the price goes to $100? $1000?

At that point it would make more sense to power down and start a company in the real world.

Yeah, a lot of people holding crypto even in Russia got robbed. But how do you think it is possible for someone to know what your account worth? If you haven't ever flashed your face or whatever?

If using a pseudo name and have kept identity secret a whole time, sure.

For others whose profile names match their real names or have revealed them along the way, it’s a different story...

They'll find out eventually after you post enough. Analytic techniques allow for it to be very difficult to not link your flesh identity to your pseudonym.

The only good thing when you have it all in STEEM POWER is that the thief must consider he gets only 10% after one week and he must have a damn good plan to make sure the owner will not recover his account.... If i was a kidnapper I would prioritize other coin holders over STEEM ;)

It would however still be worth it for the thief even if he only got 10% and that 10% was for a large amount

Yeah, it's hard enough to get steem out when trying to do it legit haha.

I agree with you, So what next step

even if no one could access it all or not... would you still want your net worth publicly exposed...? 🤔

10% of 10 million dollars is a lot of money.

That is naive. If you have it in Steem Power the thief could coerce you into delegating your SP to them, or upvoting their accounts, and then what? Then you might keep your account indefinitely but lose control over how you spend your SP. Coercion is the issue.

So you are describing a scenario where the thief has control over you for a long time...

PS Have you forgotten about account recovery ?

It's not the account which you have to secure. The owner of the account has to be secure as well. Ever heard of extortion?

Scenario, corrupt law enforcement matches an account with a flesh and blood identity. Then one of the agents demand a donation to a cause which makes their lives easier or else...

If you're that worried (as in you're that wealthy and in a position that could make you that much of a target) then you could filter the steem power setting it up on multiple accounts that are very difficult to lead directly back to you.

Thank you for posting @fyrstikken.

Appreciate your post speaking out on this issue......freedom and privacy stand or fall together.

bleujay and bentleycapital are in total agreement with you and you have our support.

Wishing you all the best in your endeavour.


I am very glad you are talking about this because I believe your voice is likely to be heard. I know others have talked about this in the past, but I don't see this being taken as seriously as I would like it to be.

This is the only real negative I see on this platform. Any other problems are rather trivial, but like you say, this could get someone hurt.

Thank you for talking about it and I hope this conversation gets some traction.

This is the only real negative I see on this platform. Any other problems are rather trivial, but like you say, this could get someone hurt.

Censorship and the fact that users can't express themselves freely for fear of being downvoted by a whale is also a huge problem imo.

You do have a point there. In certain situations, that comes too close to theft, albeit without the violence.

Your welcome, Indeed lets make sure we get this conversation some traction.
It needs to be seriously addressed.

Hi, I just followed and upvoted you. Please kindly follow me back, thanks.

This is a serious issue that many have not thought about. This needs to be addressed immediatly.

I have thought about this too. It should be an optional. The right to flaunt your wealth on steemit should be optional. Not sure what the purpose is apart from promoting more investments into Steemit.

It encourages e to participate. But yes, the reality of having any sort of monetary value share publicly could be be a security issue depending on where you live.

Yeah, it's not the greatest feature. I think it causes people to follow whales around a bit too much as well.

Yea it's not like they need to make it a private blockchain just make it so you have to dig a bit to see that information.

I agree with you @diggndeeper and let's be fair to SteemIt too here. The theft that took place in person actually shocked quite a few people because many expected that theft would always be digital. I think this can be something SteemIt adds to it, if it chooses (as @fyrstikken may say if we ask enough), but I don't think SteemIt intended to bring harm or considered this would become an issue. The theft shocked quite a few people at the time.

wow! I think I agree with you on that privacy policy and security on people's account cos as for me, that doesn't have any good amount in my steem account. So seeing people's accounts makes me wanna work hard to arrive at such figure but the human mind is so dangerous and for that reason, I totally agree with you. And for such good post am willing to follow and upvote you.

Agreed, Our security is being compromised just to get more sign ups by showing off the wallet balance.

Seriously, Some Action has to be taken immediatly!

the wallet balance IS being showed to get signups, so what? lol people can hold their Steempower in multiple accounts but ten it wont do them s good, wont get s much curation, but yeh we need black steem

OR MAYBE NOT maybe we need money to be public? Maybe attracting thieves is just the opportunity cost, i mean you cant just mke teem accounts private, the whole point is transparency, and you can just hold money in bittrex have some anon steem accounts, but no steempower, SO communities will fix this, and also we will have privacy BUT then it wont be as popular....

so its a trade off

Yep, especially those who has notoriety as personalities. It's one thing to assume someone has money because they're popular on youtube, it's another thing to basically see their bank account balance.

its not a bank account balance its steem blockchain wallet, it is up to the user t simply not reveal who they are! But we will have black steem, picokernal talked about that, and its definitely happening also thejohafiles talked about it last year, hah the richer the steemian the more interested they are in funding private steem accounts,

The answer is on EOS not steem, EOS will facilitate the privacy from the beginning

So what is "black Steem"?

Well they can always remove their steem and have another account delegating all the steem power. On the other hand that just makes it harder to find out and less obvious. I think the nature of the steem blockchain is people will just have to get used to it being public in some degree because otherwise it would need to be a private blockchain like Monero.

Oh, I am scared that someone know about my 3 steems

Please help me, I need professional bodyguard for 1$ per month. ))

Sure! I could do that for 3 months :D

I am with you bro I love the idea

If you're worried about having all that money just give it to someone else :)

Upvoted past $5
Yes I think its a Bonus to get to show off your account balance, it attracts bad people sure, but so does everything! its not a stem issue its a human issue

The public balance ALSO attracts Good people ad investors and fans and loyal followers who will work hard to impress the steem millionaire

The public Balance is a GREAT thing its what i LOVE about steem.... and so what if it attracts thieves and scammers, tell them good luck and protect your keys and they won't be able to do anything.. its blockchain... and it would be a death sentence to fuck with fyrstikken he has an Army of loyal workers on his payroll, he owns his entire block basically, and he has crazy security, if anyone even tried to fuck with him theyd be dead and no one would investigate. It's a really serious social fortress he has and we should all take these precautions, the more news stories I hear about kidnappings and bitcoin and crypto related shenanigans the more I wonder about how to avoid becoming another statistic

The more money we make the scarier it gets, but steempower at least holds a deterant, even if kidnapped someone would have to hold you for 3 months to wait for the steem power down... thats why its good to hold your keys in a big Bank building, one you can actually can't do that shit in the USA or Europe... only few nations on the planet will respect your private property, makes me think a memorized brain key 12 word phrase is th way to go

I really see a huge potential for brain keys stored as mnemonically memorable songs, so that you can never forget your keys.... and we will find a solution for the torture attack vector. i think about that all the time,

The team at @agorise already developed Stealth accounts for Graphene. So I know it can be done.

Hi. I am Raju. Welcome to steemit.

Thanks, but I have been on Steemit from the beginning.

I felt you were being sarcastic about the introductory post and image - but hey, maybe I misread you. You're right about theft - it can happen digitally and it can happen in person too. I feel it's wonderful if people want to tell the world who they are, but they should be aware that there may be consequences for this, such as what happened to that one guy who had a physical theft of his crypto. You can't tell someone you have none when they can SEE your balance!!!

For new people, consider this when you use #introduceyourself with an image of who you are. Facial recognition is only going to get better.

I felt you were being sarcastic about the introductory post and image - but hey, maybe I misread you.

No sarcasm. These are real issues that we should and can do something about before more people get hurt around the world just because of STEEM. Please read the whole article and see if you want to conclude or dismiss.

Upvote and follow back

I have always thought this was a pretty crazy platform design and you are absolutely right, it could easily be coded out. I wonder what the thought process was behind it that made the dev's think that it was more important than privacy?

I will write a post about it tomorrow.

The idea is to increase the trustless nature of the blockchain, right? If you can't see the account values, it is harder (or impossible) to detect fraudulent activity on the blockchain.

Then there is the question: Who determines what activity is fraudulent? It's not an easy one.

I don't know how I feel about this... Privacy is good to have, although these changes may have far reaching ramifications relating to legal issues and the security of the network. I'll have to think about it.

I am not a pet for the current failing systems often referred to as legal, fraudulent, government etc. I am here to support those who change the world, and by that we change governments and we change everything! Julius Cesar does not rule anymore and Rome is famous for its many ruins.

I have created my post here as promised. Good to see @berniesanders getting on board too. Also I have voted for your witness @fyrstikken. Can't believe I had't seen that before.

More power to you!

I look forward to the day when we stop concerning ourselves with the dictates of some arbitrary government. I realize there are consequences for violating the monopoly of violence to which we are constrained, but tools like this should help us shed those aggressions.

"although these changes may have far reaching ramifications relating to legal issues and the security of the network"

I was thinking along the same line too.

The original idea was that all transaction is transparent and trustless, but censoring the basically the utxo of an account from the explorer brings its own set of issues. Should this really be implemented, does that mean transactions go the way of privacy-centric blockchains like Menero or Zcash? or is it just a simple censor slapped on top of the account value? and if it works like the latter, does it mean anyone who has the copy of the blockchain still able to see all the transaction and the account value? What power would that create?

I apologies if my thoughts and words looks confusing. As you said, we all need to think about it.

You bring up some valuable points. Honestly do not know enough bout it either way for it to matter now.

The main problem is the really lazy placeholder-like security system. Why do you need to have to expose your entire active key everytime you want to do anything with your wallet other than redeem your rewards? I understand you're not using your masterkey and that allows you to not have your account completely stolen, but someone doesn't need to steal your account to clean you out.

Why isn't there 2-FA for Google Authentication and Email? Just offer a selection of simple ways to reduce the risk I don't understand how they can think they can really compete with the likes of YouTube and Reddit when those people are going to be even less interested in getting serious about the security of their account than most of current society that also needs their hand held through understanding aspects of the blockchain system.

Ideally people should not need to know anything about what's going on under the hood, it should just work. It should be impossible to accidentally expose yourself to something that much of a high security risk and yet you're asked to do that everytime you need that active key. At least they created a separate system that lets you login and post with a different key. What they should have done and could still do is have the main system we're posting on now and the wallet system as visually separated. I want to have some sense of separation so it doesn't feel like my Facebook page is also my PayPal account. And why in fact do they not have a desktop wallet? It just always feels so insecure to me which is why I am so nervous about participating in the economy such as a delegating and so on even though I really want to.

So many strange design choices, but I'll stop before I get into a rant about why they didn't program a private message system or a bookmark/saved function for favourite or interesting posts you want to come back to. I get 3rd party devs can program stuff on top and create these things but I don't understand basic functions of this wasn't dome in a certain way to begin with.

If they had Ledger support that would solve the whole problem of private keys completely.

You're talking about some kind of ZCash, where noone could trace your funds.
But with it we have another problem - ZEC is so anonimous that noone could trace founder keys dont cheat you.

People have to accept the good with the bad. I'd rather they just make it more secure, like getting Ledger support would effectively solve all security problems, and having a more separate system so that it doesn't feel like my Facebook page isn't also my Pay Pal account.

Coin Marketplace

STEEM 0.17
TRX 0.09
JST 0.027
BTC 26882.56
ETH 1671.93
USDT 1.00
SBD 2.22