Thoughts on the security issues.

So one of the things I took away from the users surveys I conducted as well as my own experience is that when we all say Steem is too hard, that's not 100% accurate. Everyone said it's easy once you learn or something along those lines. That seems pretty obvious, but I read that as in that it's not like there's a lot you have to remember or that it's actively difficult even with repeated use.

What that says to me is that it's not that using Steem is hard, it's that finding information on how to use Steem is hard. You have to scour the internet, or ask people on Discord, or the explanations that are accessible were written by people who are not very good at putting things plainly and making information accessible for people coming from a variety of levels of technical sophistication.

So to the point, I don't think frontends should "force" or push users to sign in with particular keys. I think there should be clearly written and easily accessible information on what the different keys do, and which one is appropriate for what actions. Then let the users do what they want. We are not the custodians of their security. That's their responsibility. We shouldn't sacrifice user experience for nanny security. That's what Steemit has been doing and it's not working.

Another angle

Use Keychain. This presents problems because there is no mobile version of keychain and it's a separate app that requires download and installation etc, but it only needs to be done once and it drastically improves the experience. Again, just making it part of the flow to point people to download Keychain and explain what it does clearly and concisely. Its not an ideal solution, but it's many steps forward from where we are.

The experience we want to move towards is donations/tips being about as frictionless as upvoting. It might require some different approaches to how we think about security, but I think it's worth it.