Steem Connect V1 vs. V2

in #steemconnect6 years ago (edited)

Keys: Posting Key vs. Active Key

By the way, a Master password or Owner key is enough to change the active key. So it is best not to use them for day to day use. Do not use them for Steem Connect.

By providing your active key to Steem Connect you give Steem Connect the ability to give themselves or anyone permission to post, flag, vote, troll in your name. Those with ability to post in your name would maintain this ability even if you change your keys! That means they could give a say rewardpoolrape these abilities. Also, you are giving them the ability to spend or steal your funds from your Steem balance at anytime present or future unless you change your active key.

By giving Steem Connect your posting key Steem Connect can vote, bitch, troll, spam, or flag as you but they cannot give that ability to another without sending that key.

Whence Active Key

Any wallet software needs an active key to spend money for you on your behalf including Steemit.com.

You can even use Steem Connect for making transfers. There are those legitimate uses of a user's active key.

V2 is more Powerful

Whereas Steem Connect can do all these things with a posting key above, a site using the v1 Steem Connect can vote, flag or post in your name but only the actions you had given it permission to do. This is necessary in order to put vote buttons and posting options up. Also, the key stay in the browser and never gets stored. Once you close the browser the site can no longer do these things for you.

Now if a bot controlled by some site is to do things on your behalf, such as vote up all Steemfiles posts, it would be undesirable that you would have to leave your computer on and browser open for that. It can be done as you sleep or eat. So by giving a bot posting authority to your account, a bot could vote for you but your key need not be stored! The bad news is it takes the active key to give posting authority to a user.

So a v2 site like utopian.io can post, and D-tube now, do not have your active key. flag and vote even while you are not logged in. A v1 site can post, flag and vote but only while you are logged into that site.

A security concerns may keep you from using v2 of Steem Connect but it is Steem Connect that has access to your keys, not the sites that use Steem Connect. However, the sites that you connect to via v2 Steem Connect can do all of these things whether you are using the site or not. If you are comfortable with Steem Connect being your wallet, then you can get access to some of the newest Steem related sites out there.

Some sites use Steem Connect v1. This gives Steem Connect less power and limits what the site can do. This was a conscious decision. Steemfiles doesn't keep your keys and actually doesn't do anything on the users' behalf on the block chain. Steem Connect lets Steemfiles know that a user is who he says he is. That's all it is used for.

Steem Connect is maintained by @buay.org
Please also see:
My new Voting Declaration

#steem #keys #security #en
6 years ago in #steemconnect by
$1.14
  • Past Payouts $1.14, 0.00 TRX
  • - Author $0.87, 0.00 TRX
  • - Curators $0.27, 0.00 TRX
8 votes
Reply 2
Sort:  
  • Trending
    • [-]
     6 years ago 

    Wow! Never knew, thanks for the information.

    $0.10
    • Past Payouts $0.10, 0.00 TRX
    • - Author $0.08, 0.00 TRX
    • - Curators $0.02, 0.00 TRX
    1 vote
    Reply
    [-]
     6 years ago 

    Good Article !
    It is important to understand, that not every application that uses steemconnect has the keys - thanks to OAuth2

    $0.00
      Reply

      Coin Marketplace

      STEEM 0.30
      TRX 0.12
      JST 0.033
      BTC 64093.86
      ETH 3123.80
      USDT 1.00
      SBD 3.94