Proposal To Make Steemit Safer
More developers make off-site improvements to the steemit experience.
Examples of this being:
This is great; it's a very agile way of making improvements to the user experience while the core developers are focusing on the low-level blockchain, and therefore only rarely have time to peak out.
But it raises a problem.
How can we stay safe when using the steem platform away from steemit.com?
For many of the apps, it's quite simple as they only use the information from the public blockchain, so you're no more at risk than when you're visiting other public websites.
But for apps that do require user authentication, how do we know which apps we can trust, and who we should give our posting, and active keys to?
This is a tricky question to answer, and the security measures available currently aren't optimal.
Outside Steemit, authentication is often handled by the OAuth protocol (what's seen as log in with Google/Facebook on other websites). This gives users control over what permissions an application has while also never trusting that the application stores their credentials in a responsible manner, but instead trusts only the OAuth provider.
This, however, doesn't exist for Steemit.
If a similar system could be implemented on Steemit, it could have the potential to make using off-site apps much safer.
Now, I'll be the first to admit that I don't have a lot of experience with blockchain technologies, and I frankly don't know how hard it's going to be, or even if it's at all possible (because we don't have a central authority on which OAuth often relies).
But as Steemit accounts are frequently worth tens of thousands of dollars, it's paramount to take any step to make sure the accounts more safe, and the current version of seperating keys into posting/active/owner, while a step in the right direction, is not enough, and users need more granular control over what permissions they give apps.
What can you do right now?
If you're not a programmer, and want to maximize your security, the best thing you can do right now is to never use your password. Instead, log into apps using posting/active keys depending on what permissions the app requires.
Also, look at what other users are saying about an app; preferably outside steemit, but also steemit.com; It's easy to be fooled by a nice looking UI, and well written copy. It's important, however, to realize that UI is just a skin, and can easily lie about what the underlying logic is actually doing. Furthermore, if the logic is kept on the server (which there are good reasons for doing), you have no way of verifying that the button actually does what it says. That's why it's important to see what other people are saying about it, and ideally on a platform that doesn't contain a bias toward the application.
If you're a programmer, and make steem-apps, make sure to give your users the ability to log-in using their keys. In fact, make it the default method, or better yet, disallow users to log in using their password, and keys that overstep the permissions your app requires.
Furthermore, try not to write credentials to disk, and keep it in memory as short as possible. Ideally, you should prompt the user to enter their key every time they want to broadcast something to the blockchain, or just keep all application logic on client side, so you never have to deal with authentication.
I realize that this is not possible for some automation services, but it's an ideal every every developer should strive for, and should make conscious steps toward.
Regardless whether the additional security is implemented, we owe it to ourselves, and the other users, to make an effort to make our apps safer, and discourage apps that practice unsafe handling of userdata.
Furthermore, we shall make sure that our apps are honest and transparent, and don't hide behind closed server-side logic.