I Made a Youtube Video about SteepShot since there isn't a lot of information out there about it
I'm new to Steemit so I'm only a few days in and still getting a hang of things. I downloaded SteepShot and started playing around with it. I noticed there's very little information out there about SteepShot on Google and I couldn't find a single Youtube video on the subject so I decided to make one.
I'm still not 100% clear on what Steepshot is and how it plays in conjunction with Steemit but here's my initial impressions and also a tip about how to login since I've seen a few people confused.
Thanks for the video. Is your phone sitting in a holder to film while you drive? that's kind of cool. may have to try that sometime.
Anyhow - my real question was the concern about putting in various keys and passwords from steemit into mystery apps... seems like a bad idea until there's more known or vetted about it. I'm curious though. Are all your funds and earnings still there?
I was somewhat concerned over the same thing. Honestly I'm new so I don't even have a full grasp of how or why that would be dangerous but I know enough that I did have a second thought about doing so.
What made me a little more comfortable is I've seen some people on here talking about SteepShot and also while I'm sure some bad stuff could still happen, from my basic understanding I don't think someone can affect my STEEM or Steem Power just from my posting key, would that be correct?
As far as the phone holder, yeah I grabbed this suction cup mount off Amazon. I've bought a couple of them I absolutely love them. Most of the freetime I have is in the car so I make a lot of videos while driving. Not only is it convenient but as someone who's a little awkward and camera shy for some reason Im more comfortabel making a video and talking while driving than I am just sitting in a room and doing nothing and talking. I think it sort of occupies me and gets me a little over the camera shyness.
Speaking from a point of view of cryptography and keys in general, I'd say, yes, there is risk in using your key, that is, if it is your private key.
The public key is just that, its public, and everyone in the world can see it. That's why it makes sense that you cannot post with it. If your public key worked to log in as you, then everyone could post as if they were you.
The private key is never known to anyone but the account holder. This is used to digitally sign messages to say "its the real me". Anyone who knows your private key can forge your signature.
This is where the trust comes in. When you give your private key to the app (which allows the app to speak authentically in your behalf) you are trusting that app not to transmit this key to someone for illegitimate purposes.
There is no way to safely trust any app that does not make its source code known. This is why Bitcoin Core works so well. They put the raw source code out in the open, ready to be vetted and scrutinized with a fine tooth comb and magnifying glass by everyone in the world.
Closed source is like saying, "Just trust us, our code won't do anything bad."
Edit: As for the scope of potential harm, yes, the Posting private key, according to the site, is limited:
The posting key is used for posting and voting. It should be different from the active and owner keys.
Just realized that they released Steepshot (alpha) on GooglePlay. Will have to check out it out. Thanks for the update.
Welcome man and thanks for the info on Steepshot, looking forward to this.
Michael