Handling Private Keys: Does Steemit Break the Cardinal Crypto Rule of Becoming a Bank?
One of the most important rules in cryptocurrency is as Andreas Antonopoulos says…
”Your keys, your coins. Not your keys, not your coins”.
The whole point of bitcoin being written as a P2P direct protocol between two parties was that you should not need any intermediaries to step in as an authority to approve a transaction as being valid or not valid. This is why bitcoin is said to be censorship resistant, because it says it solves the byzantine generals problem of achieving consensus without the use of a central authority. At 6:34 NS James of Scatter drops a bombshell that I was not aware of.
by Dallas Rushing
Quote from above video...
"With Steemit, you have to create an account on Steemit with them owning your private keys. That's just because of the way the faucet works and all that kind of stuff. It's a problem that they're solving on EOS, but it doesn't solve the problem of them owning everything that you have, right? Steemit can one day say "hey, we no longer want to give you anything and we're just going to take back our keys and that's it, you're done, And I think that's potentially dangerous for people when we talk about them owning money on this network and you can't just have someone else have complete access to your bank account...".
I have for years been in a war with a handful of hackers who’ve distributed my software (such as Cyclonite, Vepergen and MeRcUrY of DcEpTiOn), so I’ve known about keyloggers and screen scrapers for a long time and have been extra paranoid about how I handle my private information. I’m one of the few people around who uses air gapped machines where information flow is strictly unidirectional toward the air gap but not away.
I was of course aware that the private keys to my Steem were being generated on a machine touching the internet, but I thought that it did so locally within the browser and as long as I stayed powered up, I felt confident enough to keep Steem keys on my internet connected machine. This was because if a thief saw my keys and tried to initiate a transfer, they would first have to initiate a power down which takes a week and there was no way that a week would go by without my noticing that and knowing that I’d been hacked.
As for EOS, I generated my private keys using an air gapped machine and only copied the public key to MEW to register that key to the ethereum address holding EOS tokens so that they will be picked up for the EOS blockchain snapshot in early June. Scatter supposedly keeps these encrypted on your local browser. The problem here is that I’m not comfortable exposing my private key to an internet connected machine until I’m ready to send funds away from the wallet I generated. At that time, a hardware wallet that generates private keys would presumably hold your new EOS keys in a hierarchical deterministic wallet.
It would be better if Scatter could take an encrypted file holding keys and then read it with the encryption key that I provide it (which would be different from the EOS keys) bypassing key loggers and screen scrapers. Better yet would be a method of generating fresh keys using zero knowledge proofs so that I could just send funds to a Scatter wallet fully encrypted which would invalidate the old private key making it useless to hackers.
Based upon what NS James says in this interview, I have to conclude that if the government wanted to collect taxes or confiscate wealth from Steemit users, they could force Steemit to hand over all keys and every one of us would be screwed. Please tell me otherwise if I’m wrong, but back it up with proof (I can read code).
I just got this from @fedesox that clarifies that only the private posting key is kept:
https://steemit.com/steemit/@steemitblog/steemit-to-update-password-policy
3FwxQsa7gmQ7c1GXJyvDTqmT6CM3mMEgcv
Steemit does not have a copy of your keys, they stay in the browser local storage and/or in RAM (if you don't check keep me logged in). Also it only stores your posting key and never stores your owner / active key.
EOSIO is designed to operate the same way, in particular your owner key can be kept in a hardware wallet (Apple Secure Enclave, Chip Card, etc).
Key storage isn't a property of a blockchain, it is a property of the client to the blockchain.
At the end of the day, true security will come from social network account validation and not depend upon any single key.
Ease of use is a factor for steem which is used frequently and not as much a factor for other tokens which are "saved and never sold".
OK. Thanks for the clarification here. But can you see why from what NS James said in the above video that I thought otherwise?
So much for no censorship. Gawd.
The problem is in the above video at what NS James said starting at about 6:34, if you see what I mean. Personally I don't want to cause FUD, especially if what was said is wrong and I now believe that to be the case. Dan's probably putting out a lot of fires right now, just when the all important launch is about to happen.
I get that, but again, there is no difference between Steemit and YouTube if a select few can basically censor what you say by making it disappear with a 100% downvote. A little excessive methinks.
Well, the other alternative is that this goes viral when it was incorrect. That would cause greater problems. I don't mind the downvote since it was explained, but someone should correct what NS James said before that video goes viral and tanks the price of Steem.
Tanks the price of Steem more. Hahaha. I understand. Are the SMT's still on time, because I was hearing on the discords that there are still major issues and their release may be delayed.
I haven't really studied the Steem platform. Most of my study has been in bitcoin core github code up to this point, so I couldn't tell you.
Well done @dan. It's nice to see you use your own Network from time to time. Perhaps you might consider unflagging the Post now that you've made your point. This comment should suffice.
Man can Hardy keep up with reading your posts! Yeah, with steemit it's an issue, but isn't it a private company distinct from the Steem blockchain, i believe, there is one witness who develops a separate wallet, so there is at least one alternative...
Scatter isn't a proper wallet and it's only use is when interacting online....
Highly rEsteemed!
People can find other options or another country to not pass codes and keys. As happened with the Telegram. In Russia, telegrams were banned, as the government asked the developer Pavel Durov to provide the keys to the Telegram. Pavel Durov did not provide the keys to the telegram. But the Russians have found another way how to use Telegrams.
that is indeed very worrying. Do we have any knowledge what steemit does with the information provided and how other steem-apps handle this? If steemit holds all the keys, that is not only a problem for national involvement, but also a huge bounty for hackers.
Not sure. If hackers still have to hack everything individually, then that's no longer a honeypot. I don't know how Steemit stores these Pub/Priv key pairs.
And with that... I'm going to walk away for most of the day. SMH. Man! Is nothing every truly safe? Maybe the scriptures were onto something, "store up for yourselves treasure in heaven where neither moth,....can destroy...."
See @dan's comment above.
Hmmm! Yet another bombshell there. How on earth and when for God's sake are we truly going to witness true and complete anonymity in this fast-paced digital age.
Aren't we in trouble?
Wait, how can Steemit hold our keys? You make it sound as if there's a database that caches all our keys.
I didn't say it. Listen to what NS James says in the above video starting at 6:34.
So what? he said exactly what I remarked, as if there is a cache of all the keys and databased with the accounts. That's absurd:
Here, on a completely decentralized network, a centralized authority with that kind of power is absurd. Correct me if I'm wrong but there are other services besides steemITinc that creates accounts (anonsteem) and nobody has the keys as I can change it at any time, plus a fork can happen should any of these vulnerabilities be evidenced in code. Maybe I am completely confused but you're saying exactly what I remarked in substance and exactly what James said which if true wouldn't need any kind of interpretation and would be evidenced in code/process but I see neither being something remotely plausible.
This is what he said:
Does that sound to you that there's no problem here? No authority? They can't do anything? They have your private keys. That means government can walk into Steemit, Inc and demand them with a gun to their heads. What do you think happens next? That they say no, or hand over the keys?
It sounds like you didn't want to simply agree to what I said when I remarked that what you're saying and what James is saying is that there's a database with all the keys (master, not only active) and it's constantly caches all new keys, somewhere at STEEMITINC, despite that there's other services like anonsteem which doesn't use the same faucet as STEEMITINC, and from what I remember anyone can broadcast a new user onto the chain if they have the Steem to fund the minimum fee for account creation, just like anonsteem.
Do you have any evidence to substantiate these things though, because that's like having the complete control over the network aside from the ability to delete blocks?
If this is true then Golos, the Steem Russian fork is in the same boat, completely compromised, and that is absurd because either Golos or Steem are founded on the principles of Decentralization and Transparency and expressly to undermine any such attacks by the government.
So, what do I think if gov puts a gun to their heads? They can tell them they are crazy, they don't have any control over the network and threaten all they want, they couldn't deliver the ransom if they wanted to because they are asking them to do the outright impossible.
See @dan's post at the top. I consider this matter settled.
Was there something I said that you think was either incorrect or contrary to common sense though, because I think you got on the defensive because of my directness in trying to get clarification on exactly what would be needed for your basis of that centralized authority, wouldn't such centralize authority need the functionality of caching all the keys in a coherent way, such as a database, even before the need to acquire the key, and wouldn't any such acts be completely contrary to the very foundation of this project?
More especially we who aren't coders...