You are viewing a single comment's thread from:

RE: Is Steem Centrally Controlled?

in #stopthepowerdown4 years ago (edited)

Thanks for being reasonable ;)

For completion:
The changes in HF9 restored users' access to their stolen accounts (there was no recovery functionality before, that was introduced later as a reaction to what happened). It didn't nullify anyone, and stinc reimbursed affected users from their own stake.

Sort:  

Not correct. The changes in HF9 literally reset all the keys of the suspected compromised accounts (which is why johan's fork was nearly a clone of it).

In fact, this was done using a crude filter (all accounts with key changes in a certain time window) and I'm pretty sure that some non-compromised accounts were also reset (I was at risk of having some of my own accounts reset which would have resulted in significant financial losses to and raised this objection at the time, although as it turned out, luckily, my accounts were not within the window).

Steemit deemed this an acceptable cost for what they wanted to accomplish, and forced the fork through without non-Steemit witness approval, which I'm pretty sure had a lot to do with getting their own accounts back after they were compromised (since they were irresponsible in not using a posting key to access the website with their own enormous-stake accounts)

Only later was the "account recovery" feature added, which implemented a model that served Steemit's purposes but still likely would have resulted in substantial losses to me (were my key changes not fortunate enough to be outside the window by sheer luck).

IMO the view of "property rights" that Steemit is invoking is selectively self-serving at best, and also doesn't reflect an accurate view of how forks work anyway.

How does my statement contradict that? The keys were reset with the goal to restore access for the rightful owners, opposed to completely blocking access which is what was suggested in the recent discussion.

Probably users were lucky that stinc was affected too, yes. Still, it was not about locking someone out of their own account.

//edit:
Okay, now I see how i worded that wrongly. My focus was more on the intentions than on the actual HF code. Technically keys had to be reset to restore access. They were not nullified to keep the owner out though, resetting them was just the first step of the process and not the end goal.

Intentions are frankly invisible and unknowable.

IMO (though still not knowable) the primary intention of the whole ordeal was restoring Ned and Dan's accounts after they lost them by being extremely irresponsible. The primary cause of the loss was not a bug, as such (broad category of) bugs were entirely foreseen and even expected, and may well happen again even now. It was irresponsibility on the part of Dan and Ned. All of us at the time, including you, were well aware of the importance of using a posting key to access the web site with large accounts, and not an owner key.

The 'property rights' of those who were not irresponsible and stood to lose (and probably in some cases did lose) as a result of their actions were considered less important by an unaccountable central party who decided thus unilaterally and without even giving witnesses as chance to balance the competing interests. That sort of unilateral authority and action (which still exists) is a bigger existential threat to the blockchain than a broken web site leaking keys which never should have been put in the web site in the first place.

You don't see working to restore suspected compromised accounts an act of protecting property rights? As I said in my post, I wasn't a witness at the time and yes, I know Steemit was using their stake to vote for witnesses prior to HF17 which is why this stake issue is such a big deal to begin with. If they do full power downs and remove the connection between their stake and Steemit, Inc the company, then we'll back where we started with Steemit, Inc actively controlling witnesses directly.

I understand how hard it is to bootstrap effective governance models (been working on it since April with eosDAC), so I can understand some early decisions needed to protect the ecosystem (and, as you said their own accounts). I agree, they were stupid to not be using posting keys.

You don't see working to restore suspected compromised accounts an act of protecting property rights?

Protecting some property rights by compromising others, where the central authority gets to decide which take precedence over others? Not really sure I am sold on that vision of 'property rights', in fact I'm pretty sure I am not sold on it.

As I said in my post, I wasn't a witness at the time and yes, I know Steemit was using their stake to vote for witnesses prior to HF17

No, that is a different matter. Some Steemit employees were voting, including (but I believe not entirely) with stake that was vested from the ninja-mine.

In the case of HF9, it was the literal steemit account which immediately and without warning or discussion voted out all witnesses and pushed through the fork which reset keys on a wide swath of accounts, some compromised, some not. The witness discussion on the topic was literally "What's going on?" There is no way that you can say witnesses supported it, because there was no discussion or voting.

As I stated, there was a very real risk that I and others could have had our property lost and that only didn't happen due to luck (in my case a difference of a few hours). Steemit unilaterally decided that their own 'property rights' (really a misnomer when viewed through the lens of being the subject of one party's arbitrary decision) were more important than mine and others'.

Thank you for clarifying the history of what actually happened. Based on what you said, this line in my post is not accurate:

The witnesses at that time supported the fork in order to protect property rights (at least, that's my impression, I wasn't a witness at the time).

I'll edit it. Thank you as always for spending the time to clarify things for accuracy.

The whole reason there was a discussion about changing the number of witness votes was to close the loophole where Steemit Inc could (again) elect the required number of witnesses for consensus, wasn't it?

No, it was due to an exploit where someone could vote in 10000 backup witnesses and get a disproportionate share of the backup rewards.

Thanks for the clarification. :)

Coin Marketplace

STEEM 0.20
TRX 0.06
JST 0.028
BTC 23529.44
ETH 1648.79
USDT 1.00
SBD 2.65