RE: New features for developer - Use HIVE Onboard for your dApp by roomservice

View this thread on: hive.blog | peakd.com | ecency.com

Viewing a response to: @heimindanger/re-roomservice-qaqmz8

hiveonboard · @roomservice · May 22 '20 (edited)

Currently they are stored for a limited amount of time to prevent abuse. Of course the data is not used for any other purpose than that. Bad actors could create endless fake accounts and would drain all those account tickets available.

If you have any suggestions how to work around this issue, which is not a paywall, let me know. I'am open for improvements to be made. I don't like the fact that I have to store the data myself...

One thing I consider for a week now is open it up for oauth provider like Google/Facebook/Twitter - but this could open gates for abuse as well...

properties (22)

`author`	roomservice
`permlink`	re-heimindanger-qaqnad
`category`	hiveonboard
`json_metadata`	{"tags":["hiveonboard"],"app":"peakd/2020.05.4"}
`created`	2020-05-22 15:06:15
`last_update`	2020-05-22 15:07:57
`depth`	4
`children`	6
`last_payout`	2020-05-29 15:06:15
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	581
`author_reputation`	11,573,428,661,334
`root_title`	"New features for developer - Use HIVE Onboard for your dApp"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	97,523,644
`net_rshares`	0

@heimindanger · May 22 '20

Hash the phone numbers, and compare hashes to check for abuse. This way you don't know the phone numbers, but you can ensure nobody reuses the same one twice.

Thanks for making this open-source, and implementing the client-side key generation as I recommended on GitHub.

👍 roomservice, culgin, tips.tracker
👎 themarkymark

`author`	heimindanger
`permlink`	re-roomservice-qaqnct
`category`	hiveonboard
`json_metadata`	{"tags":["hiveonboard"],"app":"peakd/2020.05.4"}
`created`	2020-05-22 15:07:42
`last_update`	2020-05-22 15:07:42
`depth`	5
`children`	5
`last_payout`	2020-05-29 15:07:42
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	271
`author_reputation`	-16,507,408,909,111
`root_title`	"New features for developer - Use HIVE Onboard for your dApp"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	97,523,674
`net_rshares`	-812,642,384,745
`author_curate_reward`	""

properties (23)vote details (4)

voter	rshares	pct
roomservice	1,308,924,404,585	100%
themarkymark	-2,158,332,117,107	-10%
culgin	36,737,247,846	30%
tips.tracker	28,079,931	1%

@culgin · May 22 '20

Excellent idea to protect users' privacy

properties (22)

`author`	culgin
`permlink`	re-heimindanger-qaqo83
`category`	hiveonboard
`json_metadata`	{"tags":["hiveonboard"],"app":"peakd/2020.05.4"}
`created`	2020-05-22 15:26:30
`last_update`	2020-05-22 15:26:30
`depth`	6
`children`	0
`last_payout`	2020-05-29 15:26:30
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	40
`author_reputation`	170,100,255,531,223
`root_title`	"New features for developer - Use HIVE Onboard for your dApp"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	97,523,955
`net_rshares`	0

@roomservice · May 22 '20

Great suggestion, a shame I didn't came to this solution.

Will go for it this weekend - anyone can check the code on git when it's ready.
I'am also open for an audit if there are security concerns.

👍 heimindanger

`author`	roomservice
`permlink`	re-heimindanger-qaqnky
`category`	hiveonboard
`json_metadata`	{"tags":["hiveonboard"],"app":"peakd/2020.05.4"}
`created`	2020-05-22 15:12:36
`last_update`	2020-05-22 15:12:36
`depth`	6
`children`	3
`last_payout`	2020-05-29 15:12:36
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	198
`author_reputation`	11,573,428,661,334
`root_title`	"New features for developer - Use HIVE Onboard for your dApp"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	97,523,745
`net_rshares`	36,003,491,578
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
heimindanger	0 B		36,003,491,578	100%

@heimindanger · May 22 '20

I don't have time to write papers. But as far as I can see, your onboarding is the best available for Hive. Some store keys server-side (@esteem) and add security risks (see issue with @community321 hack on steem). Some don't even give the keys to their users (@steemmonsters). Some other just sell the accounts, when nobody wants to pay to try a social network.

The only problematic data are the keys and the phone number. If you don't have it stored in your db, technically you could even make your db public. The only security concern then is your own key that is used to create the accounts, and that's only a risk for you. As long as your server is secure (i.e. regular package updates), your key should be fine too.

properties (22)

`author`	heimindanger
`permlink`	re-roomservice-qaqotn
`category`	hiveonboard
`json_metadata`	{"tags":["hiveonboard"],"app":"peakd/2020.05.4"}
`created`	2020-05-22 15:39:24
`last_update`	2020-05-22 15:39:24
`depth`	7
`children`	2
`last_payout`	2020-05-29 15:39:24
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	723
`author_reputation`	-16,507,408,909,111
`root_title`	"New features for developer - Use HIVE Onboard for your dApp"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	97,524,177
`net_rshares`	0

2 replies