create account

RE: Steemit's Security Values & How Steem Keychain Can Help by fr3eze

View this thread on: hive.blogpeakd.comecency.com

Viewing a response to: @stoodkev/re-fr3eze-re-yabapmatt-steemits-security-values--how-steem-keychain-can-help-20190123t105051321z

steemit · @fr3eze · 
Active key transaction is exactly what I meant actually. What was the concern not to allow whitelisting transaction that requires actuve permission? 

I understand user's fund maybe at stake and that might sounds like posting a risk to the real money. But at least provide an option for those who would like to whitelist that kind of operation? That would really helps the mass adoption of Steem especially in the DAPP like dice game. And that to me is the final form how Keychain should be like. Users get to customize it to their most convenience.

Posted using [Partiko Android](https://steemit.com/@partiko-android)
properties (22)
authorfr3eze
permlinkfr3eze-re-stoodkev-re-fr3eze-re-yabapmatt-steemits-security-values--how-steem-keychain-can-help-20190123t150827024z
categorysteemit
json_metadata{"app":"partiko","client":"android"}
created2019-01-23 15:08:27
last_update2019-01-23 15:08:27
depth3
children2
last_payout2019-01-30 15:08:27
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length619
author_reputation62,201,653,753,684
root_title"Steemit's Security Values & How Steem Keychain Can Help"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id78,818,641
net_rshares0
@stoodkev · 
A website whitelisted to use active authority by a user could, if falling into wrong hands : 
- Instantly steal all of the user's liquid assets
- Broadcast an account update that would change the private keys and therefore take control of the account
- Initiate power down, etc.

I think the tradeoff between security and convenience is too big here, thats why we only authorize listing for actions requiring posting authority, since they don t have a direct impact on stake.
properties (22)
authorstoodkev
permlinkre-fr3eze-fr3eze-re-stoodkev-re-fr3eze-re-yabapmatt-steemits-security-values--how-steem-keychain-can-help-20190123t163058571z
categorysteemit
json_metadata{"tags":["steemit"],"app":"steemit/0.1"}
created2019-01-23 16:31:00
last_update2019-01-23 16:31:00
depth4
children1
last_payout2019-01-30 16:31:00
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length475
author_reputation190,283,772,273,558
root_title"Steemit's Security Values & How Steem Keychain Can Help"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id78,822,410
net_rshares0
@fr3eze · 
>the tradeoff between security and convenience is too big

I agree and they are all valid concerns. But you can still offer user the ability to decide whether they are willing to go for the tradeoff or not. Maybe the whitelisting process can be more hidden in the setting or put up a significant warning sign in the whitelist page for active authority. Option are tons.
properties (22)
authorfr3eze
permlinkre-stoodkev-re-fr3eze-fr3eze-re-stoodkev-re-fr3eze-re-yabapmatt-steemits-security-values--how-steem-keychain-can-help-20190124t015842000z
categorysteemit
json_metadata{"community":"busy","app":"busy/2.5.6","format":"markdown","tags":["steemit"],"users":[],"links":[],"image":[]}
created2019-01-24 01:58:45
last_update2019-01-24 01:58:45
depth5
children0
last_payout2019-01-31 01:58:45
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length370
author_reputation62,201,653,753,684
root_title"Steemit's Security Values & How Steem Keychain Can Help"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id78,845,169
net_rshares0
Help/Feedback