Are you familiar with the elections taking place for the Structure of Steem Alliance? There have been some changes which might interest you.
At first I wasn't excited about all the talk about Steem Alliance. It resembled too much with politics (and still does). But truly, I believe some form of organization that transcends the witnesses and Steemit Inc. is necessary to push us forward.
And that's what Steem Alliance at least promises to be in some future, a foundation that can help Steem step up to a new level at best, or offer coordination in various domains at minimum.
How exactly Steem Alliance will be shaped up is settled, in the first phase, these days, when its structure is under vote. Either that, or we'll have a big super proposal in the end, but then, what's the point of a vote?
While initial rules stated that only registered voters could have voted for one or more of the proposals, there was issued an update that all steemians can and should now vote, by going to this poll.
You should of course check out the proposals first, and don't vote uninformed! You can check out the final proposals on the same page linked above.
The vote period itself has also been extended from one week till April 24th, to give more time to people to understand what this is about and cast their vote. This is very well, as it is already clear not enough people spend time to understand what this is all about.
In principle, I believe changes of the voting procedure during the voting process is not a good call, but maybe we'll all learn in time and do better.
I also think allowing a multiple choice vote is a possible mistake, because it makes the vote less focused, less responsible, on the logic that if you vote for all the proposals that you partially like or teams that you like, you've done your part. But you haven't! Because you haven't really chosen, have you?
I haven't voted yet but I will. Not that I'm a big whale to make a splash or even a dolphin yet, but well, if everybody thinks like this and leaves it up to the huge stakeholders... By the way, the vote of whales is capped at roughly 250k SP, after which every 1 SP counts less for them, so smaller players do have a word to say too.
P.S.: I initiated a poll of my own yesterday on the topic of Steem Alliance, if you would like to take a look.
I really feel these votes should get postponed until there is an option to vote without using steemconnect. I'm a smalish fish and I only dare use steemconnect with my 0.2MV account, not with my 6MV account. I imagine that especially the bigger, security conscience, stake holders will get excluded are excluded from these votes by demanding the use of steemconnect because, well, it is technically tricky to allow people to vote without steemconnect.
Just think of it. I want to vote. In order to vote, I need to prove my identity. In order to prove my identity I need to give my bleeding active key to a trusted third party I have no reason to trust in such a way.
But then, voting without steemconnect is so simple, just create a set of comments and let people do 1% upvotes to cast their vote.
I've compiled options for active key usage in the thread now here. We get the concern, but now feel there's enough reason to keep the process as is. If you have a way to assign posting auth in a way you are comfortable with, then there's a way forward without changing the process.
steemconnect isn't a security concern. In fact it was created to deal with many security concerns.
If you are concerned with it, then vote and then immediately revoke the authorization.
BTW, the SteemAlliance is not who determined that SteemConnect is needed, dPoll uses it. It would be more convenient if dPoll integrated with Steem Keychain and hopefully at some point @embelyer will do so.
He's done a lot of work upgrading dPoll in the last few weeks to enable the SteemAlliance's use of his service for this election. I for one appreciate that work.
@shadowspub
The current Rambling Radio Schedule can be found here
It's All About Community!
Thanks for your comment, appreciate it!
I like dPoll, just started to use it more. And I use SteemConnect. And I appreciate the upgrades Emre (@emrebeyler) has done lately to dPoll.
At the same time, @pibara is right in the case of people really concerned about security and who don't use SteemConnect at all (some of them might have really high stakes too, who don't like to use their active key often). Regular users use it though, because it is embedded in almost everything on Steem.
to be clear, dpoll or steemconnect dont get any active keys at their servers. It’s required to set posting auths in the first login and the code works on client side. (You can even do that manually without sc login)
Agreed. Could another malicious Javascript code read your active key? This would not be SteemConnect's (much less dPoll's) fault, just the pattern of use. Too many times using the active key increases the likelihood of it being hacked at some point.
Oh this is interesting and have not tried this yet! That would certainly work as another suggestion for security minded folks. Keychain for posting auth, SC+posting for dpoll use.
edit-- and suggested it.
SteemConnect "solves" security problem in a pre-blockchain non least-authority way, basically. SteemConnect implements a Trusted Third Party. The whole idea of blockchains is that it does away with the need for a TTP.
In order to use SteemConnect at all, you need to supply it with your active key. Not a problem if your stake represents €100 in value, but what if it is €10,000 or €100,000 or more? I use SteemConnect all the time on my 100SP @mattockfs account that I'm powering down continously, but I'm not going to be using it even once on my 3000 SP @pibara account. And if I won't use it for a mere 3000 SP minnow account, imagine how orca's and whales that are even semi aware of security would feel about giving their active key to SteemConnect in order to only prove their identity to the voting engine.
There are security concerns with authorization with steemconnect as well (I wrote a proposal for facet contracts addressing that, that I won't go into here), but the idea of using a TTP that requires access to your active key for mere authentication is beyond horrific.
I really find it shocking how many really smart people fail to grasp just how bad this idea is from a least authority perspective, and how unresponsive developers in this community are when I offer my expertise, experience and time with respect to least authority system design, audits and development.
I guess one of the rocks hit me in that sentence considering you have disapproved my witness at the same time you have written that comment.
To explain the unresponsiveness,
I am in the process of relocation to another country for a new software development job. Moving to another country is a tough thing, even though I have been preparing for like 2-3 months in advance for the immigration, paper-work, moving, etc., I have still lots of unexpected things in the journey.
I landed to that new country just one week ago. Still in a temporary house until I find a suitable place for my family. While having that chaos, I have worked on dPoll enhancements for the Steemalliance requests.
I don't say that was a burden. I love it when people use my tools or apps. So I am happy to make adjustments and enhancements for any of my projects.
Also, worth noting that the dPoll is not the only project I have been maintaining. I have lots of other tools and applications running on the scene.
I am open to any ideas to make account authentication better on dPoll. However, don't expect me to accept every idea/proposal or respond to every inquiry instantly.
Yes, I think that concern was raised, because I saw a comment on the elections poll post, giving the revoke permissions link via steemconnect for dpoll (or any other interface). But needing the active key in steemconnect still poses a certain degree of risk that we willingly or unknowingly take while using steemconnect for operations that do not involve our wallet.
EDIT: I think there have been already too many changes to the voting process...
Option 2: Do a 1% upvote of this comment if you think Steem Alliance should allow 1% comment upvotes as a way to cast votes without the explicit need to use steemconnect.
An unrelated question, because you are obviously concerned with account security. What tool/interface would you/do you use to manage delegations from your main account?
Option 3: Do a 1% upvote of this comment if you think Steem Alliance should allow micro-transaction based authentication as a way to cast votes without the explicit need to use steemconnect.
Option 1: Do a 1% upvote of this comment if you think Steem Alliance should require voters to use steemconnect
In case you were put off from voting by the security discussion here, I've compiled some options here.
I was ready to introduce another input, but feedback was that it would be disruptive and confusing, and there are ways to mitigate active key exposure.
No, I use SC quite frequently, but am in the process of moving my SP to an account that will be relatively inactive and from which I'll delegate, including to my main account.
I will vote for sure. I like two or maybe three proposals and I haven't made up my mind yet, but I'll only vote for one of them, despite the possibility of a multiple choice.
I hope this strategy will make the Steem blockchain a better place.
Posted using Partiko Android
Yeah, I hope so too. We wouldn't be alone with this kind of foundation in the crypto land.
Posted using Partiko Android
Bitcoin and Ethereum have it for a long time I believe!
Hi @gadrian!
Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your UA account score is currently 3.357 which ranks you at #7756 across all Steem accounts.
Your rank has dropped 6 places in the last three days (old rank 7750).
In our last Algorithmic Curation Round, consisting of 195 contributions, your post is ranked at #31.
Evaluation of your UA score:
Feel free to join our @steem-ua Discord server
Thank you so much for participating in the Partiko Delegation Plan Round 1! We really appreciate your support! As part of the delegation benefits, we just gave you a 3.00% upvote! Together, let’s change the world!