Let Binance be a wakeup call: The STEEM ecosystem should rid itself of all TTPs.

in #utopian-io5 years ago

In this blog post I would like to revisit some of my ideas on the subjects of authentication, authorization and delegation (of authority, not SP) in the STEEM DApp ecosystem. I hope this blog post will help to convey the method behind the madness some might experience when reading the individual posts and proposals I have been writing on the subject.



Binance and TTPs

Unless you just woke up and this is the first post you've read, you probably heard about the #binance hack. Once more, a rather important Trusted Third Party (TTP) in the crypto world got hacked, and unfortunately for STEEM this TTP happens to be a huge exchange featuring STEEM trading pairs. Despite the soothing words of user funds supposedly being safe, fund withdrawals have been suspended, likely to stop any kind of bank run at this moment.

Remember the promise of blockchain based money? No need for banks or any other type of trusted third party, because effectively the distributed ledger deprecates the need for a TTP.

Then somehow we all collectively lost track of the ball, and TTPs are popping up all over the place in crypto land.

Let this new failure of the idea of a Trusted Third Party be a warning to us, the STEEM community and importantly all STEEM DApp and STEEM library developers:

  • Not your keys, not your coins!
  • a shared private key isn't actually a private key!

STEEM

The STEEM DApp ecosytem has its own share of TTPs. There are two in particular that I would like to focus on in this post. Two that actually demand to be given access to your keys.

As I outlined in my STEEM Vission post, we as the STEEM community should embrace the blockchain for what it is and for what it allows us to say. What it allows us to say is a A big "NO" for Trusted Third Parties, and that big NO should include a big no for SteemConnect and an equally big no for SteemLogin.

So what are the alternatives? To look at the alternatives we truly need to differentiate between DApps that merely need us to authenticate our identity, and those that need to act on our behalves. And even the ones that act on our behalves should be differentiated between the ones that act on our behalves interactively, and those that we legitimately want to delegate part of our authority to that outlives the duration of some browser session.

Let us explore the three use cases one by one.

interactive use of our authority.

While not a perfect solution, I feel Steem Keychain by @yabapmatt is a huge step in the right direction for this use case. It is basically a STEEM wallet for your posting key that is implemented as a web browser extension capable of performing STEEM transactions while interacting with a DApp site interactively.

proving our identity without delegating any authority

Things aren't so great yet when it comes to proving your identity to a DApp without either providing the DApp with one of your keys or using a TTP such as SteemConnect or SteemLogin. There is a somewhat cumbersome solution of using a micro transaction for authentication, if you want to see how this works, I'm using a similar construct on my ebook download site, where you can currently download a copy of my illustrated mythpunk novel by authenticating yourself with a 0.001 STEEM micro transaction.

As I recognize this to be a cumbersome way to log in at this moment, and as I see the potential of Steem KeyChain, I recently wrote this proposal for Steem KeyChain to integrate a custom_json based operation for authentication that could be integrated seamlessly into any interactive website wanting to do authentication in a way similar to the micro transaction scenario.

long time delegation of our attenuated authority

So far we've seen that Steem Keychain can potentialy depricate both existing TTP solutions as far as interactive use of authentication and use of authority is concerned. The third use case though is a bit more involved and would require Steemit INC or community blockchain developers to add an actual non trivial feature to the STEEM blockchain.

So what is the problem? An example: I want to delegate @freezepeach the right to use my right to up vote a post up to 30 times a month, for usage in the @freezepeach false flag attenuation service.

With SteemConnect I could do this by delegating my posting role to @freezepeach and then running a script on my NAS at home that would monitor up vote transactions, would try to attribute them to me or @freezepeach, maybe based on the presence of a huge down vote on the post in question, and when the script decides @freezepeached had used up its up vote quote, would ask SteemConnect to retract the delegation. Now, how could we do this without a TTP.

In this proposal I outline how an implementation of capability-based facet-contracts on the STEEM blockchain could solve this and many other scenarios by making the STEEM blockchain into that what block chains were first designed to be: A distributed solution for getting rid of TTPs.

Sort:  

Hello, @mattockfs!

Thank you for your contribution. You managed to compose an informative and comprehensive blog post, and I appreciate the effort you put into your work.

On the content side, even though I like all the information provided, I have to admit that I wanted to read a bit more about your personal knowledge, views and experience with the Steem Dapp ecosystem. I also wanted to see more relevant visuals in your contribution. Regardless, the post is well-written and detailed, and the content is unique.

To sum up, this was a solid overal effort, and I am already looking forward to your next contribution.

Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.

To view those questions and the relevant answers related to your post, click here.


Need help? Chat with us on Discord.

[utopian-moderator]

Thank you for your review, @lordneroo! Keep up the good work!

Hi @mattockfs!

Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your post is eligible for our upvote, thanks to our collaboration with @utopian-io!
Feel free to join our @steem-ua Discord server

Hey, @mattockfs!

Thanks for contributing on Utopian.
We’re already looking forward to your next contribution!

Get higher incentives and support Utopian.io!
Simply set @utopian.pay as a 5% (or higher) payout beneficiary on your contribution post (via SteemPlus or Steeditor).

Want to chat? Join us on Discord https://discord.gg/h52nFrV.

Vote for Utopian Witness!

Coin Marketplace

STEEM 0.35
TRX 0.12
JST 0.040
BTC 70541.68
ETH 3582.21
USDT 1.00
SBD 4.74