Despite having been officially launched, the EOS network is currently halfway there, in a state that can not yet be considered alive. The community has its doubts regarding the voting process by which 21 producers of blocks of the network will be chosen, and for which it is necessary to prove that EOS cards are held with the private key of the receipt, which constitutes an exposure of their security.

Source

At the same time that they want to participate in the election, users are leery of doing so, due to the risk involved in involving in the process the private key that grants them access to their funds, and that, if compromised, would leave them completely vulnerable. For the EOS network to finally start, 150 million votes are needed. So far, only 37 percent of them have been issued.

"The biggest mistake in the EOS launch is the inability to understand that EOS retail investors will be reluctant to vote with their private keys online," an EOS user wrote on Telegram.

As a CoinDesk review, the CLEOS voting software, developed by Block.one, is the only one audited by third parties. CLEOS is managed through a command line that has some complexity, in view of which voters are inclined to use more friendly tools, but which may be less reliable.

"When something is too complicated for people, bad actors appear who try to exploit those weaknesses," Krzysztof Szumny, the lead developer of a voting program called Tokenika, told CoinDesk.

There are two reasons that justify the use of the private key in the voting process: to verify the legitimacy of the vote, and to correlate said vote with the assets in a user's records, which is used to establish the weight of a vote.

Yudi Levi, CTO and co-founder of Bancor said: "Your private key is required to vote if you are voting from a wallet, a command line tool or anywhere else. No one can avoid this requirement. " Bancor also has a voting tool enabled for the LiquidEOS block chain.

Basically, using a private key for the voting process is equivalent to signing transactions, where the same type of signature is needed to send a standard cryptographic transaction.

Reliable versus risky

Alexandre Bourget, co-founder of EOS Canada and candidate for block producer, told CoinDesk that current voting tools have different levels of security, ranging from very reliable to poor performance in risk management.

The tools like CLEOS, of command line, suppose a minimum exhibition of the private keys, but the programs that incorporate friendly interfaces, that facilitate the usability of the product, present a greater risk. The greater the interaction of the tool with the Internet code, the greater the danger that the keys will be intercepted.

To better protect himself, Bourget suggests that users reconfigure the EOS account and generate a private key to be used only in voting. For its part, Levi recommends using downloadable voting programs, which run locally, without interacting with the Internet browser, where they can be manipulated.

Tokenika has developed software that generates the vote offline, and connects to the web only to publish the record of the vote. Finally, Szumny warns:

"For maximum security, we strongly recommend that people never use their private key on a device while online."