Link to remove posting permission for dpoll.
https://v2.steemconnect.com/revoke/@dpoll.xyz
This link is generic if you change dpoll.xyz to the app you want removed.
You are viewing a single comment's thread from:
Link to remove posting permission for dpoll.
https://v2.steemconnect.com/revoke/@dpoll.xyz
This link is generic if you change dpoll.xyz to the app you want removed.
dPoll can now vote using Steem Keychain
See this post for details, but you can basically use the "vote with keychain button".
Some tips from @happyme:
How to use dPoll without needing to trust Steemconnect with active key
dpoll.xyzusing any means (cli wallet, etc). Steem keychain has the ability, and I've set up an example site here with the ability to do so:How to use dPoll temporarily with active key
Is sc not open source?
Isn't trusting keychain the same as trusting steemconnect?
I've got more.
Yes it is, but different people are at different places when it comes to what they trust.
Does steemconnect have my active key?
No. In theory (auditable) it's all browser side where you sign the transactions. Steemconnect servers won't see it.
That is what I was told when I got here, but I don't code.
So, this flap is over nothing?
Yes and no. I suppose some people just haven't decided to trust steemconnect yet, or are worried about phishing (which just is a matter of either using a password manager or paying attention to the URL I suppose)
If you want to revoke your permissions, after voting, please follow the link above.
Also
Proposal(s) Plural, means you can vote more than one. This was a request brought forward by the community a few ago that we included. We are updating the post to make it more clear as well.
Think @dpoll.xyz (and a lot of other DApps that only use SteemConnect for user authentication, basically) could use a TTP-free proof of identity implementation. There are I think multiple options that are very much viable. A few:
I feel @steemaliance should really take it upon herself to avoid becoming a self amplifying loop of security-illiteracy, and excluding stake holders, especially larger stake holders, who won't trust their active key to SteemConnect in order to be able to vote, I feel, initiates just that.
I know #4 is far from perfect, but it shouldn't be too much trouble for @emrebeyler to integrate it into the existing @dpoll.xyz system in order to cater to security conscience stake holders who prefer not to hand their active key over to steemconnect in order to vote on these important matters.
Any thought on this @emrebeyler? Especially because these votes are stake based, I feel this is the perfect use case for a steemconnect-free way to authenticate to the voting engine.
I will NOT BE VOTING on dpoll because I have NO IDEA HOW SECURE it it is. Why do we need to compromise security in order to vote? Make dpoll work with keychain or find a new voting method.
I will discuss a way to gather non dpoll votes with the working group. I imagine we can also find a way to allow other inputs.
That would be great. Thanks!
Hey, I just realized, you already trust your posting authority to many other dapps. You aren't compromising anything that you haven't implicitly given up already (trust-wise).
Note also that dpoll doesn't even ask you to grant posting authority.(this is wrong, stricken out. steemconnect asks for it, and you still have to trust steemconnect. dpoll's app itself doesn't have access)Steemconnect is the trusted mediator here, and as long as you trust steemconnect, there's 0 reason to distrust dpoll. Just want to throw that out there.
And you can immediately revoke what little authorization you granted as noted in the parent comment.
How difficult would it be to spoof steemconnect? I see a pop-up that looks like steemconnect and I insert my key. Next thing I know, it does nothing and it's too late to revoke it. I HATE using my actual steem keys all the time.
Yeah, I understand the point. But actually even this is fairly difficult because the popup will show the URL with the cert, and you can be sure that if you trust steemconnect, it is fine.
But anyway, we are discussing it.
IF everyone is careful and not in a rush.
It is too easy to get careless and lose everything. I prefer to be paranoid about such things.
If you have steem keychain or any other way of assigning posting auth temporarily, I have something for you if you haven't voted already. See here
Once your keys are entered to Steem Connect, you do not need to re-enter them.
Connecting somewhere else, the site should be verified by Steem Connect.
Any site asking for your keys to be re-entered should never need your aster Key. The majority should not need your active key.
@happyme, it looks like keychain will be implemented in a few days. Just wait until then and you can cast your vote.
This is GREAT news. Thanks a lot!
Thank @emrebeyler, the creator of dpoll. He’s amazing about implementing new features and helping to make dpoll what the community sees as beneficial. He deserves a big thanks on all he’s done in this process alone. Glad it could get worked out 🙂
Yes, thanks to @emrebeyler. I had no idea who was behind dpoll. It seems all the programmers know each other. Does anyone know who is behind DrugWars?
I wouldn’t say all the programmers know each other, it’s just maybe they are more likely to dig into projects. I’m only aware of who is behind which projects due to their posting on it. I was just having a conversation with someone who thought it would be great to have a LinkedIn style page for developers, witnesses etc so it was easier to find information. Maybe something to look forward to.
As far as drugwars, it’s by futureshock aka hightouch’s project. There is a whole team, but I believe he is the founder.
Implementing a steemconnect free way of authentication on dPoll is expensive at this time. Hopefully, we will have the optional keychain integration in the future.
Let me know if it would be usefull (and if I can help) making the micro transaction option work with dpoll.
@asgarth, @jarvie, can this happen on steempeak?
I agree that 'the community' is a herd of cats, at this point, and trying to herd them while claiming legitimacy may be premature.
Well first of all I believe strongly that polling should be a non-platform specific act on the blockchain. And there are ways to do that so every front end could do it. I think that's the first step.
I thought it was a keychain that I could use outside chrome/brave.