You are viewing a single comment's thread from:

RE: Utopian: The Project Liked By Steem Whales and Why You Should Join it Too

in #dtube7 years ago (edited)

It sounds to me you will be sent to steemconnect for login and steemconnect will use your keys on behalf of utopian.io. Steemfiles.com, and busy.org do this also but only ask for your private posting key. Neither of these sites see your posting key but the software on busy.org can get steemconnect to vote on your behalf, and to post. That is how busy.org works. Steemconnect should give you a dialog of permissions. If you don't trust steemconnect with your active key, don't give it. If you do not trust utopia.app with your money don't give it permission.

Sort:  

@leprechaun funny thing is Utopian is based on the new version of Busy.org. SteemConnect V2 is the next release of SteemConnect that is also supported by Steemit. https://v2.steemconnect.com. Soon Busy.org will also be implementing the V2 version. Utopian is actually using a better version of SteemConnect than Busy.org does at the moment. I gave you more info on the comment below. Thank you

I don't call it "better". If this is where things are going, I might as well give users the option of logging in to steemfiles.com directly with thier posting key when they retire the version Steemfiles uses.

SteemConnect 2 will allow some specific apps to take only Posting keys. For example Steemit.chat will be able to allow login with Steem posting key using Steemconnect 2, the team is working on it. It's possible to do that because Steemit.chat doesn't need to post or upvote any content. (No delegation needed = No active key required)

But for any website like Steemit, Busy, Chainbb, and Utopian, it's not about sign-in, the active key is required to delegate your posting authority to the app account. You can revoke anytime this authority, using the steemconnect dashboard.

That's why, there is no key storage in SC2, everything happens in the browser in a secure way. It only requires your active key once in the browser, to delegate your posting authority to the app.

@ekitcho I see many doubts and many Steemians are simply not using external apps because they don't want to give out their credentials or they don't fully understand how it works. I think there must be a clear explanation about this. I'll probably write a dedicated post but my readers are limited. Something should also come from your side or Steem itself to make the process very clear for new comers and early adopters.

@jerrybanfield this is also material for you. A post about this would be extremely helpful

That's great. I see no reason not to upgarde to v2 when users can use the posting key to login.

As far as I understand the SSL, we can do the same thing through any https client, it need not be a browser only. The point to catch is that, you don't save it in SC2, so that should be all good.

I will have a look at the API in more details soon.

@leprechaun the problem is, we must have a trusted third party service for managing the auth process, so to avoid dangerous external apps to be allowed on requesting the user credentials. Who's better than Steem itself? The first version of SteemConnect is a Busy.org product. SteemConnect V2 is managed also by Steem itself.

I am a programmer and know steemjs and steem/python. Most people already trust Steemit js and backend code to not to save the keys on the server in an irresponsible way. I guess it does not even go to the server. It does not need to. If I can point to @ned saying they manage SC2 I think I can put users at ease. And yes users don't typically understand the keys never go to the servers of Steemfiles.com.