DTube store keys in localStorage, if someone hack DTube server he can modify the code to retreive users keys. When Utopian was hacked, the hacker only got some expirable token, users keys never been exposed.
You are viewing a single comment's thread from:
Many sites are using offline tokens, if they get hacked, the users are screwed equally like putting the private key directly into. But the hacker doesn't even need to get it from the localStorage but take it directly from the database of the server. And its not really easy to prevent phishing here either.
Why not making a solution like steem keychain for all browsers? =)
Yeah did everyone forget utopian-io and the compromised keys via steemconnect? I guess so. Amnesia?