Sort:  

Hi,
This is wrong:
"Everything could be done without your active key. Giving them your active key means they can transfer your steem."

You necessarily need the active key to change authorities (add or remove) of an account. This is at blockchain level and there is no other way to change account authorities. And there is no other way to use a service like steemauto except giving your posting key directly to an app, which is not recommended. Of course you can use any other method to authorize an app "with your active key" without using steemlogin. You can do that with any steem library or Keychain if you are not feeling secure with steemlogin.

As @futureshock and so steemlogin, we take seriously security issues with steem users accounts. When you use steemlogin we can potentially access to your keys that's right and that was always an issue with steemconnect but we never do/did this, we don't store any keys more than needed and will never do it. Remember also this, when you use steemlogin on any app, this app doesn't see your keys but only receive an oauth token.

FYI we are not related to steemauto or any other team. We are offering this service for free and only to make things easier for dapps developers. We are publicly known people (you can even find our address on the web) and would never dare to hurt/rob anyone, in our eyes respect and trust are much more important than money.

Best regards,
Hightouch

There is no active posting key. It can be rather private posting key or private active key. And yes both have different uses.
Voting/posting use private posting key, and other things like transfer or changing account autorithy require private active key. There are also other keys like the private memo key which permit to decode memo encoded with your public memo key etc.. .

In this case, you are not willing to give any key but just give the authority for an app to post for you. The other possibilities would be:

  • the app ask your posting key and store it (this is less secure then steemlogin which has been tested for nearly 4 years now)
  • the app ask your posting key with steemlogin and store the received token and can reuse it. The issue with this solution is the following one, steemlogin tokens have an expiration time like all web tokens, so after a week this particular token become unusable and you would need to login again to the app to obtain a new token... Which removes all interest in using a service like steemauto.
    So in order to do that you are using your private active key to give posting authority to the app. Which means this app can post/vote for you whenever he need/want and that until you revoke the posting authority, again using your private active key.

Well I'm sorry for you but I guess you just fell in with the wrong crowd as we all already did at least once.

Hopefully other witnesses will come to confirm all what I said there.

Best regards,
hightouch

It's me again...

FYI we are not related to steemauto or any other team. We are offering this service for free and only to make things easier for dapps developers. We are publicly known people (you can even find our address on the web) and would never dare to hurt/rob anyone, in our eyes respect and trust are much more important than money.

can you share your website address?

Thank you for this comment @futureshock

However ... correct me if I'm wrong, but it seem that original steemauto never required active key. And this is main reason why some users are hestitant and seriously worried to use "steem login" and new steemauto.

How could they (original steemauto) achieve it? Any idea?

Yours, Piotr

Dear @btcmillennial

I had a pleasure to talk to steem-supporter few times (even in real life) and my impression is, that this is very hard-working developer with solid skills and very honest.

I hardly doubt that he is block.token/Aceh.point.

At the same time this re-created steemauto is using "steem login" to sign in. And this steem-login has as little to do with steemauto as steemconnect had to do with this tool in the past.

That's just to clarify, that Steem-supporter isn't in my opinion having any bad intentions. However, at the same time I'm not sure who is behind "steem login" and it also worries me that it require active key.

Yours, Piotr

I think Futureshock relaunched steemlogin!

Authorization of an app to do transactions requires active key. No keys are transmitted to internet, steemconnect storage them in your computer system, steemlogin don't storage nothing so it asks for keys every time.

oh i completely missed this,
Let me explain you

WE as the application steemautp.app needs to upvote , post and claim rewards on your behalf. so we need you to give us your posting authority that allows us to do all those operation , but in the blockchain level if you want to authorize any app or revoke authorization the app you need to sign a transaction which requires your active key . This does not means that we have your private key access . We have your posting authority on the blockchain level that is provided to us by steemlogin which is a frontend that makes it easier fo us and you to sing any type of transaction on the chain .
Steemlogin will no way save your keys nor we will

and yes i am not #block.token or @aceh.point

thanks @futureshock for your wonderfull reply

i just requested posting scope , so basically its the signer who asks for you active key . but i dont think you would want to get explained .

Coin Marketplace

STEEM 0.22
TRX 0.20
JST 0.034
BTC 91358.60
ETH 3091.62
USDT 1.00
SBD 3.16