First time using Steemit, some questions: Security and Centralization?
Hi there, I am fairly new to Steemit and Cryptocurrency's in general, and I decided to create a Steemit account as I really liked the concept around it. However, upon creating an account, there were some minor concerns that crossed my mind- to which I decided to further research into this decentralized website. I did not really find much answers, and though my concerns are fairly minor, I still would like some answers, which is why I would like to consult this platform's users- hence why I am making this post.
Concern 1:
Security
This is probably the smallest problem which I think I will be mentioning in this post. One thing which this platform has that most doesn't, is a private posting key, which acts as your password.
If I am not wrong, this password is the private key to your wallet which is keeps your funds. This would mean that if someone somehow through bruteforce, guesses the password to your account, they would have access to all your funds immediately; though practically speaking this is nearly impossible, and as a counterargument it would be harder to get a computer to guess a randomized long password than a regular, 8 digit, 1 capital letter, 1 number, and 1 symbol, password- which would still compromise your funds if someone gets your regular password. Which is why this is not my issue with Steemit. My problem with Steemit is the lack of a 2FA.
As highlighted earlier, even if the private key to your wallet is not your acting password, the moment your account is compromised- like in most exchanges, so is your wallet. One way they try to mitigate this problem, is the implementation of a 2-Factor Authentication, which Steemit does not have. Whether it is simply email 2FA, SMS 2FA, or Google 2FA, none of these are options, so when I log in from a new computer or try to access my wallet, I am free to do so as I please with just the private key. So to ensure the utmost security of my account, am I supposed to memorize my private key, not leave it in a digital form, and to type it out slowly every single time I log in- and avoid logging in whilst connected to any public network? Or do I have to re-generate a new key every week, to ensure that my previous key will be made void of use, to protect the security of my account?
Neither of these solutions are too much of a hassle for me, but it just seems odd that there is no added security of 2FA, and the need to log in with your private key.
Concern 2:
Centralization
Steemit is a privately held company.
Now before you say in response that most Cryptocurrency's do have a company backing it, I don't really care about the private company part. What I care about is that this private company, is the one approving who does, or doesn't, join the website
Even in regular centralized social media platforms, there is literally no waiting period for when your account will be approved of by the company running the platform. All you have to do is create an account, verify your email, and that is it. Yes, I am aware of the anarchist principles behind the website. But why must a supposed censorship-free platform, require you to be approved to join said community? It literally doesn't make sense to me. Unless there is a reason behind the approval system, and it is completely transparent, I really don't understand why this is even necessary?
Concern 2.5:
Centralization within the blockchain
Fairly simple concern of mine:
3 second blocks + 43GB blockchain = not all nodes can sync with the blockchain = not so centralized or distributed
Why or how is this assumption of mine incorrect?
Overall though, regardless of my concerns, I am very impressed with what I have seen of the website so far, and can't wait to use this site a lot more.
- I think it would be possible for 2FA to be used with a blockchain, but who would be sending the code in a decentralized network like a blockchain? However, multisignature accounts on Steemit do exist, so you can make an account with several private keys if you wanted to.
- I think the centralization here is to prevent obvious spam from entering the network. Obviously a freshly created account dispenses little value in a vote, but if you can create thousands instantly, then you could exploit the rewards system pretty easily. However, I strongly agree the centralization should be avoided and I wish a different approach was used.
- Every witness on Steem runs a node that produces a block, so there is a decent amount of synced nodes, but yes, still not as decentralized as other blockchain networks.