You are viewing a single comment's thread from:

RE: @samstonehill has been hacked & cannot be re-accessed. How did this happen & what are the solutions?

in #steemit7 years ago (edited)

I don't understand how accounts can be recovered in a trustless and decentralized way if someone is deciding whether or not they want to recover it.( based on their subjective opinion) Please explain

Sort:  

The account can only be recovered if someone knows one of the old passwords.

This means even though I can start the recovery process for an account made via AnonSteem, I can't actually change the key without having at least one of their old passwords.

Account recovery is something that cannot really be done without some form of trust system, otherwise let's say the hacker figures out your "secret information" you use for recovery? Well you're definitely screwed now.

It's possible for you to change your trustee, but you have to wait 31 days since the last password change to do that. You could for example, create an AnonSteem account, then 31 days later change the trustee to @steemit - which would make them responsible for recovering your account in an emergency. Similarly you could even set it to a friend.

Yeah. That's was the obvious part I was missing.

Also thanks for clarifying the trustee can be change. Such a well thought out feature that is this recovery account thing.

Thanks for your answer. What I don't understand is that samstonehill said steemit needs his email to recover the account, why ? They should only ask for old password not the email. no?

Account can only be recovered by the account recovery person and only if the master key has been changed in the last 30 days.

If the account has been created on Steemit.com the recovery person is @steemit If the account has been created by other means than steemit.com then the account recovery person can be chose by the person who create the account.

This is why anonsteem can be the recovery person. The can only change or recover the account if the password has been changed in the last 30 days. I'm not sure if I forgot something or if my explanation is 100% correct. Maybe @someguy123 can confirm.

Great and all untill @someguy123 dies and then what? I hope he has deadmans swicthes set up! sory to be so gloomy but ....like taylor swift has said, 'I dont trust nobody and nobody trusts me' so is anon steem realky better? ior is it just some guy? lol woah didnt even meam that but yeah isnt it just some guy trying to pretend he is like a company? i mean, i hope at least 2 people run anonsteem! bevcause if something happens to like theone guy who runs anonsteem and then u cant get ur account recovered, then what?

Sorry thats just my lil "hat if" scenari, juyst being a contrarian

yeah anyway I always used to ask about how the account recovery works, but i have to remind people, Steemit is not Bitcoin

we dont use proof of work, we have Delegated proof of stake, that chanegs everything when it comes to doing stuff like being ABLE to do stuff like a Wallet recovery when Bitcoin has no wallet recovery for hacked wallets... lol But imagine if Bitcoin network actualy decided to do a hard fork to reverse all transactions that were from hackers stealing funds, you could have like a hard fork of bitcoin where all contested transactions are reversed and you have a central authority to do that stuff, and thats kind of what steemit is because all the witnesses kinda know each other and thats one simple way to look at ity.....

but in reality the witness nodes are decentralized and steemit inc is just one steem gateway.... steemit inc cannot really do any more than any one person with steem account, a steem account can be created from any already created account..... and you can make your OWN steemit gateay like chainbb or busy.org .... thething is all witnesses have to agree tio run teh same software... that software has to behanded "down" from some centralized locaytion and thats steemit inc for now, am i right or wrong? I am not sure thats jjust my guess.... but it is only like that for now

in the future we will become more decentralized so that steemit inc can be shut down and we could still carry on... in fact if busy,org has a powerdown and withdrawl function... then i am pretty sure we could be using that incase steemit.com is down.... wel no bevcause it cannot create accounts i dont think? at least not for free?/? I think we would need a new gateway that can create steem accounts and tHEN we wouldnt need steemit.com/// but h,, yes its strange @someonewhoisme it seems counterintuitive at first BUT its not, its makes sense when you know how steemit works and how yes it is decentralized but the steemit witnesses all agree on everything or else we would not have consensus, but we have this sort of hivemind but its a decentralized horizontal hivemind.....
I think that you have to realize... steemit is not bitcoin and bitcoin does not have witnesses but just bitcoin miners and nodes and you dont have a centralized way to organize them all like you do on steemit where you can talk to everyone over the steemit forum...Bitcoin would need to freakin use Bitcointalk.com forums to actually communicate instructions and news to all of its network miners and node operators whil steem blockchain has this built in social media network that lets people talkto each other and also to amake announcements where the important ones get to the front page and everyone gets to see them!

So you see, that and how we are Delegated proof of Stake allows us to actually do things regular POW bitcoin cannot do! through consensus of witness nodes we can accomplish great things for the community! Its software and all software is maleable its just a question of getting everyone to agree on overall system wide changes, consensus, its magical!

that software has to behanded "down" from some centralized locaytion and thats steemit inc for now,

The Steem software is publicly hosted on github just the same as Bitcoin. Both can be fork. For now Steemit Inc are the one most knowledgeable about the code but anyone can study it. It's open source.

What you said about the fact that if something happen to the recovery partner is also true if the recovery partner is Steemit. If the person or persons controlling the Steemit account are ill prepare in case something happen to them then they might not be able to recover the account of their people. I think the recovery partner can be changed. I'm not sure. Not through steemit but through steemd. I'm pretty sure it can be changed.

If all witnesses agree to something then they don't have to conspire to make something happen, they all agree. That's what happen Steem is updated. I don't remember how many % of the top witness have to agree but the update goes through.

For some witnesses to conspire and trying to pass false transactions would be almost impossible I think because other nodes would realize what happened and then people would very soon vote those witnesses out of their place. It would also be much more complex than people realize and those people/witness would probably have to know how to recode part of the Steem code. Not realistic stuff for many reasons.

Creating Steem account almost for free is coming in the next update and if it wouldn't it would probably be an easy thing to code if Steemit Inc didn't want it but everyone else would want this feature. The thing is Steemit Inc want this feature probably more than anyone else.

why does steemit need email to recover the account?

It's a way to help them prevent the person who just steal the password to initiate the recovery process claiming they are the real owner of the account. They don't really need it if they can prove the identity of person trying to recover the account by another mean, in fact the email is far from being the best way but for Steemit it can help.

Anonsteem uses other means and other recovery partners could also use other means.

I know, it's a bit another issue but I have a question though.

Is it possible to get back STEEM I have sent by mistake to an account?
E.g. I sent STEEM to @minnowboster (https://steemit.com/@minnowboster) with one o instead of @minnowbooster with 2 o's?
I mean, there should be an option to reverse your actions within a given time frame.

the email is the second factor authentication on the identity part of the account and other security mechanisms for anonymity.

Coin Marketplace

STEEM 0.19
TRX 0.18
JST 0.033
BTC 88380.57
ETH 3082.21
USDT 1.00
SBD 2.72