Wallet App Soft Roll-Out is Live!

in #steemit6 years ago (edited)

Major post copy.png

In our engineering update released earlier today we announced that we would soft roll-out the new Wallet app. Well, we are now happy to announce the soft roll-out of the new Wallet application! To see what we mean, head on over to steemitwallet.com. For the time being, a full version of Condenser will be running on steemit.com, but once the Wallet app has been sufficiently tested, the new Social app will be rolled out to steemit.com. At that time, users who attempt to access their Steem wallet will be redirected to steemitwallet.com, so it was very important to maintain a consistent user experience. At that point, the Condenser Split will be complete.

Check It Out

The reason we are following this soft rollout strategy is so that users can begin familiarizing themselves with this new application, so be sure to head on over to steemitwallet.com to see what the experience is like. One change you will see on steemit.com is that when you try to sign in with your Active or Owner Key, you will now receive the following warning:

login-with-posting-key

The goal is to make the User Experience between the two applications as seamless as possible, so if you notice anything disruptive in this experience, please leave us feedback in the comments section below.

The Mission

Our Mission at Steemit is to help build great online communities with financial inclusion. To that end, we envision a vibrant communities web application that features cryptocurrency incentives, the development of which is economically sustainable and scalable. Splitting Condenser into separate Social and Wallet applications will constitute a major step toward accomplishing our mission by enabling us to improve each application faster, consume fewer resources, and generate more revenue, while maximizing user security by enhancing the client-side signing experience.

The Steemit Team

Sort:  

I'm still confused. What was the benefit of devoting resources to this split again? Is this just duplicating functionality for other platforms in a cleaner format?

 6 years ago (edited)

This split provides us many advantages, but I will list a few:

  1. Since condenser (the software that powers steemit.com) will soon not have a need to handle high value keys it will be much easier to add new features to the social media side (steemit.com) without as much security review. This means it will also be much easier to merge in desired community contributions.
  2. It is more cost effective and efficient.
  3. It is an excellent opportunity for education regarding the Steem blockchain's unique hierarchal key system which helps to keep user's funds safe and secure.

Thanks for the reply

Posted using Partiko Android

Thank and hope think enables my PRs to be merged soon :) e.g., https://github.com/steemit/condenser/pull/3193 and more.

Needless to say, this is a great development on Steemit.inc's part.

As a company-run Steem account, we've been forced to work around certain issues when it comes to Steem-related activity particularly because of our security concerns.

We look forward to testing this wallet feature and will try to give feedback or comments whenever possible.

Thanks @coingecko!

Great work. Are you going to integrate with Steem Engine tokens as well? You should speak with @aggroed about making that happen. Seeing Steem Engine custom tokens in the wallet would be great. Also, can we please get Steem Keychain support as well? Entering private keys/passwords is not ideal.

We are planning to integrate Keychain, but we have to get through our priorities first. As far as integrating Steem Engine tokens, I personally like the idea, but again those pesky priorities ;) It would seem to me that just integrating Keychain would be the ideal solution as that extension has support for Steem Engine tokens. In many ways, we're always going to be the last to adopt certain things because as the focal point of the ecosystem we have to be the most careful with user experience and user security. Thanks for the ideas!

@beggars @andrarchy
KeyChain does not seem a priority to ME, since it does not run on MOBILE< which you guys seem so abhorrently blind about?!
Yes?

And steem-engine should be available ASAP please, since it BESTs anything SMT will ever do IMHO.

The idea is that you would have both options. If

Posted using Partiko Android

That's a whole lot of money to dangle in front of the federal government of Colombia, who administrates and ultimately has control over the .co TLD and all domains within it.

We have decided to go with steemitwallet.com instead.

AGREED
You guys can be so clueless sometimes...

Will the Wallet App always remain at https://wallet.steemit.co/ ? The issue I see is that as a user, I am cautious of the domain name being changed on me without me noticing it (a common tactic used by scammers is to create an identical-looking website on a domain name closely resembling the genuine website's domain). So I would be extremely cautious and unnerved if a website redirects me from steemit.com to steemit.co. I would immediately think there is a security compromise and that the steemit.co website is owned by hackers/scammers. If the domain name is sufficiently different, maybe if it includes the word "wallet", then I'd be much more confident that I'm on the official website.

Furthermore, if it's a sufficiently different domain name, could the Wallet App be used by multiple Steem dApps?

I think you bring up a good point, but there important security reasons for the separate domain for the wallet app. I think the real solution is making sure that everyone knows that this other domain is safe and secure, in fact it is safe and secure because it is a separate domain. Most users won't notice the domain name change and for those users security will go way up as a consequence of this change. For those users who are more aware of security risks (kudos for being one such user) we should make sure they know that this is a trusted domain, but as they are by definition the more educated, I don't think that should be a huge problem. Again, great points and thanks for the thoughtful comment.

Thank you for your answer! I absolutely understand that there can be security advantages in having a completely separate domain name. I completely agree there. My main point is that steemit.co looks like a phishing site, so a sufficiently different domain name, like wallet.steem.com (kudos to @vikisecrets for proposing that one) might be much better. Or another completely different domain name.

My thoughts were very similar to thoughts of @borislavzlatanov. IMO address wallet.steemit.co looks shady. When I noticed that, I've actually double checked, from where I got this link. I calm down after realizing that wallet.steemit.com redirects to wallet,steemit.co as well.

Why not use address https://wallet.steem.io/ ?

We have decided to go with https://steemitwallet.com instead.

Thanks for the feedback everyone.

Thank you for hearing the feedback, @justinw! I think this is a much better domain choice.

Yeah, I agree. I hope this (sub)domain is for testing purposes only.

As they said they will split the wallet and social media part I am pretty sure the subdomain will stay.

The subdomain is on a different domain (steemit.co), not steemit.com. Although I expected a standalone domain, I can live with this choice.

Posted using Partiko Android

You may use this active key on other more secure pages like the Wallet or Market pages.

Getting this error on a "Wallet" login page when using the active key

Screenshot 2019-03-09 at 7.25.29 PM.png

deleted

I checked out the wallet and there are a couple of things to note.
Edited update:

(1) Now I cannot login to my steemit account on the main login page using any of the keys. Except it seems in the comments section?
(2) Cannot reveal my keys in the wallet. It just keeps asking for the acitve key as mentioned by @techcoderx

Posted from busy.org as steemit is only allowing me to login in the comments section?


login error.jpg

I'm guessing that the final product has not been fully implemented yet?

Thanks for the feedback. We're now allowing login to the wallet with any key associated with your account, including the active key.

Great work, but why wallet.steemit.co and not wallet.steemit.com? steemit.co sounds a bit like a phishing site. wallet.steemit.com would be better and more familiar or host the wallet under wallet.steem.com if you want to use a different domain. steemit.co sounds phishy.

Great question! From what I understand, a big part of the security benefits that are gained from this split result from hosting the app on a different top level domain than steemit.com. Steemit.co is basically as familiar as you can get with a different top level domain. There may be some education required to instill confidence in this new domain, but we believe that the security gains are worth it. It's analogous to the argument against multiple keys. Yes, having more public-private key pairs is more complicated, but the alternative is like using the same password for your bank account and Facebook account.

Ok I understand the reasoning, but using steemit.co instead of steemit.com seems like a typo or phishing attempt, why not use wallet.steem.com or a completely different top-level domain such as steemit-wallet.com? This would look more professional.

Agreed; I was thinking that it was a typo when I read the URL as well. I guess we will get used to it though.

What a sham!

Still doesn't have SBD conversions.

Perfect, just what we have been waiting for.
Is there any future possibility of integrating with hardware wallet support like ledger or trezor?

Posted using Partiko Android

This, along with a streamlined way to make a paper wallet, would be very cool!

Posted using Partiko iOS

I have a template I made in Microsoft Word to create a paper wallet with your public keys and private keys via QR Codes. And also a spot for your owner key.

If you'd like the template, let me know. I can upload it to my web server and provide a download link.

Even if it was only for master or owner passwords and required a change to impliment, I would be happy since those aren't used often but very important.

Posted using Partiko Android

That's up to the hardware wallet manufacturers. Steem can already be integrated with such wallets. If users want that, I suggest they reach out to the wallet companies. We'd love for Steem to get integrated and would be happy to offer technical support.

I would love to see Steem on Ledger hardware wallet! I was under the impression that Ledger charges for this???

I mean it works fine but whats the point of it ? There was already a wallet systems in here and there are higher pressing matters that should be being worked on that where promised last year when steemit had a crap ton of money...

See my answer to @videosteemit in regards to the 'why'. To elaborate a little more, the engineering resources dedicated to front-end development are generally not the same resources dedicated to blockchain development. Multiple teams often work on different projects at the same time.

I don't understand the point either. Especially since I have to log in to the wallet with a posting key. Perhaps I should just give it time. Will steemit get 2fa authentication?

Coin Marketplace

STEEM 0.21
TRX 0.20
JST 0.033
BTC 98053.28
ETH 3322.22
USDT 1.00
SBD 3.03