RE: Steemit's Security Values & How Steem Keychain Can Help
I thought that Steemit.com don't store keys and it's client side app.
That's right, they don't store your keys and everything is done on the client side. The whole point is that since you're putting your key into a site that they control, they can store your keys, and send them to the server-side, but we have to trust that they don't. Even if I trust Steemit, Inc, what if someone hacks into the server hosting steemit.com and edits the code for the log in page to send all keys entered to their server? Thousands of keys (many likely master passwords) would be stolen very quickly.
To answer your questions:
- How are my keys stored in keycahin?
Keys are stored locally, encrypted, in the extension. When using keychain, a website will request that the extension sign and broadcast transactions for it, so that the website never gets access to your keys. If you're concerned that we can access your keys since we created the extension, or that the account publishing the extension could be hacked, that is a valid concern. In that case you can download the extension code from GitHub and install it locally.
- It's been 3 months and no Firefox support yet? When do you plan to do it?
Sorry we're not moving as fast as you would like here...We're spending a lot of time and money developing this free tool to help improve and grow the Steem platform. If you would like things to move faster we would be happy for you to pitch in and help out!
Posted using Steeve, an AI-powered Steem interface
Yes, you're right, but here's why Keychain is still a better solution (IMO):
Lastly, aside from the security aspects, it's a really useful tool, especially if you manage multiple Steem accounts. At this point I couldn't imagine using Steem without it.
When you install an extension from the Chrome web store, it simply downloads the files and drops them into a folder for Chrome to access. So yes, you can verify by running a diff on the folder vs. the github. Or download directly from github, skipping the web store.
Thank you for your conversation.
Yaba, how about you spend your time doing something for steem that we really need, if you have all this energy, like running and paying for an instagram campaign to promote steem, and organzie your followers with a trending post to register to post on reddit with you maybe meet in a discord and all upvote and post about steemit... or do it in stealth to avoid getting banned by reddit for brigading.. but come on breaking the reddit rules is so sweet and we can totally take over reddit with our numbers but in a polite way, maybe do a steem,it post once every other day..... hey man
hey man, in the words of @walden ,lets go, lets go mother fucker, huh?
U gonna sell some of ur steem monthsers to us huh? Overpriced SHEET
hah cant u imagine walden sayin that?
#weappreciateyouyabapmatt #samemoon
Thanks for all the work @yabapmatt!!
Thank you :)
If I will have any time, maybe I will take a look into code to see if I can help.