Proposal to postpone voting until non-steemconnect voting has been made an option.
I want to pose that @steemaliance should take it upon herself to avoid becoming a self amplifying loop of security-illiteracy, and excluding stake holders, especially larger stake holders, who won't trust their active key to SteemConnect in order to be able to vote.
For those of us who don't use steemconnect or don't use steemconnect with an account holding a larger account of their total stake, the requirement to vote in a stake-based election is I believe a security nightmare.
I want to pose that the requirement to use steemconnect in order to vote creates a huge barrier to voting, and excludes those stake holders that choose to protect their assets by either not using steemconnect at all, or only using it from an account that has no access to much of the users assets.
For this reason I feel voting at this moment creates a dangerous division and filtering of steem users, especially as @steemaliance might turn out to make decisions in the future that might affect platform security. Do we really want the platform shaped by the security-illiterate segment of stake holders with a high enough stake to shape these kinds of votes?
Please vote on this proposal by doing a 1% upvote of one of the below options:
- Option 1: Steem Aliance should go ahead with the vote, STFU about security illiteracy, use steemconnect.
- Option 2 : Steem Alliance should postpone all votes until a way has been devised for those who choose (for legitimate reasons) to not trust steemconnect with their active key.
Fair point concerning the active key. We are discussing this now.
My idea is simply to publish 5 steemalliance comments corresponding to the options and allowing those that don't want to use dpoll to cast votes on them. I have concocted a very primitive dashboard that merges the dpoll data and the voting data from 5 designated comments to show the results. And I have something ready to show the merged data / results, as I was playing with it just now.
Option 2 : Steem Alliance should postpone all votes until a way has been devised for those who choose (for legitimate reasons) to not trust steemconnect with their active key.
Give this option a 1% upvote if you agree.
Take my stake weighted vote
Option 1: Steem Aliance should go ahead with the vote, STFU about security illiteracy, use steemconnect.
Give this option a 1% upvote if you agree.
Lol, don't vote if you support security literacy!
I was told that steemconnect never takes your key out of your browser.
A. Is that the truth?
B. Can they still access my key?
or
C. Am I just waiting for the day that the scammers with access do their exit plan?
Vote with a comment.
One vote per person.
If you don't vote I will do what I wanted to do in the first place,...but with a much clearer idea of my standing in the community.
I have raged and discussed and interviewed steemconnect devs about their ridiculous implementation. Technically, according to them, you should only need to do active key the first time, and they updated it after like 22 months of live implementation the 'wrong way' (ie active key everytime), and now its all the devs faults for not upgrading/not implementing it right.
Do I believe that? I believe that they believe that - that is my understanding of what they believe truly happened. How much can I distrust without losing out on having fun with things like voting for new overlords?
The way I justify it to myself is this: With my active key you can only steal my liquid funds, I have several notifications in place that would warn me whenever a powerdown is enabled, which would give me 7 days to change my keys (revoking all previously given permissions, I think) and cancel power down.
To the best of my knowledge the answer is A.
So, if my keys never leave my browser then i have nothing to worry about beyond steemconnect using their cookie's permission to rob me?
Which at most would require changing to new keys?
And would scuttle any further profits from their legitimate business activity.
Maybe criminal charges, IF the cops can find them?
Street justice, if we get to them first?
That is EXACTLY the way I understand it.
Just move all your liquid steem to an alt, route it through an exchange and it will be hard for people to know you have it. it doesn't affect staked voting anyway.
You can also just delegate all of your sp to an account too. That's not possible to hide, but then again powering down is slow so why bother?
Posted using Partiko Android