Huh, I didn't realize that Peakd.com can be the blogging platform. That makes sense, since once I went on Peakd, I saw my "blog" posts. (I mean, really, is this a "weblog" or a bulletin board / web forum? But I digress.) Hivesigner github documentation says your private key doesn't leave your machine, and it's open source, so I'm inclined to believe:
When user login to hivesigner, his private key is available within the interface to sign transaction or sign a message then discarded if the user close the website, desktop app or chrome extension. We never get access to users private keys. The access_token on hivesigner are just Hive signed messages encoded in base64u.
https://github.com/ledgerconnect/hivesigner/wiki/How-Hivesigner-Works%3F
https://github.com/ledgerconnect/hivesigner/wiki/OAuth-2 .
Neither Hive.blog, 3Speak.online, nor Peakd.com is open source, as far as I know. I have no reason to assume any one of these Dapps is more trust-worthy than the next. But Peakd.com doesn't ask for any keys directly, and that alone gives me more confidence in it. You're right it stands to reason that Hive.blog is keeping that posting key on some server.
Personally, I don't like the idea of needing to give any of these Dapps continual posting permission. As an option, I'd be fine with it, provided I also had the option to give permission on a post-by-post basis.
Example A: I go to hivedapp.whatever, I create an account, they ask if I want to give posting permission, I say yes, I give hivedapp.whatever posting permission via hivesigner and my active key, I draft a post, I click "Post," draft immediately gets posted, I draft another, I click "Post," second draft gets immediately posted.
Example B: I go to hivedapp.whatever, I create an account, they ask if I want to give posting permission, I say no, I draft a post, I click "Post," it sends me to hivesigner, I give it my posting key, draft gets posted, I draft another, I click "Post," it again sends me to hivesigner, I again give my posting key, second draft gets posted. (Unless, I'm posting the second draft while hivesigner is still open, per the quote above, then I shouldn't need to enter it again.)
Example B is obviously more work for the user. But if someday hivedapp.whatever gets hacked, no one realizes yet, and a bad actor wants to post under my user misinformation to sway a foreign election (crazy outlandish scenario, I know): Am I wrong that in Example A, it can, and in Example B, it cannot? Also, am I wrong that in example B I would only need to give Hivesigner my posting key?
Thanks.
That's basically how it works with Peakd.com and the Hive Keychain app. Each time you post or vote, Keychain creates a blockchain operation on your local machine, and then signs it with your private posting key that is stored in the browser (encrypted). Then the signed transaction is sent over the network to the blockchain, where your public key is used to verify that it was you who created the transaction. You can tick a box in keychain to just post and vote without bothering you, but if you don't tick it it will ask you to give the ok to post/vote every time.
This isn't how hivesigner works. You use your active key to sign a transaction locally to give hivedapp the authority to only post and vote on your behalf. Once that authority is set, it's permanent, unless you revoke it (you can do that via Peakd.com I believe). So you only need to do that once.
So using hivesigner or keychain no one should be able to intercept your key and make malicious posts on your behalf.
Tagging @asgarth as he can give you the definitive lowdown on Peakd. Tagging @good-karma, as I think he's the wizard of hivesigner.
Thanks for ping! From what I read, you are right. You can always go to https://hivesigner.com/auths page and revoke apps which you don't use or need. Always know what app you are giving permission and for what reason. Nobody has access to your keys when hivesigner is used.
I didn't know about https://hivesigner.com/auths ! It gives exactly the functionality I was thinking I'd need Peakd for--a place to maintain authorizations for Dapps--but I don't need to give hivesigner posting authority (like Peakd seems to need) to have access to this "dashboard."
Hive Keychain looks interesting too, a nice option that is also open source: https://github.com/stoodkev/hive-keychain . I definitely like the fact that I can theoretically post using only my posting key with Hive Keychain. It theoretically suggest I'd never have to give posting authority or keys to any Dapp (or dApp as they capitalize it on github--but capitalize it Dapp on the Chrome and Firefox extension pages). However, I'd have to test to see if I really can revoke posting authority for both 3speak and PeakD, change my posting key for Hive.blog, install the Hive Keychain extension, give it only my posting key, and then still use all three Dapps exactly the same.
If so, the only downside is that Hive Keychain is an extension, and too many extensions can be exhausting to maintain (sure it's safe today, but what about years from now when you forget about it and the twenty other wallet extensions people are expected to have--all of them, by necessity, needing to have access to everything you do in the browser, and any one of them could have some currently-unknown vulnerability). But if I really only need to save in the extension my relatively-weak posting key and I dont have to give any Dapps posting authority, then that upside may make it worth it.
Regarding this line by Revo:
I'm actually more worried about someone intercepting/compromising a Dapp or extension, never getting my key at all, never needing my key, and still making malicious posts on my behalf. If a Dapp can post on my behalf, then I need not be there at all, right? Someone takes over this hypothetical hivedapp.whatever, I don't remove my authority in time, they can post anything as "me" or am I wrong? Further, it's possible there might be an exploit in an extension that still keeps my key on my local machine, but nonetheless still rogue-posts to Dapps without me even seeing it, unless I remove the extension in time. Of course, since the extensions I know of (Hive Keychain for Chrome, Hive Keychain for Firefox, Hivesigner for Chrome--there is no Hivesigner for Firefox) are open source and likely properly vetted by SMEs, that's less likely. But maybe it's a browser update that actually causes the liability. Maybe another extension (say, a malicious wallet for another coin) is the liability, maybe it changes what you think you are about to post at the last second and the hive extension has no idea. Regardless there are definitely scenarios where your key is never intercepted, but the hive extension allows a malicious post nonetheless, no?
Well, I say I'm "more worried," but I'm still not actually that worried. I'll actually start worrying about post impersonation when Hive becomes more popular than Facebook. And there are obvious workarounds. Give and remove posting authority every time you use a Dapp. Install and remove the extensions every time you need them. I don't think there's a solution to the necessary trade-off of security and ease.
Thanks everyone for the information.
For one of many reasons, we are deprecating Hivesigner extension, will solely focus on improving web portal. Your concerns are real and there are certain trade offs and solutions. Of course, that's why always use apps you trust, posting authority/key doesn't allow token related operations so it is safer from financial hacks but social hacks (posting/voting) might happen if you share your keys or apps get hacked. With OAuth2 Hivesigner uses, we are able to mitigate some forms of app hacks. In short, better be safe than sorry, always take care of your keys
See reply under good-karma below. Thanks for the information!