How many of those 683 dapps use SteemConnect just for authentication? I feel strongly such use should be discouraged for security purposes in favour of a micro transaction based authentication like described here. The description is asyncsteem and Python specific, but the concepts are easy enough to easily integrate in apps using different languages like JavaScript or different python libs like Beem.
As for the transactions that actually do need key bound user authority; SteemConnect is a TTP. Is anyone really happy that in the age where capability secure smart contracts are starting to become a thing, the most promising infrastructure for dapps ends up needing to rely on a cource grained TTP infrastructure? Surely we could find something more 2018 for that if we put our minds to it, right? Have a look at this video and tell me Steemut INC couldn't leverage these types of secure smart contracts into a killer dapp infrastructure that would make SteemConnect feel like something from the Pleistocene.
Yes I know, integrating a real TTP free secure solution will take time, so SteemConnect and microtransactions as an intermediate option untill Steemit Inc sees the (Agoric) light is a logical choiche, but towards the future, a cap secure smart contract based dapp user privilege delegation infrastructure would seem like the path forwards.
We don't need users to broadcast an operation on Steem blockchain and pay 0.001 STEEM everytime they login. Login is not a problem, we can use and verify signature for that.
Compared to being required to delegate massive amounts of authority to a TTP just to log in to a service that uses non of that authority, it is a simple low impact way to log in. A generic TTP-free signature based login would be great, an I'm not sure, but you could probably just use your memo key for that, but as far as TTP versus micro-transaction goes, micro transactions should be the preferred log-in only option IMO.
A 4th possibility with a TTP that I feel could actually work is a TTP that sells client certificates using memo field in the sell transaction the same way that micro transaction login would.
I'm curious, why do you say that on-chain transactions are the better option for login compared to signing a message with your key proving ownership?
I don't. I'm saying using the blockchain for log-in is preferable to using a TTP for log-in.
In general the blockchain should eventually be able to remove the need for any type of TTP, even for delegation. I think Steemit Inc would do wise to keep close tabs on the Agoric developments and maybe work with Agoric to make STEEM bleading edge with respect to implementing cap patterns for rights and delegations. In the meantime, only using a TTP when delegating, not when logging in, should I think be the first step away from the IMHO outdated concept of TTPs.
I don't use most of those 683 DAPPs. I mostly just use Busy, Dlike and STEEM Hunt. Am I doing something stupid by using Steemconnect? Is there a better way to use those DAPPs and do what I do? I don't care about some random DAPP I haven't heard of. 99% of the blockchain usage should be coming from about 10 DAPPs. How does Steemconnect usage matter when it comes to the few I actually use?Is there any reason I should stop using these services/DAPPs?
As a user I don't mind one time verification via microtransaction such as @minnowsupport. But doing a microtransaction every time is going to ensure that STEEM will never gain mass adoption. This is my perspective as a user. Is there anything I've messed up
Most people won't use most of those dapps. Many won't use any dapp that actually requires delegated user authority. For those, delegating almost all their user authority to a TTP in order to log in to a dapp that requires zero is bad from a security point of view.
Personally I currently don't use any steemconnect using dapp, not since utopian. The ones I'm interested in using are authenticate only, and I'm seriously not going to trust a TTP I don't need because neither the dapp builder nor SteemConnect could bothered to implement either micro transaction based or wallet based login.
Looking beyond login, in theory, there should really be no need for a TTPin a blockchain based infrastructure. This would be a big project, but imagine an infrastructure where you could use your wallet to delegate the attenuated right to use specific operations with your account to a capability secure smart contract between you and the dapp. That should totally remove the need and justification for any type of TTP.
I believe if STEEM dapp usage continues to require a 1990s style TTP infrastructure like SteemConnect, instead of aiming to be amongst the first to get on the Agoric track, STEEM will end up left behind, and new alternatives that will be TTP-free will drive STEEM out of existence. TTPs are not the future of web 3, and moving away from them, step by step, should be top priority for Steemit Inc IMHO.
Thank you for taking your time to reply. The smart contract based authentication certainly sounds much better. Personally I avoid the more obscure DAPPs and stick with the ones that provide a good service that has good reputation. Still it's not perfect as it was evident from the Utopian mess. But on the bright side it's really not that huge compared to the mess Ethereum had to deal with.