[solved] AM I A VICTIM OF VOTE STEALING? - perhaps your account has been also abused and you don't even know it ...

in #steemit6 years ago (edited)
111.jpgTry to imagine my surprise when I opened an email early this morning.just to read a message from a dear friend @devann, warning me that I may be a victim of "vote stealing".

He brought an example of his own case, where some posts were published by an unknown author would receive his upvotes (even while he was off-line).

INTRODUCTION

line2.png

He pointed out that I upvoted content created by @dlease writen in Italian language. And on top of that I used my 17k SP FULL voting power (which I really never do). And it seems that this abuse of my account by @dlease has been happening for quite some time already.

I remember signing weeks ago to their site https://dlease.io/ and I had given my trust to this project by linking it with my account via SteemConnect (which I consider safe). During that process however, I wasn't informed that my account will be used to "upvote" their content and I never accepted unauthorized usage of received access to my account (posting key).

FULLY ALARMED

line2.png

I was alarmed right away and one of my first steps was to check steemworld.org/@user (or steemd.com/@user) and have a look at my latest activity. On top of unautorized upvotes for @dlease, I also realized that @steemsports are receiving my upvotes on similar basis. With full voting power, without my approval.

In this case I do not even recognize seeing that account in my entire life and I cannot figure out how they got into possessing my posting key.

It made me realize that the scale of this problem could be potentially bigger than I could expect at that time. So, it's time to build some awareness to avoid such an abuse of our accounts!

IMPORTANT DISCLAIMER

line2.png

My intentions are not to "spit" or offend the team behind dlease or steemsports as I do believe that they are putting much effort into their work. I'm only sharing my own concern and impression that my STEEMit accout (which is my property) has been used against my will. I hope to clarify this problem and build awareness so others would pay more attention to this issue.

I can only hope that this publication will not upset anyone and will serve others, as I strongly believe that most of us never even considered that our upvotes can be "stolen".

SHARE YOUR OPINION

line2.png

I really would like to know what other people think about this situation. I'm sure many of you dear readers have been exposed to similar abuse of your own Steemit accounts. Perhaps many of you don't even know about it (as I did not til @devann contacted me in the first place).

I obviously removed my account from dlease.io and my trust towards this tool is forever gone. I can only wonder if this will be enough to stop them from gaining access to my account or will they continue. Unfortunately only time will tell.

Please share with me if you ever had similar experience. The best way we can fight with these unwanted situations like the one describe above is by building awareness and warning other users. So I would really appreciate each comment (and resteem, which would help reach and bring awareness to more unsuspecting people).

@reggaemuffin explained in comment section the reasons why @dlease has been upvoted from my account, for which I'm very grateful.

Taking into consideration excellent communication and mature response, I would still consider @dlease as a trustworthy project.

I would also like to underline that main goal I wanted to achieve is simple: to build awareness and encourage people to monitor their account activity.

Yours,
Piotr

Sort:  
There are 2 pages
Pages

Just to clarify again what happened here:

@crypto.piotr signed up to steemvoter.com as a free user, which gives @buildteam the authority to use one of his votes a day as compensation for the service. Since @dlease is a @buildteam project, its posts get voted, as disclosed in the footer:

Signing up to dlease itself does not give us the authority to use anyones vote and that is not what we are doing. Technically inclined people can even check which key signed these votes :)

If @crypto.piotr wants to stop these upvotes from happening, he can go to steemvoter.com and disable his account or upgrade it to a premium account. Again, this has nothing to do with dlease itself and deauthorizing dlease will not stop steemvoter upvotes.

upvoted for visibility

Dear @reggaemuffin

I'm again grateful for your explanation and I already managed to remove my account from SteemVoter.

Personally I would appreciate more transparency coming from people creating tools like SteemVoter. Those informations should be clearly visible (instead of small print) during registration.

Currently it does look like hidden cost and I'm pretty sure that I'm not the only one surprissed and my trust towards this team is most likely forever broken.

Again I very much appreciate your help and explanation.

Yours
Piotr

It is true that the old steemvoter.com is not the easiest interface and does not highlight the freemium votes well enough for everyone to understand it. We are working on beta.steemvoter.com as a new interface which will spell these things out clearly and gives users more control. But we did not want to deactivate the old version completely, as many users still use it and are happy with the service it provides.

We worked on the FAQ to state this as clearly as possible and every post that steemvoter.com votes will appear on has the footer that I showed to give you a way to check if this was a legitimate vote. We have disabled registration to the old steemvoter.com for quite some time, as it was not feasible for us to revamp the signup process to be more clear when we have the new beta version.

The service you were using (steemvoter.com) is now over 2 years old and we learned many things from our users feedback since then. It is a deprecated service and the upvotes keep it running for all the users (like you) who were using it. You are always free to disable your account there or move to the new beta version.

I am sorry that this broke your trust in BuildTeam, so I am here to show you what happened, how you can fix this and why this has nothing to do with using dlease :)

If you have any other questions or feedback, you can always talk to us, we listen to all our users!

Dear @reggaemuffin

You've earned my full respect for all time that you invested into your explanations.

If you have any other questions or feedback, you can always talk to us, we listen to all our users!

Honestly I was worried that my post will upset someone from your team and I will feel your anger (flags). I'm glad that instead of downvotes, I received professional feedback.

THANK YOU
Piotr

This was a thing that happened to some users, so we took steps to mitigate it. We are glad that the users are vigilant about unauthorized use of their accounts and try to be as accountable as possible.

No one will be perfect, but we will improve with every feedback we get :) And pinging our staff will get you a quick response to any problem you might have with our services.

Flags on concerned users are not our style ;)

Very professional answer! By the way I love beta.steemvoter ;-)

Seriously respect @reggaemuffin

I think the problem, as @reggaemuffin pointed out, is one of transparency. I remember signing up for Utopian and Dtube and both of those took my votes and I only noticed the small print afterwards.

Anyway like you say, good to see these services thriving and good people like @reggaemuffin running them :-)

Cg

I did not know steemvoter before this topic, but your answers @raggamuffin makes me interested

So you are lease and steemvoter too? So in short you use steemvoter its payment for using it) to upvote your own lease?

Try steemrewarding.com as a completely free alternative to steemvoter, it's designed by holger80 and offers many more customization options.

Dear @reggaemuffin

I added small update to my post.

One more time I would like to thank you for taking the time to reply in very mature and polite manners. You've earned my respect.

Yours,
Piotr

Hi Piotr,
I think that this is related to you using steemvoter. Here a capture from FAQ of Steemvoter:

Since dlease is also powered by Buildteam, I think that explains the reason of the upvotes.

Best regards,
Achim

Yes, this is possible and could be true for @crypto.piotr, if he had signed up for steemvoter.

In my case, when I first experienced it about 3 months ago, I wasn't even a member of steemvoter, and hence it was not related to steemvoter.

Nonetheless, thanks for pointing out steemvoter. I notice some of my upvotes (10 in all) since 14 days ago have been through steemvoter. I, in fact, mistook one of it for vote stealing.

Dear @devann

I would like to thank you again for pointing out at this issue.

The truth is that according to priscreen provided by @achim03 - we all agree for Steemvoter to upvote it's content. I cannot find any mention about my approval for 3rd parties to use my upvotes to reward their content (as dlease is a 3rd party app; it is not steemvoter and I can hardly see any judge or lawer disagreeing with it).

Reality is that my trust towards this tool is already broken :( That shouldn't be this way. And this is not a "professional" opinion. It's an opinion coming from noone but "regular joe".

Yours
Piotr

Dear crypto.piotr,

DLease is not a 3rd party, both DLease and Steemvoter are services by BuildTeam. That is a little bit like Gmail and GDrive, both are owned by Google and thus linked with each other.

If BuildTeam was using your vote to upvote, for example, Utopian or SteemSTEM, then you'd be correct. But the current usage is stated in Steemvoter's ToS.

This is because you are not here enough to learn all the rules and quirks of this place, @crypto.piotr. Signing up for things is only Step One. The whole steem ecosystem is very complex and you need to monitor everything you do here.

If you are only coming in a few times a month, you will not have enough time to figure things out fully. I totally object to the term "vote stealing" in this case, since you gave your permission without knowing what you were doing.

I use @steemdunk for autovoting. I have been very happy with them for 1.5 years. Maybe you can give them a look, but read their terms and conditions if you do.

I also use Steem Dunk! (steemdunk.xyz)

Dear @crypto.piotr

I had experimented with steemvoter about a month ago and signed up for it authorizing it to upvote certain authors. That was about a month ago and it doesn't explain the earlier unauthorized votes selling from my account.

The point I am making is that I did forget that I signed up for steemvoter and authorized it to upvote certain specified authors, until I read @achim's comment. You need to rule out such a possibility for yourself too. You need to be absolutely sure about it as otherwise you might be putting innocent people in the crosshairs.

Dear @Crypto.Piotr,

I don't want to impose or be divisive in any way but, since I've seen a friend who used to use Steemvoter having a similar problem, with another account (can't remember which was it), decided back then to not use it and just keep it stored in favourites 'just in case'.

A great friend introduced me (will keep her identity concealed) to @SteemAuto, that has the autovote feature and a lot of other very useful and configurable tools, it's free and although I share a little bit of my reward income that is completely optional. Plus, never had a problem with it, the only times there were problems they were my fault.

I would even share a lot more to give support for the quality of all the services/tools but will leave that for the time when I become a whale!! x)

Having said that I will only add that, maybe it's time for You to change services/tools to 'better' ones..

All the best,
Cy

BIG THX for always being so responsive @cyberspacegod

Appreciate.
Yours, Piotr

Perfect! I was about to show this before checking through the comments first.

This is the reason why I don't use steemvoter for automated votes as we equally have steemauto offering this service for free!

Posted using Partiko Android

There are many perks that steemvoter does more than steemauto. But to each their own requirement, every good thing came with a price if my voting power already exceeding certain amount, I'd like steemvoter to keep me as subscription base rather than pay with my vote. But currently since I'm still small, I don't really mind if they make use of some of my votes. I'm a happy customer for both 🙂

Posted using Partiko Android

This explains it

Posted using Partiko Android

Dear @achim03

Thank you for that valuable information. That could be indeed a problem. Personally I do not use steemvoter but I remember signing up very long time ago to see what is this software about.

I strongly believe that information that they will be using accounts to upvote their own account should be more visible (during registration) as it would allow to aviod such a heavy surprisses.

Now the challenge will be to remove dlease access to my account and ensure that those unwanted upvotes will not happen in the future.

I also wonder how come that many of @steemsports posts have been upvoted (as I never had anything to do with their profile and I do not share their passion towards NBA).

Thank you again Achim
Piotr

This is sadly not the correct fix as the votes happens on steemvoter.com, so to stop them would require to disable the account there. The @buildteam authority has nothing to do with this. Please read my in-depth comment on what happened here: https://steempeak.com/steemit/@reggaemuffin/re-cryptopiotr-am-i-a-victim-of-vote-stealing-perhaps-your-account-has-been-also-abused-and-you-don-t-even-know-it-20190515t154949895z

Now the challenge will be to remove dlease access to my account and ensure that those unwanted upvotes will not happen in the future.

you can revoke any of dApp by editing this link and replacing the app name: https://steemconnect.com/revoke/@APP_NAME

Example: https://steemconnect.com/revoke/@dlease

I also wonder how come that many of @steemsports posts have been upvoted (as I never had anything to do with their profile and I do not share their passion towards NBA).

It completely an action by @steemvoter it can vote on any post on your behalf and @steemsports is one it's family accounts.

Posted using Partiko Android

This is sadly not the correct fix as the votes happens on steemvoter.com, so to stop them would require to disable the account there. The @buildteam authority has nothing to do with this. Please read my in-depth comment on what happened here: https://steempeak.com/steemit/@reggaemuffin/re-cryptopiotr-am-i-a-victim-of-vote-stealing-perhaps-your-account-has-been-also-abused-and-you-don-t-even-know-it-20190515t154949895z

Thanks for your clarification. I was barely answering the question highlighted and I understand it's from steemvoter as stated in the last part of my comment.

Since you say you are aware of these complaints from users and working to solve it with a new version of steemvoter, there's really nothing more to say other than "good luck and hope it gets released sooner".

We already have beta.steemvoter.com :) just that we don't kick out existing users of steemvoter.com

Does your link work if I used steem keychain to sign in to the dApp, @akomoajong?

Thank you in advance for your response.

No, it uses Steem connect. Steem keychain is just an alternative to steemconnect which was developed by steemit Inc. You shouldn't be scared to use it as it is open source and very secured. Also, if you login on steemit.com with your keys steem connect is even a better option.

I login on steemit and other dApps with my posting keys but I carryout all my transactions through steemconnect because I'm sure of the security.

Thanks @crypto.piotr ,this article have prompted me that I should always read and understood any project or platform modus of operandi before registering especially when it involves registering with SteemConnect.


You have DRAMA!

To view or trade DRAMA go to steem-engine.com.

Could you please remove my account from your list of automatic comments @dramatoken

Yours
Piotr

The dramatoken account only comments when it is called by someone who holds the DRAMA token.

It is notifying you that you have earned a token for being dramatic. I upvoted it after your flag.

You spam my wallet daily, make fake assumptions and post FUD posts prior to doing any research.

You are embarrassing yourself here.

Dear @whatsup

It is notifying you that you have earned a token for being dramatic.

Oh wow :) I love it. So it seem that two people had similar impression. I never thought that I may be considered dramma king :)

You spam my wallet daily, make fake assumptions and post FUD posts prior to doing any research.
You are embarrassing yourself here.

Oh, I clearly see that I upseted you. I will obviously not argue with you and respect your opinion.

Please trust me, that I did go through entire dlease.io website and I read all informations I could find. Should I know that this account is somehow connected with site I sign up to about year ago?

In current age, where people are losing access to their accounts - any activity that one do not recognize should be alarming.

Would you like me to stop bothering you with my memos? I'm mostly promoting once a week content created by other authors and Im doing it by sending memos to all people I engaged with. If you consider it spam and you're upset at my behaviour (unfortunatelly Im failing to understand reasons) then obviously I will not bother you in the future.

Yours
Piotr

Actually to be fair I don't mind your memos and I appreciate downvoting, so we are fine.. maybe I over reacted too.

cheers.

I read this and Resteemed it.

I am pretty sure the people behind @dlease include @thecryptodrive since it may be a @buildteam project.

I am not 100% sure but I think it is there project. I am using their project @tokenbb to build my own Steem-based website and I enjoy their work.

Let's see if they, or someone else, can create a tool for discovering stolen upvoting easily 👍

I made a response to this, he is using steemvoter.com as a free user, which causes the votes, as displayed in the faq there. His usage of dlease is unrelated to votes.

Again I very much appreciate your time and explanation @reggaemuffin

I strongly believe, that others will find this information also very useful and I hope you understand how shocking and scary it may be to discover that your account is being used to upvote some content and on top of that it's initially hard to find explanation.

After all "regular joes" may not connect dlease with steemvoter and without your explanation I would still be "in the dark".

The truth is, that if we go to the bank to open our accounts then we are being informed about all costs. When we buy plane ticket or book a hotel, then we also are being informed ahead about all costs.

Noone is telling us to visit FAQ if we want to learn about some extra expenses. I'm not saying that to attack you or anyone related to dlease/steemvoter. I'm just pointing out that this situations could be easily avoided.

FAQ is not a good place to display informations about extra/hidden cost of provided service.

Yours
Piotr

I'm just pointing out that this situations could be easily avoided.

This is what we have done already, we disabled signups for that old service and added information on each voted post that people can read. Since you signed up to steemvoter.com before we disabled the signups, there was no reason to disable your account on our side, it would be quite unfair to just kick people out of a service they enjoy using so we kept existing users like you.

For me it is important to inform people about what happened with your account as to not spread FUD about @dlease upvoting posts.

Dear @reggaemuffin

For me it is important to inform people about what happened with your account as to not spread FUD about @dlease upvoting posts.

And you did a great job so far.

I used to trade on ebay for many years in the past and I've learned that most customers do not pay that much attention to negative feedbacks received from customers. They mostly pay close attention to response coming from sellers as it does show clearly with what kind of people are we dealing. And it shows how do they handle 'crisis situation'.

And you handled it brilliantly.

ps.
Using full upvote isn't quite fair. After all 100% upvote of someone with 100SP or 20k SP = very different cost for both of those people. But that's already a bit off-topic.

Yours
Piotr

And you did a great job so far.

Thank you, I am glad to hear that!

Would it be possible that you update the post with the information I provided, as to not confuse people who read it?

Using full upvote isn't quite fair. After all 100% upvote of someone with 100SP or 20k SP = very different cost for both of those people. But that's already a bit off-topic.

That is what premium is for. For 3 SBD per month you can remove all restrictions and disable the votes, so once your account has enough SP that this is worth it, buying premium is the way to opt out. We have users with quite some SP who intentionally don't buy premium as they like to support buildteam anyway. In this way we give everyone the option to decide if freemium or premium is what they want.

With our new shop we are even trying out auto renewing subscriptions for user convenience, with 3, 6 and 12 month prepay possible too. https://shop.buildteam.io/product/sv-premium-1-month/

I'm glad you and @buildteam cleared up this issue right away @reggaemuffin and I am sure that builds a lot of confidence in @dlease and all of your other products 😀

I updated my post a moment ago and only now I read your comment @reggaemuffin

ps. the biggest problem I see is the fact, that I couldn't find any informations on dlease.io which could point me in right direction and help me figure out why does my account upvote theirs.

Also in current days people lose their accounts on different platforms almost on daily basis. Hacks are everywhere. Even giants like Binance has been very lately a victim.

And now, just imagine waking up in the morning and learning that 3rd party (of which I didn't know and couldn't figure out) had an access to my account and using it to upvote some content.

That is some scary shit.

ps.2.
Thank for that link.

Cheers, Piotr

Thank you for your kind comment @chrisrice

Yours
Piotr

Same thing happened to me when I was using steemvoter or a auto voting tools from buildteam.I can't remember the exact name of the service I was using.But things like that are supposed to happen when you use some tool for voting or use auto voting system to vote content for you.

The best is not to use that kind of service if it bothers you.It is not vote stealing exactly as you have given them the permission to upvote on behalf of you.

Dear @philipkavan

Thank you for your comment.

The best is not to use that kind of service if it bothers you.It is not vote stealing exactly as you have given them the permission to upvote on behalf of you.

I just learned that information about those upvotes are displayed in FAQ section. I'm not sure if that means that I have given anyone permission to upvote on my behalf. The truth is that it's very tricky way of hiding those expenses.

I strongly believe that each customer should have "black and white" all informations about upcoming costs being displayed during registration. But then, I may be wrong.

Thanks again for taking the time to share your thoughts with me.

Yours
Piotr

Hi friend, @crypto.piotr

I regret that this morning 5:30am Venezuela time I could not answer this message, just a few minutes after reading and sending a message by telegram to a friend, the electric power service was cut off.

Approximately three months ago I realized what was happening with my votes, immediately investigate what happened with my votes because they were used in this way, so speak personally with one of the @buildteam team's CEO to be more accurate. with @thecryptodrive he answered my questions and was an extremely polite person just like you are my dear @crypto.piotr friend.

If you are very right when your votes are used without knowing how an account is using them. I see that @reggaemuffin who is also part of the team has already explained very well how our votes are shaped.

After talking to @thecryptodrive I read one of his publications which I thought was very important for the community that speaks Spanish, and asked for his authorization to translate that post that I liked, he agreed to that request.
He invited me to do the translations into Spanish in future publications.

I think it's a good job they do, I also regret not reading the small letters and not going to the frequent questions but my doubts were clarified.

Thanks for this publication so many people can clarify their doubts about it.

Friend. @crypto.piotr

I send you a big hug very fraternal.

Dear @lanzjoseg

Did you lose electricity again? Omg. It's happening more and more often, right?

He invited me to do the translations into Spanish in future publications.

Excellent initiative!

Thank you for sharing your thoughts with me.

Cheers, Piotr

It's all about security in this day and age, my friend. It seems a thief can get more from a cyber attack than from invading your home, and with less risk! And in my experience when I forget about security, or when I think I am doing everything necessary, THAT is when something seems to happen. I do hope that you avoid instances like this in the future.

Dear @peacefulpatriot

I just realized that I never actually thanked you for your comment. Somehow I missed your reply and I only had a chance to read it now.

Cheers :)
Piotr

@crypto.piotr I have just noticed a memo you have been sending out as per screenshot below, both my accounts received it and haven't investigated how many of these memos you have sent out. We have been very amicable and helped you with your technical support issue and instructed you how to remove your account from Steemvoter which you signed up form on the terms that we can use one vote per day on any of our projects.

You have followed our instruction and have now disabled your Steemvoter account, our replies were timeous and we were co-operative so I see no reason why you would need to spread FUD widely via memo.

To me, it looks like drama being created to get some votes on your post, the post itself was unnecessary and so was the memo, they are bordline defamatory and at the very least very inflammatory.

Dear @thecryptodrive

We have been very amicable and helped you with your technical support issue and instructed you how to remove your account from Steemvoter which you signed up form on the terms that we can use one vote per day on any of our projects.
our replies were timeous and we were co-operative so I see no reason why you would need to spread FUD widely via memo.

I fully agree and for that reason I added "small update" at the end of my post:


I had a pleasure to "talk" to @reggaemuffin and indeed clarify this issue. Please try to understand the way someone can feel (panic mode) seeing suspisious activity on his/hers own account. Activity he/she cannot recognize.

To me, it looks like drama being created to get some votes on your post

I understand that it may look like this from your angle. Reality is that I care only about valuable comments and all my rewards from posts/comments I'm transfering as a weekly support to group of few Venezuelans (project #hope):
https://steemit.com/steemit/@crypto.piotr/two-in-one-my-happy-birthday-and-raise-of-project-hope

I'm spending over 400 STEEM a month supporting those content creators and my goals are absolutely far from earning anything on upvotes.

Again thank you for your patience and time,
Yours
Piotr

It would be good to have a [solved] in the title and a link to my comment at the top of the post. As you have learned, small footer updates are easy to miss 😜

Hello my very dear friend @crypto.piotr.

Thank you very much for this valuable and informative post.
Immediately I did Resteem.

I do not know if I'll be a victim of vote-stealing. I will try to find out in some way.

I remember having signed a few weeks ago on your site https://dlease.io/ and I had given my confidence to this project when linking it to my account through SteemConnect (which I consider safe).

Related to the use of Steemconnect. I have always thought that this tool is very safe. I always use it to register in all those Dapps that unite over the blockchain STEEM.
Each time we log in, these applications are registered in our history:

I've always wondered, how can I eliminate them from there?
Many of these applications I only used once out of curiosity.

Steemconnect has a revoke function. Go and explore. I included a revoke link above in my reply. U can use that shortcit by changing the dapp name.

Posted using Partiko Android

Thank you very much, dear friend.

Hello @crypto.piotr, thanks for sharing this information.

It is something very serious what you describe and an abusive attitude of someone to whom you give your trust and take advantage of it to make profits without your consent.

Particularly I have no knowledge that something like this has happened to me but I'm going to take a look to see what there is, although I think that they are not interested in an account with a low voting power.

Thanks friend.
Pr EV

He signed up for Steemvoter. In the Steemvoter ToS, they clearly state that you authorize them to use one of your votes a day on a post from one of the BuildTeam services. If you don't want that, you can pay a small fee for a premium account.

Technically, consent had been given here, he probably just didn't read the terms of service.

Calm down buddy, no big deal here. That's because you're using buildteam auto upvote facility. One of their criteria is to make use of some of your votes to compensate their promotional post including steemsports and dlease, which is their subsidiary. All these has been spell out in the terms and condition of steemvoter. In order to fully remove yourself from the said "abuse", you may follow below:

https://app.steemconnect.com/revoke/@buildteam

And you'll be fully revoking all your authority from the said services. Meanwhile, I'd like you to review your posting authority in steemd. You may wanna consider to delete a few that you don't use anymore. Have fun.

Posted using Partiko Android

This is sadly not the correct fix as the votes happens on steemvoter.com, so to stop them would require to disable the account there. The @buildteam authority has nothing to do with this.

As informed by @thecryptodrive , yes the older version need to delete posting key stores in the database.

Posted using Partiko Android

The older version of Steemvoter is old tech which stores the posting key in a database, so the only way to disable it is to login and delete your account. It doesn't use Steemconnect auth.

Good morning. Oh wait, it's midnight at your place. Yes, totally forgot the older version need to put in posting key. Actually it's one of the safest way to authorize for votes trailing in my opinion 🤓 Sadly, not many of the world understand how precious that is.

Posted using Partiko Android

@davidke20
Thanks for these insightful observations. I know of steemd.com and consult it multiple times per day, to check for replies and upvotes. And when I check https://steemd.com/@crypto.piotr it looks like he has delegated posting authority to seven different entities. Is that correct? And giving someone/something one's Posting key allows them to vote with one's account?

Steemd will show those apps one have authorized ACTIVE key. And active key not only authorized for posting, also activate custom json for online scripting. Way much larger authority than simple voting authority alone.

Posted using Partiko Android

Oh yeah, that reminds me. A couple months ago I was looking at some little gizmo that let you compose your blog posts and mark 'em up and whatnot. But when I went to sign up for it, it wanted my Active key, so I dropped it like a hot potato. It seemed to me there was no reason for it to need any more than my Posting key.

It depends on the way a platform handles your posting authority. In #esteem app, you can choose to use 3 types of posting authority.

  1. By furnishing only posting key, you're strictly limited to authoring post, upvote and minor navigation

  2. By authorizing active key, you're strictly limited to he usage of wallet function. Back in the older version, I have always been using esteem as my convenient wallet.

  3. Master key, can use both. But if you lose your phone, good chance is you lose everything.

Now the latest version of 2.1 will be using active key authority. Can handle both wallet and posting function. It's just the way how it's being designed. No right or wrong. People play drugwars with active keys. Do they have a problem? That's because DW required to send custom json on behalf of account owner.

Posted using Partiko Android

I completely agree with you, mate!

@crypto.piotr follow @davidke20s' instruction and the upvotes generated by "steemvoter" (that use @buildteam Authorization) will stop.

image.png

Cheers!

This is sadly not the correct fix as the votes happens on steemvoter.com, so to stop them would require to disable the account there. The @buildteam authority has nothing to do with this.

Thanks for specifying it, @reggaemuffin, and sorry if in good faith I indicated the wrong solution.
Can you tell us the correct way to leave the @steemvoter service? 🙏

He usually skip my replies until later 🤣 we know each other's like forever, he will probably think whether my words are a joke or real, he would save that for the last, or forever forgotten 😂

Posted using Partiko Android

👍 Each of us builds our own reality, based on many factors including beliefs and thought patterns... everything is OK! 😉

Dear @davidke20

Thank you for your time David. Luckily this issue has been already solved. Thx for calming me down :)

In current days people lose their accounts on different platforms almost on daily basis. Hacks are everywhere. Even giants like Binance has been very lately a victim.

And now, just imagine waking up in the morning and learning that 3rd party (of which I didn't know and couldn't figure out) had an access to my account and using it to upvote some content.

That is some scary shit.

Yours
Piotr

!dramatoken

Hi @grey580

What means !dramatoken?

When you make the !dramatoken command and you have at least 10 drama tokens on steem engine. you get to issue drama tokens. So you have been issued drama.

This is a prime example of why I am so vigilant/paranoid about any service on Steemit. Now, unlike @crypto.piotr, I do not have enough SP to be worth hijacking, but the principle is the same. I also keep a close eye on https://steemd.com/@redpossum although that can be a bit flaky/laggy in reporting my activity.

In general, I am very relucant to give any of my keys to anyone or anything. In part, I suppose this is because of my background as a network admin, but I do strongly believe that in matters of security, a little paranoia is a good thing. Better to be too suspicious than not suspicious enough.

Dear @redpossum

my background as a network admin

I can only envy your knowledge.

Better to be too suspicious than not suspicious enough.

VERY WELL SAID!

Thx for your comment buddy,

In current days people lose their accounts on different platforms almost on daily basis. Hacks are everywhere. Even giants like Binance has been very lately a victim.

And now, just imagine waking up in the morning and learning that 3rd party (of which I didn't know and couldn't figure out) had an access to my account and using it to upvote some content.

That is some scary shit.

Yours,
Piotr

@cryto.piotr, thanks for sharing this information. I wasn't aware of such a thing. Be sure you do the necessary thing to get your account back to your control fully.

Posted using Partiko Android

In reading this article it got me thinking.

Is there a way to see all of the apps you have connected with ( using steam connect) and what rights you have given?

I know there are ways to see delegation but not sure if there is ways to see who you have connected with and what rights you have given them to your account.

I think if there was a service or a way to do the above, a easier method to track down and remove permissions for various apps, a lot of issues like this could be resolved in a timely manner.

I read the rest your post and it looks like you've got it sorted out now. Good luck!!

If you go to this link
https://steemd.com/@jacuzzi and scroll down and look to the left you will see this:

This shows which accounts you have given posting authority to.

Thank you @thecryptodrive

Very valuable information.

Hi @thecryptodrive, if I change my master password would it automatically deauthorize the accounts I had previously authorized using the old keys? I am of the view that it does, but to be doubly sure, would appreciate your advice.

Thanks in advance for your answer.

If you are referring to the old Steemvoter then yes changing password changes your keys, so the key stored in the db wont work. But just log into steemvoter and delete the account anyway. PS allowing us to use your votes helps to keep our developers paid and developing and maintaining great services like Ginabot, dlease, steemvoter, dlease, minnowbooster etc basically all the projects and team members on https://buildteam.io

Sorry, you got me wrong. I was referring to all the accounts I have authorised to use my posting key and that appears in Steemd.com. I haven’t thought about deleting Steemvoter yet.

Posted using Partiko iOS

Ah no you likely will still remain authorised that’s the downside of authority vs storing posting key like the old steemvoter does. You will have to deauthorise one by one https://steemit.com/steemit/@lolicorn/how-to-revoke-posting-permissions-for-steem-apps-via-steemconnect

Reminds me of hotel California! Thanks for the info @thecryptodrive. Much appreciated.

Posted using Partiko iOS

Hi @crypto.piotr, thanks for such post. It's a good alarm for us beginners so we won't just simply enter and sign up any invites we receive. Thanks a lot! Mabuhay from the Philippines!

Posted using Partiko Android

Dear Piotr,

This is very serious. This should be thoroughly investigated. I will be re steeming this so others could read it too.

I have never heard of this happening before on steemit and I don’t have any opinions about it

That doesn't sound good.
Maybe @themarkymark has a point and we do need voting keys after all.
Didn't expect to see an example so soon after I heard the idea for the first time.

Posted using Partiko Android

This is a matter of concern for us all. My account is my property and no body has a right to do things in my behalf which I have not authorized to do.

Well, he did authorize Steemvoter to do this. If you sign up for the service, you can either pay a small fee for a premium account, or you can use it for free but they are allowed to use one of your votes per day.

Steemvoter belongs to BuildTeam, and BuildTeam also owns DLease, so the vote on DLease falls under the same rule. It's still just one vote a day at most.

Bottom line: Steemvoter (BuildTeam) did exactly what they were authorized to do by this user.

Dear @suesa

On one hand you can say that user made mistake and authorize Steemvoter while registering and this user didn't find information in FAQ about costs of having account on Steemvoter (not only using it, but simply having account created). I understand.

On the other hand people like me can get stressed with possibility of someone hacking into their account (unaware that there is some relationship between Steemvoter and Dlease).

That should be avoided really. And could be. With a bit more transparency (FAQ is not a place to inform people about hidden cost).

Anyway I'm glad that problem has been resolved.

Yours
Piotr

Hi Steemians,

I found steemify app very useful in monitoring my own upvotes as the app sends out notifications of the upvotes in real time. If you are not using steemify, then the other option is to check through steemworld.org. Remember to upvote @steemchiller's posts to support him in maintaining steemworld.org.

Dear @devann

Appreciate your comment buddy.

Cheers, Piotr

Nothing to worry about, you see, I've noticed we humans sometimes to read the rules and regulations when entering a new chart. You might have signed that along with your steemconnect. Who knows.

I also experienced this a lot too. Am even thinking of changing my posting keys.

Thank you for your comment @botefarm

Appreciate.
Yours, Piotr

@crypto.piotr
True appreciations for your valuable concern.

Thanks for warning everyone about the dangers of using these auto voting mechanisms. Hope, no one ever, gets victimize by these tactics, again..
Thanks for the alert.

jeoleena :)

Posted using Partiko Android

Someone already provided the information on the comments section. ;)

Posted using Partiko Android

Importante información para estar pendiente y considerar antes de otorgar permisos extraños.
Gracias por compartir para que estemos prevenidos.

I'm glad that all now clear but I think it will suprise if you don't know about this vote functions of Steemvoter.

Posted using Partiko Android

Dear @travoved

Thx for your comment buddy,

In current days people lose their accounts on different platforms almost on daily basis. Hacks are everywhere. Even giants like Binance has been very lately a victim.

And now, just imagine waking up in the morning and learning that 3rd party (of which I didn't know and couldn't figure out) had an access to my account and using it to upvote some content.

That is some scary shit.

Yours,
Piotr

Yes last week Binance show us that we always should be careful in Web and remember about safety of our data, accounts and passwords!

Posted using Partiko Android

The real problem is that SteemConnect lacks granularity, and as a result, it is hard for users to grasp what kind of a contract they enrole themselves in when they sign up for a service.

It's not the fault of the service, it's the fundamental usability and security issues that arise from course grained TTP usage.

I wrote this post on the need to rid ourselves of all TTPs in the STEEM ecosystems. The post includes a link to a proposal for facet contracts that could serve both the users and service providers to communicate in terms of fine grained non ambiguous least authority service contracts. I really hope Steemit Inc or a funded user initiative will soon pick up this issue and help send SteemConnect and other newer TTP initiatives where all TTPs in a blockchain based eco system belong: in the past.

Dear @mattockfs

Thx for your amazing comment. Appreciate it a lot.

You clearly have knowledge which regular people (kind of like myself) are lacking and it's scary to think that my own account has been compromised.

Thanks for sharing link to your post. Will read it tomorrow with a fresh brain :)

The problem I see is that security and safety doesn't go along with mass adoption. Majority of population already doesn't understand what blockchain technology is about. If things will get more complicated and learning curve will become longer, then mass adoption will be surely affected.

Eh ...

Yours,
Piotr

@achim03 has already pointed out the reason behind the situation you are facing. I will advice you unauthorize steemvoter and start using steemauto for your automated votes. It's completely free and open source.

I am aware that groups to which you subscribe can request you to follow their voting trail, meaning when the account which you are following upvotes a post, your account also upvotes automatically. But the difference is that you knowingly sign into it and you can set your voting power for such upvotes.

Without your consent and knowledge using your votes is plain naughty on their part.

Posted using Partiko Android

Well, it's in the Steemvoter ToS that one upvote a day can be used to upvote a post from one of BuildTeam's services (Dlease is one of those). If you do not want this, you have the option to buy a premium version.

Technically, he consented to this.

Yeah, noticed that now @suesa. Thanks!

Posted using Partiko Android

Dear @suesa

Technically I indeed agreed and sign up for it year ago and I didn't find this "small print" explaining those upvotes, partly because it is information displayed in FAQ section (wrong place really).

So saying that technically someone accepted hidden costs is not a solution. That will sooner or later upset other people (like I got upset and scared). And discussions like this one could be avoided (definetly it's not a good marketing for dlease or steemvoter). And this is something also worth considering.

Regards
Piotr

Thank you for your comment @oivas

Appreciate.
Yours, Piotr

Luckily, with this kind of technology, we can be sure know are using our account for unauthorized upvotes, using steemworld, will be very fast.

Hope some expert on the blockchain itself can explain, if an account delegated a portion of a steem power, can really use the account delegatee of the total voting power.

Does it mean, that when we entrust our posting key to an app, that steem dapps can make use of our account up to 100% in terms of voting power without our consent?

Let us be aware of that fact, and be quick to remove them to the dapps we allowed our keys.

We need more information about these issue.

Luckily, with this kind of technology, we can be sure know are using our account for unauthorized upvotes, using steemworld, will be very fast.

That's very true @guruvaj

Thank you for sharing your thoughts with me.

Cheers, Piotr

Always welcome.

Posted using Partiko iOS

Hey, @crypto.piotr first of all thank you for your memo and the interesting post. I just scrolled through the comment section and wow you hit a topic which can be considered HOT.

I had to laugh because I saw some drama tokens provided to you. I think you did a good job presenting the issue to the community. I can feel you that it is shit when you see that someone is using your built account to upvote something which you are not aware of.

I think it would make me angry too. Probably you reacted a bit to hard on the topic but I appreciate that you made an update to the post, relaxing on the front!

Keep up the good work my friend, it is always a pleasure to talk to you.

Dear @mcnestler

you hit a topic which can be considered HOT.

It can be considered "dangerous". For me. Luckily it didn't end that way.

I can feel you that it is shit when you see that someone is using your built account to upvote something which you are not aware of.

That's exactly my main concern.

Probably you reacted a bit to hard on the topic but I appreciate that you made an update to the post, relaxing on the front!

I reacted like anyone who invested over 1 year of his life into some project would do, seeing that his account is acting "strange". PANIC MODE ON! :)

Thank you for sharing your thoughts with me.

Cheers, Piotr

That's so strange and absurd. Even though they wont inform you, at least they would have written it as part of their policy.

This is unbelievable or is it?
These auto voting bots are probably not a good Idea then.
I know it will take more effort to vote manually but if we think about it that is what steemit should be about. Searching for our favourite posters' reading evaluating and voting on the ones we find worthy.
Sorry this happened to a well meaning person such as you Piotr.
Life is all about learning from our mistakes I guess.
Just be pleased that you didn't lose physical money no real harm has been done to your account.
Time to rethink your tactics and move on with the great support you give us all.
Have a great day my friend 😎

Posted using Partiko Android

In my case, I never experience that but if it will be in my case I will get mad. Our votes should ve used for those deserving steemians I think.

Maybe you should check it again to avoid being used your votes in a wrong hands.

Posted using Partiko Android

Dear @mrnightmare89

Appreciate your comment buddy.

Cheers, Piotr

this is very worrying mate. I will follow the outcome of this with great interest. I have never heard of steemsports also but will be checking my posting permissions and removing as necessary. Thanks and I hope we can get to the bottom of this.

Posted using Partiko Android

I've never heard of such a thing until now. I doubt I'm at risk as my voting power is quite small but it is concerning you seem to have been conned into this. That's the best case scenario, the worst is that your account has been compromised without you having mistakenly given permission..

Also alarming is the news of a bug that is not allowing accounts to use the RCs that they have. They get a message saying that they need rc to comment or post etc. when in fact they have sufficient rc...

Posted using Partiko Android

FREE is never free. He wasn't scammed. He didn't read what he signed up for. lol.

Buyer beware.

Dear @dramatoken

You can say, that echnically I indeed agreed and sign up for it year ago and I didn't find this "small print" explaining those upvotes, partly because it is information displayed in FAQ section (wrong place really).

So saying that technically someone accepted hidden costs is not a solution. That will sooner or later upset other people (like I got upset and scared). And discussions like this one could be avoided (definetly it's not a good marketing for dlease or steemvoter). And this is something also worth considering.

Imagine outrage if you would find somewhere on Facebook FAQ that they are openly saying that by using their service you're allowing to sell your private data. They could say, that technically you agreed to it. But would you be upset and angry? Same thing. It's all about being transparent.

Regards
Piotr

Thank you for your comment @skramatters

Appreciate.
Yours, Piotr

On the beginning I just thought that you configured incorectly your account on the steemauto.com but ater @reggaemuffin's explanation about this tiny detail written with the small letters on the steemvoter.com it seems to be somehow excused and legit. it's their rule and as long as we are going to use their services we suppose to obey their rules.

Great that at the end things were clarified in good terms👍

Posted using Partiko Android

Hello Piotr, I hope you are well, reading your article scares me a little, because it made me remember the person who entered this world, he was a writer of beautiful poetry and sonnets, and always had good votes and obviously many steem and sbd , but one day, when he came to publish what he had done the night before, he realized that all his steem had been stolen, and his voting power was on the ground.

He could not recover what was lost, neither his account nor his reputation at all.

I do not know what prevention we can take in these cases.

Greetings from Caracas.

Dear @pauli0606

This is terryfing story! :/

I do not know what prevention we can take in these cases.

Being aware of the problem is a good start.

Thank you for sharing your thoughts with me.

Cheers, Piotr

@steemsports I know this account gets upvotes if you've used in past: https://steemvoter.com/

I know this one.

Thank you for your comment @bartosz546

Appreciate.
Yours, Piotr

Omg, that's very horrible and terrify @crypto.piotr bro :O

Hopefully, we won't be the victims for this unfortunate event~

You are one of the "victim" 😏, you didn't even check who'd u voted for.

Posted using Partiko Android

Omg, I'm so terrifying now 😂

Terrify what? Read the terms.

Posted using Partiko Android

Actually I'm also very worried, especially I don't really understand everything and to ask questions takes a long time, I often use steemconnect for certain applications but the problem is danger or not I also don't know, just follow it🤗

Posted using Partiko Android

Thanks for sharing this valuable info @crypto.piotr, and I also checked out the comments explaining how it happened, I will not be using Steemvoter in the future, I had thought of checking them out but with this info I will not.

Dear @crypto.piotr, that theft of votes may be possible in some cases but since you registered on steemvoter.com no problem is simple as it says @reggaemuffin you have to disable the account, that is the solution.

As steemvoter.com belongs to @buildteam that has several similar projects like the ones you mention from @dlease or @steemsports, so you gave him the authority to do it, so there's no problem.

It seemed strange to me, but when investigating and reviewing my last activities and I don't found nothing suspecious, I suppose it would be what @reggaemuffin says and that's it, I also think that @devann should share his experience of vote-stealing since he was not registered on steemvoter.com and that is very strange.

Thank you for reading!

Hi @awfunn, thanks for inviting me to share my experience.

About four months ago, I started to experiment with vote selling through minnowbooster (by buildteam). I found it useful to automatically upvote posts on steem whenever I am not active.

After about a month or so on minnowbooster, I discontinued the service and opted for vote selling on smartsteem. Shortly after that, I configured smartsteem setting to blacklist a particular account from buying my upvotes, as this account was receiving too many of my votes. This account is an aggressive buyer of votes. I didn't like the fact that most of my upvotes were going to this particular account. In addition I didn't quite like his genre.

After the blacklisting, someone was still upvoting posts authored by this blacklisted account. This is when I started investigating and found that besides the blacklisted accounts, my votes were being used to upvote other accounts too. Because I had a blacklisted an account I could detect it without much investigation, just my merely watching the notification on my steemify account. However for the other accounts I had to do a comparison of the upvotes in the smartsteem records and the actual upvotes in the blockchain, using either steemify notifications or the steemworld.com.

As a first step I sent an enquiry to smartsteem and requested for clarification. Smartsteem replied saying that it is not one of their staff and since I had then authorized about 25 dApps, the vote stealing could be from any one those 25 dApps.

I then changed my master password (and consequently all the 4 other sets of keys) and subsequently used less than 10 dApps using my new keys. For about 2 or 3 weeks after that everything was okay and then the vote stealing started again. This time I had to change the the master password for the second time again.

Since then I have not been very vigilant in looking for vote stealing because whilst the vote selling on smartsteem is active it is quite difficult and time consuming to continually and regularly do a comparison of the actual upvotes against the upvotes in smartsteem records (and my own manual upvoting). It would be easier if I am not selling votes and probably that is what I will do next to make the process easier. Notwithstanding, the random checkings I conducted now and then, did not disclose any discrepancy except for the false positive that triggered this post.

Hi @devann, this topic is interesting, my team and I usually do not use any system of selling votes or buying them, we have not registered on any web of that type, so we have not had any problem with that , but I hope that you solve your problem and that it does not happen again, @crypto.piotr is a great friend who shares interesting things with us, but this one astonished us, nevertheless when reading the comments we reached the conclusion that the best in Steemit.com is not to register in any third-party application that did not participate directly with Steemit.com, we have made several posts and we will do one on topics such as websites outside the core of Steemit.com

Thank you for sharing your story and for reading.

Thank you for your comment @awfunn

Appreciate.
Yours, Piotr

You're welcome dear @crypto.piotr, and also thanks to you for sharing this with us to be alerted to the theft of votes, because someone has gone through this.

your POSTING KEY??? How? Why???

Can they do the same with any account?

Change your Steemit password immediately, all of them!

Just in case!

Dear Piotr, i am using steemvotes.io and vote club from steem-bounty as upvoting service, but of course my account is not so powerful to see some abuse on it, i just enjoy to see my post getting upvotes and perhaps more visibity...
Before i was using minnowbooster, but after they downvoted my comment to @drugwars, i stop to use them and i am happy like this...

Hi @ripto.Piotr, I have not been affected with a similar situation however, I have no doubt the unscrupulous people running around committing abuses and fraud. These days we mentioned among friends to buy votes, an action that is not 100% safe but may attract negative votes granted to other accounts which are used (I do not know if with the authorization or not) to provide benefits. With this content remains for me even more doubt. Greetings, attentive to your comment.

Thank you for your comment @belkisa758

Appreciate.
Yours, Piotr

Dear Piotr,

I didn't have this type of issue so far!

I use https://steemrewarding.com/ for SBI upvotes and https://steemauto.com/ for automatic upvotes of the curation trail @curie.

Haven't seen any irregular voting from either service!

Cheers!

There are 2 pages
Pages