Wallet App Soft Roll-Out is Live!

in #steemit5 years ago (edited)

Major post copy.png

In our engineering update released earlier today we announced that we would soft roll-out the new Wallet app. Well, we are now happy to announce the soft roll-out of the new Wallet application! To see what we mean, head on over to steemitwallet.com. For the time being, a full version of Condenser will be running on steemit.com, but once the Wallet app has been sufficiently tested, the new Social app will be rolled out to steemit.com. At that time, users who attempt to access their Steem wallet will be redirected to steemitwallet.com, so it was very important to maintain a consistent user experience. At that point, the Condenser Split will be complete.

Check It Out

The reason we are following this soft rollout strategy is so that users can begin familiarizing themselves with this new application, so be sure to head on over to steemitwallet.com to see what the experience is like. One change you will see on steemit.com is that when you try to sign in with your Active or Owner Key, you will now receive the following warning:

login-with-posting-key

The goal is to make the User Experience between the two applications as seamless as possible, so if you notice anything disruptive in this experience, please leave us feedback in the comments section below.

The Mission

Our Mission at Steemit is to help build great online communities with financial inclusion. To that end, we envision a vibrant communities web application that features cryptocurrency incentives, the development of which is economically sustainable and scalable. Splitting Condenser into separate Social and Wallet applications will constitute a major step toward accomplishing our mission by enabling us to improve each application faster, consume fewer resources, and generate more revenue, while maximizing user security by enhancing the client-side signing experience.

The Steemit Team

Sort:  

I'm still confused. What was the benefit of devoting resources to this split again? Is this just duplicating functionality for other platforms in a cleaner format?

This split provides us many advantages, but I will list a few:

  1. Since condenser (the software that powers steemit.com) will soon not have a need to handle high value keys it will be much easier to add new features to the social media side (steemit.com) without as much security review. This means it will also be much easier to merge in desired community contributions.
  2. It is more cost effective and efficient.
  3. It is an excellent opportunity for education regarding the Steem blockchain's unique hierarchal key system which helps to keep user's funds safe and secure.

Thanks for the reply

Posted using Partiko Android

Thank and hope think enables my PRs to be merged soon :) e.g., https://github.com/steemit/condenser/pull/3193 and more.

Good to see this. I hope this helps make the wallet more stable and reliable. It has always been the buggiest page on the site but the most important to most people.

It looks like their 1.0 release had a Google Analytics requirement. That was always one of the necessary evils of the social site that I had hoped would eventually disappear. Guess not.

I agree with you - the less of google, the better...and safer for us. I wonder what Steemit will do if they decide to block us.

It is amazing that we've have been flooded with examples of why we should keep away from FB/Twat/Goog/Apple and so on, yet it seems people only learn from firsthand experience.

I know you do not need my tiny vote, but I am giving it on principle - if you have not done or said anything wrong in this comment, people should not be allowed to flag...because of other arguments you may have had with them.

I only voted for myself because my comment became 'hidden'. It seems some truly have popcorn for brains.

Needless to say, this is a great development on Steemit.inc's part.

As a company-run Steem account, we've been forced to work around certain issues when it comes to Steem-related activity particularly because of our security concerns.

We look forward to testing this wallet feature and will try to give feedback or comments whenever possible.

Great work. Are you going to integrate with Steem Engine tokens as well? You should speak with @aggroed about making that happen. Seeing Steem Engine custom tokens in the wallet would be great. Also, can we please get Steem Keychain support as well? Entering private keys/passwords is not ideal.

We are planning to integrate Keychain, but we have to get through our priorities first. As far as integrating Steem Engine tokens, I personally like the idea, but again those pesky priorities ;) It would seem to me that just integrating Keychain would be the ideal solution as that extension has support for Steem Engine tokens. In many ways, we're always going to be the last to adopt certain things because as the focal point of the ecosystem we have to be the most careful with user experience and user security. Thanks for the ideas!

@beggars @andrarchy
KeyChain does not seem a priority to ME, since it does not run on MOBILE< which you guys seem so abhorrently blind about?!
Yes?

And steem-engine should be available ASAP please, since it BESTs anything SMT will ever do IMHO.

The idea is that you would have both options. If

Posted using Partiko Android

That's a whole lot of money to dangle in front of the federal government of Colombia, who administrates and ultimately has control over the .co TLD and all domains within it.

We have decided to go with steemitwallet.com instead.

AGREED
You guys can be so clueless sometimes...

Will the Wallet App always remain at https://wallet.steemit.co/ ? The issue I see is that as a user, I am cautious of the domain name being changed on me without me noticing it (a common tactic used by scammers is to create an identical-looking website on a domain name closely resembling the genuine website's domain). So I would be extremely cautious and unnerved if a website redirects me from steemit.com to steemit.co. I would immediately think there is a security compromise and that the steemit.co website is owned by hackers/scammers. If the domain name is sufficiently different, maybe if it includes the word "wallet", then I'd be much more confident that I'm on the official website.

Furthermore, if it's a sufficiently different domain name, could the Wallet App be used by multiple Steem dApps?

I think you bring up a good point, but there important security reasons for the separate domain for the wallet app. I think the real solution is making sure that everyone knows that this other domain is safe and secure, in fact it is safe and secure because it is a separate domain. Most users won't notice the domain name change and for those users security will go way up as a consequence of this change. For those users who are more aware of security risks (kudos for being one such user) we should make sure they know that this is a trusted domain, but as they are by definition the more educated, I don't think that should be a huge problem. Again, great points and thanks for the thoughtful comment.

Thank you for your answer! I absolutely understand that there can be security advantages in having a completely separate domain name. I completely agree there. My main point is that steemit.co looks like a phishing site, so a sufficiently different domain name, like wallet.steem.com (kudos to @vikisecrets for proposing that one) might be much better. Or another completely different domain name.

My thoughts were very similar to thoughts of @borislavzlatanov. IMO address wallet.steemit.co looks shady. When I noticed that, I've actually double checked, from where I got this link. I calm down after realizing that wallet.steemit.com redirects to wallet,steemit.co as well.

Why not use address https://wallet.steem.io/ ?

We have decided to go with https://steemitwallet.com instead.

Thanks for the feedback everyone.

Thank you for hearing the feedback, @justinw! I think this is a much better domain choice.

Yeah, I agree. I hope this (sub)domain is for testing purposes only.

As they said they will split the wallet and social media part I am pretty sure the subdomain will stay.

The subdomain is on a different domain (steemit.co), not steemit.com. Although I expected a standalone domain, I can live with this choice.

Posted using Partiko Android

You may use this active key on other more secure pages like the Wallet or Market pages.

Getting this error on a "Wallet" login page when using the active key

Screenshot 2019-03-09 at 7.25.29 PM.png

deleted

I checked out the wallet and there are a couple of things to note.
Edited update:

(1) Now I cannot login to my steemit account on the main login page using any of the keys. Except it seems in the comments section?
(2) Cannot reveal my keys in the wallet. It just keeps asking for the acitve key as mentioned by @techcoderx

Posted from busy.org as steemit is only allowing me to login in the comments section?


login error.jpg

I'm guessing that the final product has not been fully implemented yet?

Thanks for the feedback. We're now allowing login to the wallet with any key associated with your account, including the active key.

Just had a little problem with a transfer from the wallet. I was logged in, but the wallet wanted the active key.

Transfers will always require an active key. This is not a new change and is (and always has) been at the blockchain level.

Great work, but why wallet.steemit.co and not wallet.steemit.com? steemit.co sounds a bit like a phishing site. wallet.steemit.com would be better and more familiar or host the wallet under wallet.steem.com if you want to use a different domain. steemit.co sounds phishy.

Great question! From what I understand, a big part of the security benefits that are gained from this split result from hosting the app on a different top level domain than steemit.com. Steemit.co is basically as familiar as you can get with a different top level domain. There may be some education required to instill confidence in this new domain, but we believe that the security gains are worth it. It's analogous to the argument against multiple keys. Yes, having more public-private key pairs is more complicated, but the alternative is like using the same password for your bank account and Facebook account.

Ok I understand the reasoning, but using steemit.co instead of steemit.com seems like a typo or phishing attempt, why not use wallet.steem.com or a completely different top-level domain such as steemit-wallet.com? This would look more professional.

Agreed; I was thinking that it was a typo when I read the URL as well. I guess we will get used to it though.

What a sham!

Still doesn't have SBD conversions.

You can use SteemConnect to do this if your in a pinch.

https://steemconnect.com/sign/convert?owner=socky&requestid=1234567&amount=1.000%20SBD

Sorry about all the sharks that will follow this comment, you can thank @fulltimegeek for that spam.

^flag
!gif popcorn
@themarkymark

 5 years ago  Reveal Comment
 5 years ago  Reveal Comment
 5 years ago  Reveal Comment
 5 years ago  Reveal Comment
 5 years ago  Reveal Comment
 5 years ago  Reveal Comment
 5 years ago  Reveal Comment
 5 years ago  Reveal Comment
 5 years ago  Reveal Comment
 5 years ago  Reveal Comment
 5 years ago  Reveal Comment
 5 years ago  Reveal Comment
 5 years ago  Reveal Comment
 5 years ago  Reveal Comment
 5 years ago  Reveal Comment
 5 years ago  Reveal Comment
 5 years ago  Reveal Comment

Perfect, just what we have been waiting for.
Is there any future possibility of integrating with hardware wallet support like ledger or trezor?

Posted using Partiko Android

This, along with a streamlined way to make a paper wallet, would be very cool!

Posted using Partiko iOS

I have a template I made in Microsoft Word to create a paper wallet with your public keys and private keys via QR Codes. And also a spot for your owner key.

If you'd like the template, let me know. I can upload it to my web server and provide a download link.

Even if it was only for master or owner passwords and required a change to impliment, I would be happy since those aren't used often but very important.

Posted using Partiko Android

That's up to the hardware wallet manufacturers. Steem can already be integrated with such wallets. If users want that, I suggest they reach out to the wallet companies. We'd love for Steem to get integrated and would be happy to offer technical support.

I would love to see Steem on Ledger hardware wallet! I was under the impression that Ledger charges for this???

I mean it works fine but whats the point of it ? There was already a wallet systems in here and there are higher pressing matters that should be being worked on that where promised last year when steemit had a crap ton of money...

See my answer to @videosteemit in regards to the 'why'. To elaborate a little more, the engineering resources dedicated to front-end development are generally not the same resources dedicated to blockchain development. Multiple teams often work on different projects at the same time.

Thanks justin

Posted using Partiko Android

🤣

Posted using Partiko iOS

I don't understand the point either. Especially since I have to log in to the wallet with a posting key. Perhaps I should just give it time. Will steemit get 2fa authentication?

I am having issues because Steemit wont let me login with a master key and neither will the wallet.

I am having a hard time getting a straight answer. Am I to understand that now the ONLY place your master key will work is that keychain chrome addon? Because neither Steemit nor the Wallet site is allowing login with the master key. @steemitblog

For most users, their password wont work.

I also don't like how sometimes it will forward you and let you login,

but sometimes it wont and just gives you this pink error message.

Wonderful work !

Thanks a million

Alright. We're on our way, people! Wonder how many people will lose their keys as a consequence of having not logged in in eons.

And it is this also a preparation to add more features to the wallet when it comes to the SMT?

Posted using Partiko Android

Good question

Even by the intro they have on the page... With the small graphic in there I think that is the main reason for this. 😉

Posted using Partiko Android

No, but by separating out the wallet we should be able to add wallet-specific features to that application at a faster rate, including SMT related features. So while I don't want to mislead and say that SMTs are THE reason for this, it is probably true that this change will be extremely helpful with respect to incorporating SMTs once they're released. Great question Sergio!

Eheheh 😉 that little graffic on the login page there says it all 👍👍👍 but it is great news anyway ❤️

Posted using Partiko Android

Wallet app looks cool, I tried it out... For those wondering what to expect, picture just the wallet and settings tabs + a few detailed paragraphs about the keys.

Posted using Partiko iOS

Seems like you're getting more nimble. That is great!

Thanks!

I definitely think so!

The separation remains the best for a better and stronger experience! Just like our brother @justinw pointed out in his reply to a question;

Since condenser (the software that powers steemit.com) will soon not have a need to handle high value keys it will be much easier to add new features to the social media side (steemit.com) without as much security review. This means it will also be much easier to merge in desired community contributions.

Thanks @steemitblog for the update. Its a milestone covered!

Posted using Partiko iOS

Can a new user go for just the Wallet app and not use steemit.com? Does it mean onboarding investors will become easier and instant?

Yes and time will tell :)

So I need to back up all my secondary keys now, is what you are telling me.

Posted using Partiko Android

I just visited the site and looks very familiar (not surprised since that's the intention). So people familiar with navigating steemit won't have trouble finding their way.

I clicked some links and it went to expected pages. So user experience wise, I think you've done as planned. The real UX I believe will be the integration between steemit.com and wallet if the UX will still be seamless as what it is now. So for those few areas I clicked, nothing changed as expected.

Posted using Partiko Android

Great, thanks for testing it out. That's super helpful!

I just gave it a try, I like the idea of this split since most of the users are concerned about the security of their tokens all the time.

I also noticed that it's faster as a separate app. Well done Steemit team. Kudos!

I like it! I wonder if you could add support for managing delegations to the wallet app.

This is what we are waiting for so far.
It's gonna make a huge impact. Good job for all the steemian!

A wonderful step in order to move forward. I would really like to translate your article into Arabic if you have no objection

I like the description about the different roles of your private keys.
Very beginner friendly which is good!

Adding 2fa authentication would make this project seem purposeful.

The GUI and interface must be something differemt from original steemit one.

Posted using Partiko Android

Take a tip from whaleshares and make it actually useful by showing vote weight and value.

Great work Steemit Team!

I hate changes but if it is for the greater good with regards to getting things done in a more fluid way then Okay @steemitblog

Why does it need my posting key to simply log in if I'm not doing any wallet writes?

You can now login with any key. One of the most common actions that will be performed in the wallet (claim rewards) only requires a posting key.

While it is true that the wallet could exist without any 'login' feature at all and simply prompt for the required key for an action, we believe that something like this would be more confusing to average users.

Keep in mind this is designed to be a replacement for the existing wallet in condenser, and the two separate apps should feel seamless when used together.

Thanks for the feedback @sneak

Selection_999(997).png

It would be good to emphasize the fact, that memo key (especially private memo key) should not be put into memo while making transfers from/to exchange - very common mistake of newbies.

Thanks for the feedback @noisy - that is a good point.

Just in case you heave the ear of the right people. An important development would be for the poster to have final say which comments remain on his page.

Just look at how annoying your page, below, has become with all those stupid popcorn gifs! We need a bazooka to blow them to smithereens - and then also, there will be no need for flagging, since any comment remaining on the page it is implied has permission to remain. If it is not your page or post, why should you (the peeps below) have the right to say who is allowed on our pages?

^flag
!gif popcorn
@popcornexpress

^flag
!gif popcorn
@popcornexpress

^flag
!gif popcorn
@popcornexpress

^flag
!gif popcorn
@popcornexpress

^flag
!gif popcorn
@popcornexpress

^flag
!gif popcorn
@popcornexpress

^flag
!gif popcorn
@popcornexpress

^flag
!gif popcorn
@popcornexpress

^flag
!gif popcorn
@popcornexpress

^flag
!gif popcorn
@popcornexpress

^flag
!gif popcorn
@popcornexpress

^flag
!gif popcorn
@popcornexpress

^flag
!gif popcorn
@popcornexpress

^flag
!gif popcorn
@popcornexpress

^flag
!gif popcorn
@popcornexpress

^flag
!gif popcorn
@popcornexpress

^flag
!gif popcorn
@popcornexpress