While I applaud the development effort, I’m wondering why this is actually necessary.
You can currently send messages to anyone. You can encrypt those messages. You can receive and read those messages. They already require keys and a minimal 0.001 fee.
Why would anyone need to use this specific “Steem Messenger?” It has all of the same required functions as current wallet transfers...but does not improve the messaging system. It’s pretty much exactly the same, except you would now use another third-party app.
Am I missing something here?
Because it's a pain in the ... to use the Wallet transfers. The memo key isn't saved, because most users log in via their posting key and this results in encrypted messages not being automatically decrypted and encryption not working without a login with your memo-key.
And even if you login with your memo key to read those messages & encrypt - you still have to enter your active key afterwards.
So yes - I used the wallet in the past and it works, but it is simply too complicated, waste of time and insecure entering the keys so often.
Nevertheless, I appreciate your comment!
It’s really no more complicated or time consuming than logging into a third-party service and using it to send a message. And the security issue remains to be seen. I actually feel pretty secure not having my keys saved and only needing to use them when they’re necessary.
I use the existing wallet transfer functions all the time with no issues. Is this new service mainly for noobs? People who don’t know the simple features/functions of the current Steem wallet?
What do you mean with third-party-service?
You got to have them saved somewhere - otherwise how do you use them?
Your software is a "third-party service" (But so is Steemit, Busy and any other front-end, since the blockchain cannot be accessed without the use of such implementations).
I think that by this he meant easily accessible and always "active" (like when you use your browser's password manager to automatically input your password regardless of the user, and using cookies to keep the password wif logged in your session).
But with proper safety measures, this messenger would not be a security risk, I believe, and would instead make it much faster and safer to send and read transactions (especially if real-time notifs were enabled in the future).
The security aspects in general for the issue of typing versus storing, it can be secure enough considering the developer did use the appropriate encryption apis, selected the correct ciphers and use a sensitive / aggressive interation count on a key derivation function (KDF).
This proctects against phshing, if correctly implemented.
Also notice I'm not vetting this project, just expressing that is more or less the same about the cryptographycally-soundness, but on the phishing part, a definitive more secure apprach.
I'm on the final rounds of a new wallet development, and I'll publish a doc on how I've secure the keys, using a 6 digit pin code which is resistent to phishing, rainbow tables and other aspects.
The security of the secret-key exchange used by steem is another debate.
I honestly believe on a off-chain approach for the encrypted messages to live. storing numerous and numerous encrypted messages, potentially with the same content possible opens some window to crypto-analysis, but, the end result is not catastrophic, the worse case scenario, a given individual would be able to read encrypted messages.
Glad to extend this conversation further when possible.
Congrats @therealwolf on the project!
Hello @hernandev ! Maybe you'll want to check out the REAL Steem Messenger project, which is actually off chain based : https://steemit.com/utopian-io/@kingswisdom/steem-messenger-v0-0-3-private-beta-session-image-encryption-and-many-more
We work with a unique security protocol that i'll be unveiling this weekend ! Stay tuned for more infos on this !
Upvoted for visibility - it's bullshit when people steal names. I have no doubt the product is cool and well built...but for fucks sake be original people. Besides, I think off-chain solutions are better for this. Why force the chain to work this hard?
Well both these apps are pretty close together and Beta. Not like one has been out for 12 months haha
I think is a great idea
Hello @ats-david ! I agree with you, this application is just a better graphical UI to the steem wallet. We still need to give our active key in order to just send messages, which puts our account at risk.
In addition, this is not the real Steem Messenger. Here is the REAL Steem Messenger project : https://steemit.com/utopian-io/@kingswisdom/steem-messenger-v0-0-3-private-beta-session-image-encryption-and-many-more
It is off chain, does not require your active permission, nor to access to your funds, it is scalable at ease, and truly unique by design.
I will unveil the security protocol used in Steem Messenger (the real one) this weekend. Stay tuned for more info on this.
Not to mention private messages were already introduced around the start of Steemit. The name of this invention is called steemit.chat.
I faced that problem sometimes too. You don't know who is authentic and who is not. Anyone can use any name on steemit.chat.
My name on Chat is the same as heerre. Plus, you can verify me on Keybase as well.
The goal never was to replace steem.chat. Rather to give an easy way to initiate contact and send messages via the blockchain and if needed afterwards - switching to other plattforms (steem.chat, discord) is always possible.
It's always good to have an alternate platform to steemit chat. As it has been down a lot of times in the last year.
And a lot of users are not on discord.
I was waiting for some service like yours for a long time. If this one works properly, I will not use discord and chat anymore!
how about the delays between sending a paid memo?
Steem creates a new block every 3 seconds
How can I encrypt my Memo? I couldn't figure out it yet.
This seems really interesting. Looking forward to seeing how it develops, will certainly give it a test.
Looking forward to seeing how my comment develops? How will you test it?
It's so that you can use a dedicated application that isn't cluttered with the rest of the functionality. I like my chat applications dedicated to preserve my sanity.