One thing that has bothered me since I started using Steem over a year ago, is that every single web app requires you to enter your private key into the website to use it.
The common response to that is that it's not a big deal because most sites only require your posting key, but I disagree. Sure you and I may know how to use our posting key but I'm guessing that a vast majority of Steem users just use their master password.
As a blockchain platform trying to cater more to the general public I don't think it's ok to put the burden of understanding the different keys and levels of security on the users. The tools and services should be built such that security is the default.
Additionally, most web apps built on Steem use Steem Connect, which requires you to put your active key into their website and then uses that to grant posting authority on your account to an account they control.
What I commonly hear regarding steemit.com or Steem Connect is that it's ok to put your active key into those sites because they are run by Steemit, Inc. Even if I were to fully trust Steemit, Inc not to purposely steal my keys, anyone can be hacked. If the servers hosting steemit.com or Steem Connect were hacked, I expect that thousands of keys would be stolen, and accounts would be emptied of liquid funds, within a very short period of time.
The last, and final option, is to use the Vessel desktop wallet software. This is actually a great option from a security standpoint, but from an ease of use standpoint it's not great, and I find it very unlikely that all but a small group of power users will use it.
So, for a long time I just accepted that that's the way Steem is, until one day when I actually used an Ethereum dApp. Despite it being slow and costing fees, I noticed that at no point did I have to enter my wallet private key into the website. The website simply called the Metamask browser extension to sign and broadcast the transactions for it.
Once I realized this, I couldn't understand why on earth there wasn't something like Metamask for Steem. Not only would it completely resolve the issue of having to put private keys into websites, but there's also so much more you could do with it on Steem than on Ethereum (seeing as Steem is specifically built for websites to interact with it).
At this point I was already knee deep in Steem Monsters, but I felt that this was an absolute necessity for the Steem platform so I talked about it with @aggroed. He agreed that this was an important project and wanted to help make it reality. Since I didn't have time to build it myself, we decided that Steem Monsters should fund its development.
So Aggroed and I got to work writing up specs for the extension, what features it should have, creating wireframe designs, etc. Then we got the amazing @nateaguila to do the graphics and UI design, and finally got Mr. Steem Plus himself, @stoodkev to do the bulk of the development.
Introducing the Steem Keychain Chrome Browser Extension
Finally, the Steem Keychain Chrome browser extension was born! I have been using it actively while it has been in development for the last couple of months, along with Aggroed and some other people we brought in to help test it, and I can say with some certainty that this will change the way you interact on the Steem blockchain.
Take a look at the following video to see what I mean:
Using the extension I was able to easily view info and make transactions from multiple accounts, and interact with the Steem Monsters web app without ever compromising any of my keys!
Currently Steem Monsters and Peak Monsters support the Steem Keychain extension, and Steem Peak is working on adding support as well. My hope is that one day all Steem-based sites, dare I say even steemit.com, will support the extension as well, and the days of putting keys into websites will be over.
Current Features
The Steem Keychain extension currently includes the following features:
- Store an unlimited number of Steem account keys, encrypted with AES
- Easily view balances, transaction history, voting mana, and resource credits for all of your accounts
- Send STEEM and SBD transfers right from the extension
- Securely interact with Steem-based websites that have integrated with Steem Keychain
- Manage transaction confirmation preferences by account and by website
- Manage automatic lock settings to lock when the browser is closed, the device is locked, or after the browser is idle for a specified period of time
Website Integration Features
Websites can currently request the Steem Keychain extension to perform the following functions / broadcast operations (note that by default, users will have to confirm any transactions requested by a website, but they have the option to turn off the confirmations for specific operations and websites as desired):
- Send a handshake to make sure the extension is installed and running
- Decrypt a message encrypted by a Steem account private key (commonly used for "logging in")
- Post a comment (top level or reply) including a "comment_options" transaction for beneficiaries
- Broadcast a vote
- Broadcast a custom JSON operation
- Send a transfer
- Broadcast a delegation operation
New Features Coming Soon™
- Power up / down
- Manage delegations
- Manage witness votes
- Claim pending reward balances
- Support for Firefox and other browsers
Integrating with Steem Keychain
The code for the extension is all open source and available on Github here: https://github.com/MattyIce/steem-keychain
The readme contains instructions for Steem-based websites to integrate with the extension. If you need any help or have any questions / suggestions for integrating Steem Keychain into your site, please feel free to contact @yabapmatt or @stoodkev on Discord.
The Broader Mission
As you probably know, @aggroed, @stoodkev, and myself are Steem Witnesses. I can only speak for myself here, but I suspect that both @aggroed and @stoodkev have very similar thoughts and goals.
Beyond the standard work that witnesses are expected to do (which was brought into the forefront recently with the HF20 release), I think that each witness should have an overall goal, or mission, for the future of the Steem blockchain that they are primarily working towards.
For me, that mission is bringing more and varied apps to the Steem blockchain. I plan to go into this in more detail in my next witness update post, for which I am long overdue, but I am mentioning it here because I feel that the Steem Keychain extension is a critical component to that mission.
I am talking with some Ethereum app developers who are considering porting their apps to Steem, and they told me that almost all of their users use Metamask to interact with their apps and they were surprised to hear that Steem doesn't have something similar. Well now it does.
If you also support this mission, I ask that you consider voting for myself, @aggroed, and @stoodkev as Steem witness (and also support @nateaguila's posts as he is a talented and valuable contributor to this project and the Steem platform as a whole).
In Conclusion
Please keep in mind that this is a first version of a brand new product. There will likely be some bugs or other issues that we didn't catch during testing. We welcome help and constructive feedback from the community to improve the product and work to achieve the stated goal of completely eliminating the need to put private keys into websites.
In case you missed it, here is the direct link to download and install the extension in Chrome: https://chrome.google.com/webstore/detail/steem-keychain/lkcjlnjfpbikmcmbachjpdbijejflpcm We would also appreciate you taking the time to rate the app in the Chrome web store to help increase its visibility in searches.
Be free and Steem on!
@yabapmatt
So, would you recommend generating new passes since steem-connect and steemit Inc. server hold our keys on their servers? Thus generating new passes would allow greater safety since even if steem connect and steemit inc get hacked, it wouldn't matter. Thus making the keychain more effective.
Also, does send work with #privacy send?
I'm pretty sure that they do not store keys and only give a specific account a authentification to post under your name, even if they get hacked, nothing should happen, if you remove authentificated accounts. Of course, if hacked, it could be used to phish newly entered keys.
Yes, that's what I thought. Thanks for the confirm.
Definitely, but where will you post from? Steem and Busy haven't implemented this extension yet. When you find a place to post from and do operations from that accepts the plugin, then reset the passwords.
Posted using Partiko Android
I believe they will be implenting the key integration soon.
It would make sense, but at least Steemit isn't known for quick adjustments. However, since they're open source, I would as well expect for people to propose the changes by themselves. Do you have information regarding the current development status?
I think @yabapmatt has the most details on such updates. If you follow him or @aggroed, his partner; news of new updates should be coming out.
Thank you for your work on this and I sure appreciate that it offers a faster and simpler option. I'm not technical, so I don't understand a lot of these things, but my understanding is that browser extensions are not really that secure either. I've always been told it is kind of sketchy to use your password with an extension. Am I wrong there?
This is an important conversation so thank you for bringing it up. As far as I know the security concerns around browser extensions primarily come from fake extensions being listed in the stores that impersonate real ones to steal keys. As long as you are careful to only install and use the legitimate version at the link i shared above there should be no security concern.
I think the fact that Metamask has been widely used for storing Ethereum private keys for a long time now shows that browser extensions can be a secure and user-friendly way to transact on blockchains, and we have built Steem Keychain to work as similarly to Metamask as possible.
With extensions you are placing a large amount of trust in the developer and the codebase. For example, the extension requires permission to:
Hence, a malicious developer could not only steal your Steem credentials but possibly even other types of personal content.
I happen to know @yabapmatt is not malicious. However, there is still the possibility that his account gets hacked and a malicious version of the extension is released to the Chrome store. I'm not sure how common this type of attack is and what sort of screening extensions undergo to prevent this.
So in summary, browser extensions can be secure, as if implemented properly they perform all sensitive tasks client-side, which is good, but also can easily leak sensitive data should they be poorly engineered or created/hijacked by an attacker. Please add to my understanding if it's incomplete.
You have a ability to download the extension to your harddrive and tell Chrome to load it locally. Your copy of the extension would then be updated only when you update the code manually
And how do you download the extension to local HD?
Hi @haejin
The following instructions have been written for a Mac computer, but for a Windows computer, it's very similar:
Documents/steem-keychain-master
chrome://extensions
Documents
steem-keychain-master
To upgrade you will have to download and unzip again and overwrite the files on your local harddrive then go back to
chrome://extensions
and click the circular arrow icon to reload the extension. Verify its version number to confirm the upgrade.This is what Chrome extension developers do to test their extensions before uploading it to the Chrome Web Store.
Thanks! Very helpful!
Would an upgrade wipe out prior entered keys?
If one had used steemconnect or entered keys via cop paste in the past, should new keys be generated for the Key Chain; in the event steemconnect or steemit inc. get hacked?
Do you develop chrome extensions?
Posted using Partiko Android
I do occasionally
I wanna :D
SoonTM
All good, valid points. There's really no situation where it's completely impossible for keys to ever get stolen. I will say that the extension purposely never stores the owner key or master password for accounts, so if there were to ever be a hack, while that would certainly be bad as active keys and liquid funds could be stolen, it's a much easier situation to recover from since you can just change your keys and not have to go through the account recovery process.
I believe this is still more secure than the system being used now where if any of the sites into which people are putting their keys are hacked, many master passwords will be stolen.
Much more secure indeed in this era of middlemen. I just wish browsers had a much heavier emphasis on security in order to facilitate these tasks with the biggest convenience:security ratio.
Posted using Partiko Android
You are completely right. The safest way is compiling the extension yourself as has been explained elsewhere on this thread.
Posted using Partiko Android
Will it also be used for SMTs like metamask allows for erc20 tokens?
Posted using Partiko Android
Absolutely!
Same worries for me, i wonder if other extensions can see what you are doing if you granted them permissions like "Read all actions, websites, etc.."
Posted using Partiko Android
They definitely can. That's why you have to limit your extension usage and use only trusted and essential ones.
Posted using Partiko Android
The risk exists, indeed, no matter how small. Safest is to make an effort with your own security measures, but this extension sure is more secure than most things we normally use and makes it mal very easy and convenient.
Posted using Partiko Android
We look forward to implementing keychain on https://steempeak.com we are big believers in it.
PEAKMONSTERS USAGE
Our partner site https://peakmonsters.com has already been using Keychain for over a month now and it's been a raging success. Specially with people who buy cards frequently it makes it much easier and we believe much safer. (unless you often walk away from your laptop in public places)
Steempeak is really becoming the most dynamic STEEM UI out there, power on!
@jongolson, if you catch this, please consider mentioning Steempeak in a Savvy if you haven't already (I have not unlocked all videos yet -- which is another issue for testing, but more on that later).
Why Steem UI? I can't use normal Steem from there. Though the cards are based on Steem. 🤔
Posted using Partiko Android
Ah, perhaps you're confusing peakmonsters.com with steempeak.com itself? Steempeak is used for blogging. The most dynamic STEEM UI "for blogging" is what I should have said :)
for sure. it’s planned absolutely. i just don’t have a working knowledge of it yet. but will be diving in much more. thanks for the recommendation
Posted using Partiko iOS
I just reviewed @steempeak in detail and really loved it. Someone really put a lot of effort in this project but it still seems undervalued. It would be really nice addition if you add this keychain on it and thus give users almost a perfect experience. Good luck!
Love hearing that!
I want all projects to use this key chain!
Posted using Partiko Android
GREATTTTTTTT, Nice. Thanks
great news!
I always thought that Steempeak was an alternate frontend for Steem monsters. Do they have different origins or are they branches of the same thing?
Posted using Partiko Android
https://steempeak.com = an interface/frontend for steem.
https://peakmonsters.com = A bulk Market for SteemMonsters with some other data insights
Would there be a way to auto populate the plugin data after account registration? This would make it really easy for normies to get plugged into the steem blockchain without even touching a key lol. Just show them a page to print their keys.
That is a fantastic idea!
😉
Awesome, though this might worry some people about the safety of their usage because they will see that websites and extensions are not isolated but can take from each other without explicit authorisation.
Posted using Partiko Android
What kind of things do you invent, Mr inventor?
Posted using Partiko Android
Hey, guys, it's really cool that you developed this extension. So far I've always stored everything as a custom text field in my password store, but it never worked that way.
However, it would be very cool if you could release it as your own Firefox extension. There is Chrome Store Foxified, but I don't trust it that much.
Thxalot,
JanSe
Aaaaaa I always do the same! I open a Keepass document and the custom description has my posting and active and memo and owner keys.
Posted using Partiko Android
I'm also curious to know if the extension will be available on Firefox as well?
Great dev and contributions though, thank you @yabapmatt, @aggroed, @stoodkev and @nateaguila, fantastic work!
Cheers
I'm sure it will come but much later.
Posted using Partiko Android
Yabapmatt, for sure 100% fantastic but i have a fear with these extensions. Is there any possibility that another extension can see what you are doing? Some of them are granted "Read all actions, websites, etc.?". As a developper, can you tell us it is 100% safe?
Posted using Partiko Android
This is actually yet another reason why using an extension to store your keys is better than putting them into websites. As far as I know extensions cannot access any data stored by other extensions, but they can access data on websites, as you pointed out. So if you copy/paste your key into a website like steemit.com or Steem Connect, then a malicious extension could steal it, but a malicious extension cannot steal it from the Steem Keychain extension.
I get it, so true! Gratefull thanks for replying. We still have to be carefull off course, another extension could do phishing, mimic same behaviour and one step up in the OS hierarchy, any process can read all our keystrokes but yes, it is better than anyhing we have now and difficult to do better, thumbs up @yabapmatt, thanks, thanks, thanks!
Posted using Partiko Android
Yes, phishing is always the biggest problem, so you must always be very careful about that!
Great addition. Still. I trust my savings wallet more then anything. 😀 goes and hides more stuff there
Maybe we need some instruction on how to download for the non-technical steemians.
Open Chrome
Click this link: https://chrome.google.com/webstore/detail/steem-keychain/lkcjlnjfpbikmcmbachjpdbijejflpcm
click install
Shows up as a little keychain icon in the top right. Click the icon to use it.
It will ask for master password to get your other keys but doesn't store the master password.
Thank you very much.
This will be of a great help to many steemians.
I don't trust Google stuff. Is there a way of using it on Tor browser?
Really great work here @yabapmatt. Thank you
I remember you and aggroed mentioning the wallet months ago on the msp show. Glad to see it has been tested and ready for use! Only downside for me, now I have to use Chrome 😕 .
Thank you (and team) for this awesome feature. The few seconds spent looking for passwords can now be better utilized battling. ;) In all seriousness, you've spent an incredible amount of time developing and in this case, writing out the specs for Steem Keychain.
Having spent countless hours reading and writing simple technical specs myself at work, I can attest that it takes considerable time to write down all the details so others would be able to understand. So thank you for gathering the methodology so it can be coded into this finished product.
You can also use Chromium, which is completely open source. Chrome contains some proprietary add-ons, but nothing I've found that I actually use.
Will this work with the Brave browser? I think that's the one we should all be using eventually
Apparently in the current version of Brave installing Chrome extensions is a bit wonky but this should improve with the upcoming Brave 1.0 release. More info in this Reddit post.
If you use adapters you have to trust the adapter too, not only the original application. If it's independent, sometimes cross platform opens the doors to vulnerabilities. You should be careful and use things in their intended environments unless you understand the technicalities of each change.
Posted using Partiko Android
I concur.
I occur.
Posted using Partiko Android
Why do you think we'll have to use that browser in the future?
Posted using Partiko Android
We won't have to use it but I'd rather use a browser that can reward content producers and pays me for use of my data.
Posted using Partiko Android
Issue is more laziness with having to re-bookmark and install ad blocker, etc. :)
I should be moving over to chrome or chromium anyway since my GTM web sessions never want to work on firefox. Steem Keychain is a good reason to take that step. Thanks @dhimmel! I'll take a look at Chromium.
What is gtm?
Posted using Partiko Android
oh, the GoToMeeting online software. We use it for conference calls and screen sharing, but it doesn't want to connect on my firefox when I work from home. It's fine with chrome though, so all the more reasons to switch.
Is it better than Skype and Discord or is it just used because of corporate convention?
The corps I've been with use GTM and WebEx for online meetings. It's convenient for sharing your screen with others, especially for a training or tutorial session.
Discord and Skype is more catered for social media; DM, voice chats, video chat, but I don't think it supports screen sharing. Some companies use skype internally to communicate with each other, but when it's a conference call with third-parties, I mainly see GTM or WebEx being used.
Hmmmm. I haven't seen a reason to switch. Is Chromium any better in any respect? It still requires a Google account to sync and things like that, so it's still very dependent on proprietary services.
Posted using Partiko Android
I switched to Chrome a while ago and I really like it. The hardest part wasn't my bookmarks because they synced. It was getting accustomed to things being in different places and behaving in unexpected ways. But now I'm accustomed so everything is fine.
I love that memory in use is better compartmentalised, so if you close a tab, you recover the ram allocated to it. Firefox is much more wasteful with your resources.
Posted using Partiko Android
I used both Chrome and Firefox years ago but can't remember why I stuck with firefox. Thanks for the input. I haven't had a chance to move over yet but it is on my list!
I've always been switching because both are really great! I preferred Firefox a few months ago because it was much lighter than Chrome, but then it started being slower, so I switched to the then-faster Chrome, and now it's the inverse. I don't know. Software is crazy sometimes.
I think that was likely my reasoning too. I remember it was chrome that was faster, then it became mozilla. Now who knows; I don't have the time to surf as I used to before. Definitely crazy softwares!
Hi, I wrote a post a week or so ago on how losing between 0-100% of curation rewards to the pool when you upvote a comment within the 15 minute window is an annoyance if you want to upvote comments in a live comment thread. Very often, I write something and get a reply back almost immediately (or in a time much, much shorter than 15 minutes). I'm big on monetizing engagement. But under the current rules, my upvoting immediately means my rewards go back to the pool instead of my conversation partner. That sucks but is easily remedied with 15 minute or so delay in broadcasting upvotes on a comment. Too often I forget to come back to upvote comments in conversations that I've had. It's also annoying to to have to wait and go back to a conversation to upvote. It's even more annoying to effectively lose part of your SP by upvoting immediately.
If websites are to integrate the Steem Keychain in such a way as to have it not only sign transactions but broadcast them on their behalf, I wonder if it would be a good idea to implement an optional 15-minute delay on Steem Keychain?
Wow so immediately upvoting a comment is essentially nothing but a waste of voting power?
Seems like a great UI feature would then be to have a time slider on the upvote menu in addition to the power slider. Therefore, I could upvote at 55% power in 13 minutes.
It's only the curation reward portion that gets burned (max 25% of the vote value if the vote is immediate). The other 75% still goes to the author as intended.
Will we be able to do custom transactions directly from the extension? I want do operations without middlemen. Steem-plus takes 5% mandatory beneficiaries if you launch beneficiaries from their extension. I want to create a more flexible tool but if you're doing it in your extension I can calm down about that.
Posted using Partiko Android
It's a waste of curation rewards. Let's say you exchange comments with someone and upvote each other's comments immediately. Before HF20, neither of you would get curation rewards for the comments because the author (your conversation partner) would get them. Now the curation rewards go back to the pool. Neither you nor your conversation partner get any curation rewards. Easily fixed with no hardfork by delaying the broadcasting of the upvote by 15 minutes, in which case the upvoter gets all the curation rewards.
Seems strange to implement that, dunno why you want people to burn things for voting too early. Is this explained somewhere?
Posted using Partiko Android
Before HF20, many authors would upvote their own posts immediately in order to minimize the curators' cut. Now that curation rewards from early upvoting go back to the pool instead of the author, immediate self-upvoting has become a loss-making strategy.
Posted using Partiko Android
Hmm, I now vote at 12min because most of the votes start coming at 13min. Am I breaking something? 😭
Posted using Partiko Android
You're doing the right thing by frontrunning at 12 min if what you're frontrunning is big.
Posted using Partiko Android
It's my understanding that SteemConnect is just as trustworthy as your keychain. The point of it being a website is that it's accessible across all devices and operating systems. My understanding of SteemConnect is that they never see your private key. They use your key to create a permission token on your device.
And what happens if the contract is meant to steal your money? We can't really vet any of those transactions that pop up for legitimacy. We just trust that they do what the website told us they would do.
When it really comes down to it one has to trust the code. We expect that if the code is malicious a white hat will whistle-blow on it.
I would really love to be corrected about SteemConnect or why this service provides more security. In the link above I concluded that a browser extension would be a great way to provide the illusion of security...
However, why did you make your own product when you could have just extended SteemConnect into a browser extension? It's all open-source.
It is true that SteemConnect never sees your key as it is currently built, but since you are entering your key into a site served by them, they have access to see your key and could see it if, say, someone hacked their server and modified it to do that, or if a malicious site posed as steem connect in a phishing attempt. With the browser extension websites will never get access to your keys in any way, so even if you visit a malicious site or a legitimate site gets hacked, they will never be able to get your keys.
That's the difference. It's not perfect, and it doesn't mean that you don't still need to be careful with your keys and what transactions you sign. But in my opinion it is a significant improvement over SteemConnect when using a browser that supports it (only Chrome and Brave right now but more to come).
As far as extending SteemConnect to an extension, that's not as simple as you have made it sound. They are very different products built to do very different things. I believe it was the right call to build this extension from scratch to do what we wanted it to do rather than try to modify SC to do something it wasn't built for.
Thanks for explaining it to me! It's nice to see someone literally introduce a solution to the problem at the same time that I brought it up... lol. Nice work!
This is a nice idea and good implementation. It's even asthetically pleasing.
The only thing I worry about with applications like this, is it requires me to trust you (not that I don't). At any time you could release an update and acquire people's keys could you not? You state your issue with that concept with regards to steemconnect etc, and it's a legit gripe. Keeping the keys local, and accessing through the browser is better, but does it really solve the trust issue?
Well if you are concerned about that (which is a legitimate concern) you can always download the extension code from the Github repo and just install it locally rather than getting it from the chrome web store. That is definitely not an option with Steem Connect!
Touche!
Distrust is the building block of society.
Posted using Partiko Android
It certainly inspires progress
That's great.
Next step would be hardware steem keystores I believe.
Finally publicly released :)
That's an awesome tool guys!
I can see in the source code that the tool is tied to https://api.steemit.com, are you guys planning on adding a way to plug it into the testnets and more generally to the other full nodes? (like metamask, a simple dropdown list)
Ah yes, I totally forgot to add that in the list of future features. Definitely want to allow users to choose the node it connects to. Also want to add support for additional tokens and sidechains which i've heard some awesome developers are working on :-P
Awesome :)
Seems like password restriction will make people forget their password unless they write it down.
Thisssssssss, I logged in just to agree. I use passphrases and more memorable passwords! I don't need upper case or special characters when I have a 30 character long passphrase.
Posted using Partiko Android
hello @transisto can you please tell me why are you boosting this shit with a big amount? https://steemit.com/funny/@steem.lol/elizabeth-pokahontas-warren
Great tool, resteemed :-)
I resteemed your comment 🐼🐼🐼🐼🐼🐼🐼🐼🐼🐼🐼🐼☺️☺️☺️☺️☺️☺️☺️☺️☺️☺️☺️☺️☺️☺️☺️😜😜😜😜😜😜🚷🚫🚸⛔🛄🛅
Posted using Partiko Android
It's not possible to resteem comments :-)
I mean, for real, a 50000 SP flag because you didn't like my bad joke 😓😓😓😓😓😓😓😓😓
Posted using Partiko Android
OMGGGG I thought it was obvious I was making a joke. I wouldn't expect anyone to believe that. Such a big vote wasted in vain :(
Posted using Partiko Android
Flag removed, was a joke :-)
I've been using metemask for eth for over a year... I'm applauding right now, this is just fantastic... I'm going to download this right now and maybe even write some thoughts on it too... Thank you Matt for busting your butt to make this blockchain a better place .. and thank you Aggy for your contributions
Posted using Partiko Android
I only use it for an airdrop.
Posted using Partiko Android
Great work, and great work gets voted for!
How do you do great work to get votes? Can I do work and say its great in the title and it becomes great?
Posted using Partiko Android
Nice work, but i would like to use my password. if i have to remember another obscure one, its a :( for me
Perhaps in future releases?
Halp sir, wen firefox?
Ask @stoodkev :-P
When moon
Posted using Partiko Android
A little late to the party, but I really appreciate this tool. Hopefully the other browsers will be supported soon! Relegating folks to Chrome is understandable, but still a bummer.
How about making it a desktop app like Scatter has done? Better yet, get with Nathan James and integrate them somehow?
I've supported @aggroed with my witness since he got started. Thanks for highlighting your work here, as well as @stoodkev. Both of you were just added.
We'd like to use something like this and Scatter for subscription services on @TIMM and @Scripsio. It's easier said than done.
Man this is awesome and very much needed. I hate giving out my password. With all the security leaks across social network sites one can never be too careful.
Thanks for your teams hard work and its nice to see some of the profits of steem monsters going back into the steemit/steem ecosystem.
This is what I find so lovely about this. They earn and then make an effort to make the platform grow. Not like others that just line their pockets and isolate themselves in their little moneyhuts.
Posted using Partiko Android
What you say is so true! I had been using Steem for many months before realising that I shouldn't be using my master key! And I'm quite tech savvy and pretty careful about internet security!
This is a crucial development not just for Steem but for the cryptocosm in general (see George Gilder's Life After Google)
Steem has an excellent key heirarchy of posting, active and master keys but they weren't being used properly by most users.
Please add a Brave plugin ASAP.
It's the fault of the frontends. They promote this behaviour. The focus needs to be changed and they need to forbid master passwords and require active keys.
Posted using Partiko Android
Minnowbooster.net will support Steem Keychain very soon TM!
Do. You represent minnowbooster?
Posted using Partiko Android
Yes I do represent Minnowbooster.
Very awesome and useful! Upvoted!!
This is one of these things that you never think about and then don't want to miss it as soon as you start using it. Awesome work!
Exactlyyy, that's how I feel. I didn't know I needed it until I saw this post. So cool.
Posted using Partiko Android
Excellent job @aggroed, @yabapmatt and @stoodkev! Installed it and it looks good.
You've made the Steemit Minute for today! Congrats!
Check out the Video Here: https://steemit.com/news/@reseller/ugj8oggd
Very Great Job. I will looking forward to.
I will look forward to too.
Posted using Partiko Android
😎💪🏼🙌🏼
good contributiion
I've been using it for a month now, and it's made the experience so much more streamlined and enjoyable. The extra peace of mind is incredible too.
Huge shoutout to the devs on this. Highly recommend.
Can you use this with Steemit already? And Busy?
Posted using Partiko Android
No, not yet, but I know a lot of dapps will be interested. Peakmonsters and Steemmonsters are the only ones I know of so far.
I have been using keychain for the past couple days and it is awesome
Sir, Is it safe to hold Steem in the form of SBD in our steemit accounts
Very useful project in good design! - Hier gibt es eine deutsche Übersetzung: https://steemit.com/deutsch/@zeitspringer/metamask-fuer-steem-wie-verwalte-ich-meine-steem-wallet
Absolutely brilliant work, again, Matt!
Posted using Partiko Android
Freakin Sweet dude!! Nice, clean and navigatable GUI. Shucks Yeah!
You be steady producind killer tools and utilities.
Thank you for your time.
Great job guys, congrats.
Dope
Matt this is awesome! You all did a terrific job and I love how you identified a problem and found a solution (especially when it comes to making it easier for the less complex people like me)... That is the kind of mind we need to add to all problems here on Steemit, and its exactly why I vote for you as a witness. You care about our experience and it shows in everything you do!!!
Any chance it can be checked to work with Firefox. In this mobile first era that would be a massive step forward since many people, especially in development nations, don't have a desktop anymore.
Posted using Steeve
Wow, who wouldn't wana try this out? Its an exciting introduction to the steemjet blochain to me and I bet that in no time a lot of people would embrace this.
As for the bugs, they should ve expected. But from the feed backs u would be getting from the users, you Wil be able to fix them all in no time.
Keep it up boss...
Wow, this is incredible. You may or may not believe this, but I was looking for a better solution for entering keys just yesterday, it's almost like you read my mind! But as you said, it's a common concern for everyone!
I'm not sure if this is possible as I'm not the best at technology lol, but would there be a way to integrate a maximum amount for transfers per day given the key that you entered? I'm not sure if that's something that has to be integrated on the private key level or not, but it would be cool if you could set some sort of limit in case of unwanted use/access.
Thank you for doing this!
For someone who's not the best at technology, you can sure build a team.
haha! Yeah, I've spent hours and hours playing SM and studying the abilities and playing matches to figure that stuff out!!! Thanks ;)
Wow this is nothing short of revolutionary for the blockchain! Hopefully we see integration happen with a lot of sites!
Thanks for posting this. You have received a Preemptive Strike by one of our simulcasters, @johnspalding.
This post will be featured on our next LIVE broadcast. Typically we broadcast on Tuesdays at 9:30pm EST on the @vimm streaming platform. Check it out and come online if you are available.
Amazing, this is just a passage to steem and every other dapps built on it. It is handful and a secure means to hide your passwords from countless number of website requesting for it.
Thanks to the team on this.
Resteemed!
Excellent. hardworking for the benefits of community. really an excellent group. thank you all.
Great work yabapmatt and Stoodkev. I'd love to implement this in some way with our DTUBE uploader.
Can't wait for this to come to firefox
Wow, thats amazing, can't wait to use it! =)