Understanding Posting & Active keys Authority
How steemdb.online curation trail works?
We also had a conversation in discord server this morning on my timezone as I had asked him about this the day before and was waiting for him to reply me there.
As I understand it from our conversation, his sites https://steemdb.online/ only have users’ posting key authority NOT the actual posting key itself.
The application that is used for getting the posting keys from users is steemlogin which is operated by @hightouch of @futurewitness
As I understand it from @steem-supporter, steemlogin only has our **active key authority **but not having any record of our active keys in their apps, as steemlogin only stores our active keys credentials in our web browser.
Why users need their active key to authorize steemdb.online service?
https://steemdb.online/ require users to put active keys via steemlogin because in order for posting keys authority to work with steemdb.online dapps,higher level keys, such as active keys is required by the steemlogin which will then making it possible for steemdb.online dapps posting key authority to work.
There is no way for dapps such as https://steemdb.online/ and steemlogin.com having record/store of your posting keys and active keys.
Is it safe to use any dapps on Steem?
There’s still a possibility that your account gets hacked if you’re using these dapps as hackers might have found a way to do it as you store the keys in your browser.
So in conclusion, use these dapps at your own risk, the creators of those dapps are not responsible or have anything to do with your stolen funds while you use their dapps as they do not store your actual posting/active keys, they only have your posting or active key authority.
It might have to do with your internet browser security or something as I’m not a developer or programer to know more about this on how your steem account could be compromised.
How to protect your Steem/SBD?
Go to your steemitwallet page and transfer any liquid steem/sbd into Savings
This will protect your funds for 3 days before they enable the withdrawal
If you or your community rely heavily on this curation trail service or any other dapps on Steem blockchain that require active key authority on their dapps, it is good that you transfer any of your liquid steem/sbd into saving so you will get notified when someone withdraws your steem/sbd in 3 days before it can be withdrawn. This way you can still have a chance to stop the stealing as opposed to you will lose your funds at an instant if you just let it sit there.
Thank you @steem-supporter for clearing things up for me and the Steem Community members.
Until then, keep steeming!