Sort:  

Thanks that is good to know. So you are saying that if someone compromised the steemit.com servers they wouldn't be able to steal the STEEM?

Exactly, the steemit.com server only host the web page that shows the content that is stored on the blockchain. The blokchain itself is maintained by 21 dedicated nodes plus a whole bunch of backup nodes that are run by community members.

Whenever you vote, comment, post, etc your actions are signed with your private keys and encrypted before they are broadcast to the network.

This doesn't mean that you shouldn't be cautious. Each steem account has 4 distinct keys with different levels of permissions:

  • Memo key, used to send encrypted messages (steemit.com doesn't support this functionality... you need to use the cli wallet for this)

  • Posting key, used to vote, comment and post.

  • Active key, used to vote, comment, post and to transfer funds, power up, power down & vote on witnesses (the nodes that maintain the blockchain).

  • Owner key...this is the master password, it can change the private keys. This key should not be used unless if you need to change your password and it's best to keep it offline in a safe place.