SCAM ALERT: No witness will ever ask you for your passwords or keys!
All those who vote for me (and read my posts) should already know that they should never, ever reveal their keys to anyone!
I will never ever pay for votes.
Vote for witnesses that are worth it, not because they promise you something in exchange.
Well, except that I promise to do my best for platform security and reliability.
Do not enter your password or keys on sites you don’t trust.
Always check the address bar to make sure that you are loading the correct website.
Scammers can make their sites look exactly same as a page you expect to see.
Again:
Always check the address bar to make sure that you are loading the correct website.
If you have any doubts, you shouldn’t use the website.
Make sure the users you contact are who they say they are.
My account name is @gtg, but I also use the account @gandalf on Steem and steem.chat.
But even if I would tell you to enter your password somewhere or send me some funds.
Do not. It's not me.
If you already have made that mistake, change your password immediately.
If you are not sure about it, change your password immediately.
SteemConnect
Of course, there are sites other than https://steemit.com where you can use your keys, such as Busy or DTube but you should always decide if you want to provide your key to such websites.
In a perfect world, a website should only use your key to sign the transactions that you are willing to make within your browser - in other words, your key never leaves your machine.
There’s a project called SteemConnect that was designed to help the developers with all that hassle with regarding keys and passwords. It is a preferred way of handling user authentication and authorization.
But even when you use SteemConnect, you should be careful and always check what your keys will be used for. Here are some examples:
If you’re voting for me as a witness, you see:
You can clearly see what operation will be performed. Also make sure that your address is what you expect it to be. Even if only one letter is different in the domain name, this means that something is wrong.
It should be exactly https://steemconnect.com/
. In this case, the full address will be:
https://steemconnect.com/sign/account-witness-vote?witness=gtg&approve=1
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
SteemConnect reminds you to check it.
In order to transfer funds or vote for witnesses, you need your Active Posting Key, but you should be VERY careful whenever you use this key.
Use the least powerful key possible instead of using your Master Password. For example if you simply want to post or upvote content, all you need is your Private Posting Key.
Also, instead of using a single operation, such sites as Busy or DTube might want you to authorize certain types of operations - read what they say very carefully and check if the application is what you expect:
Even though such authorization will use your posting authority to Vote, Comment, etc. it will require you to enter your Active Private Key to confirm such authorization.
I will write it again: confirm that you are on steemconnect.com site before entering your password and that you are authorizing actions that you really want to perform.
If you believe I can be of value to Steem, please vote for me (gtg) as a witness on Steemit's Witnesses List or set (gtg) as a proxy that will vote for witnesses for you.
Your vote does matter!
You can contact me directly on steem.chat, as Gandalf
Steem On
I'm so glad steemconnect exists, I hate giving my privacy keys out even to sites like steemengine and dtube
I wish I could have see some of these posts sooner. I was scammed friday Mar 2 by Gtg.witnesses and good-kama I lost 663.834 in SBD and posted on it tonight. - Blessings - Troy
I'm sorry to hear that. Have you already changed your password?
I have changed my master key. I learned that they took all my SBD - 663.843 (over $2,000 in dollars) and traded it on block trades. The transaction was traced to Romania , Switzerland and Amsterdam. I sense they are high tech. It is a shame they allow these folks to continue on Steemit. It is also a shame that these folks continue to get by with this. It would be good if we had a group on Steemit who could address these concerns or victims of this abuse. From what I learned they continue to do this on Steemit and send you to Steewit. They also scammed my comments, compromised my reputation and took 22.641 in steem tokens and exceeded my bandwitdth. My upvote is worthless for at least the next 7 days. I worked with a steemian via phone from Hampton, IA USA to change my master key and send some emails out to Steemit abuse on steemit chat and blocktrades. Feel free to read my bog. Thanks for responding. I wish justice could be served. Do you have any suggestions???? Blessings - Troy
Steem is a decentralized platform. No party could stop others from using it so for example totalitarian government can't effectively stop their citizens from posting... but that also means that there's no central "police" that can stop such abuse.
But if you can identify abuser (and usually, even if they are trying hard, sooner or later they make a mistake that allows to identify them, and prosecute under their own jurisdiction).
Thanks for thend kind response. They do their harm by misrepresentation. They have taken your name and misrepresent it as gtg.witnesses (slightly different) and the same with good-karma and good-kama (the later they use). Finally they send you to a misrepresented Steemit as steewit. Clever. Well folks need to know this stuff to protect themselves. Without policing this is allowed to thrive. Thanks my friend.
gtg I have upvoted and resteemed your post because I believe it may be helpful to a number of my 1400 followers. Although your content may be helpful to many, I find it's not that simple to follow and therefore would have also appreciated the whole thing in baby language for people my age and computer competency. Thank you again.
Thank you for feedback.
I agree that so called "ELI5" (yet, 100% accurate) type of docs & tutorials about Steem and surrounding technologies would be very helpful.
the keyword is the best priority and it must be really occupied, the wrong keywords will be bad for yourself. I have not known you and I are newcomers in steemit, but you are an inspiration to me, you are the best...
Thank you :-)
Are you sure?
Zeartul was a witness.
This comment has received a 32.26 % upvote from @steemdiffuser thanks to: @stimialiti. Steem on my friend!
Above average bids may get additional upvotes from our trail members!
Get Upvotes, Join Our Trail, or Delegate Some SP
Hey @gtg . I just had this scam message in my wallet and wanted to make a warning post about it. Instead I now reblog your post.
Very sad. Recently these kind of phishing tries are seen much more often. Even worse there is users that fall for it. Ive seen ppl in discord channels.
There is really no chance to stop them, right? Somehow steemit should have a ban list to not show their messages to protect new ppl better.
Cheers J
Thank you :-)
Well, yes, there's no good way for stopping such scam attempts. There will be always new ways and new ideas on how to trick users. Of course scammers usually make mistakes and sooner or later they will be punished, but new will come, as long as people will fall for it.
Those guys also tried to trick me but I know that you are the kind of witness who would never do such silly and tricky stuff! I simply ignored and muted them. Hope you are well!
Thanks for this info my friend! Yesterday i take a memo with the account name gtg.witness
Here is what they send me. I know that this is fake account:
https://steemit.com/scam/@paradise/atention-to-all-steemians-take-2-min-to-read-this
Thank you, good catch.
You welcome! :)
they use name of important users to be trusted by users that not have to much information here...
You have make good catch too :) See you my friend
Thanks for writing this post! I just was wondering the other day why an app was asking for active key although I was just wanting to post. It did go through Steem connect and after asking around heard that Steem connect is a trust worthy site, so I ended up using it. Does Steem connect need to use the active key just for posting though?
If you want to post once using SteemConnect then posting key is enough, but in your case you were changing posting authority which require active key (you authorized both:
dlive.app
andbusy.app
to post on your behalf).You can see details here: https://steemd.com/@polebird
As you can see those accounts are listed under "Posting" but to list them there you had to use your Active Key.
Ah so they are still ok though right? As long as it’s through Steem connect? Are there circumstances we shouldn’t be providing active using Steem connect assuming that the site is requiring use of more than just the posting key?
First of all, the best approach is to treat every case of "enter your secret here:" as NOT-OK situation. Scammers always do their best to present you something that looks ok. Similar domain name, same page layout that you are familiar with, etc.
After you are sure that it's really SteemConnect asking you for a key, you still need to make sure what it will be used for.
For example you can use this link:
https://steemconnect.com/sign/vote?voter=polebird&author=polebird&permlink=re-gtg-re-polebird-re-gtg-scam-alert-no-witness-will-ever-ask-you-for-your-passwords-or-keys-20180227t054353477z&weight=1
to 1% upvote your own comment (that I'm now replying to).
SteemConnect will ask you if you want to confirm this operation (explicitly stating what it will be), or in case of an applications if you want to authorize certain Steem account
@some_application.app
to use your posting role (it shouldn't be asking for anything more than posting role, but as I wrote before, to authorize some app to use your posting role you have to confirm that with your active authority (app itself will not get that privilege)).Of course there's a risk that app will become malicious, so it's not wise to authorize random apps without ensuring first that they have solid reputation.
Thank you! it's very good that you talk about it, because there are very trusting people.
(thanks again)
Resteemed and upvoting for visibility - tipuvote! 0.3
Thank you :-)