Sort:  

And btw no it’s not local storage it’s indexedDB

A posting key can be reset at any time with the master.

DTube never got hacked this way, because my github account is way more secure than all servers setup by apps using auth of users

Many sites are using offline tokens, if they get hacked, the users are screwed equally like putting the private key directly into. But the hacker doesn't even need to get it from the localStorage but take it directly from the database of the server. And its not really easy to prevent phishing here either.

Why not making a solution like steem keychain for all browsers? =)

Yeah did everyone forget utopian-io and the compromised keys via steemconnect? I guess so. Amnesia?