You are viewing a single comment's thread from:

RE: ESTEEM8 - Light, design, and private web APP [Alpha release]

in #steemit8 years ago (edited)

Hey. This project is coming out without anyone previously on Steemit claiming they've made it. I'm naturally skeptical of this because your app will be taking people's master passwords, which people should not entrust to a pseudonymous person with no history or reputation. Who is making this?

Sort:  

A valid concern. Never EVER give out your master password.

The sixth rule: Do not tell anyone your password.

There should be no need for it.

That is a damn valid concern. Looking forward to see their answer.

Hey.
History or reputation on steem is just a tool to evaluate the trust but absolutely not a proof of the app privacy or security. To be sure of that point, the best is to check the code base, the application is automatically pushed from the code base so nothing between the code showed and the code served is modified. You can trust me, the app will not share any data with a third-party without notifying users. This saying is also not an absolute proof, the best is check the code personally or have some review from different community members.
I hope that was the clearest possible, we're here to answers more questions :)

That wasn't too clear. I asked who you are. There's a good chance that you're someone who has used Steem before.

It's not a concern about trusting you not to share data with third parties, it's about being able to trust someone who is only using the name esteem8 here and on github with one's master password which can steal away an account's funds and lock the person out if the password is changed. That's not a risk that should be taken with someone who is only using a brand new account both here and on github. The crypto world has seen too many scams with fresh names.

If you implement Busy's Steemconnect or the upcoming Steemit Inc version of the same thing, there will be slightly less of a concern but there is still the possibility of exploiting your users.

The fact that you're so far only operating behind the @esteem8 pseudonym is a red flag for me and this response, either dodging or completely misunderstanding my question is red flag #2.

You've linked to your slack but not provided any invites either.

Happy to clarify some security and privacy points.
Sorry for misunderstanding your question, i'm not a native English speaker, i will try to respond as clear and easy as i can:

Real but not liked answer :

  1. I want to say that you can trust me but whoever i am and have done, this won't make me sure. In fact you can't trust anyone at 100%.
  2. Steem and Github account are linked, you can verify it GitHub, there is a link made (from GitHub) to the esteem8 Steem account.
  3. Code given is code shown on GitHub, you can verify it on GitHub too. (GitHub is the server)
  4. The only way to trust code at 100% is to read it, anyone can read it on GitHub and give his/her thoughts here.
  5. To be sure that code author are really these who are on GitHub, there no absolute proof that i can give, however i can tell you that the main contributor who's write 98% of GitHub content is the @primerz (on Steem and GitHub) and is in reality Matias Affolter. You can personally contact me on Facebook or by email, i will confirm it. You can also check the domain name administrator (esteem8.com) on a whois service.

I know that these type of answers are not liked because it prove that noting is sure, (i think that you want that i respond "You can trust me at 100% because of...") but it is not the reality of things and i wanted to respond as right and close to reality possible.
Within the case that code where stolen from someone, the only way for he/her to say that his code was stolen is to say it here.

Not real but liked answer:
You can trust the code and me because of ... Don't worries everything is fine (said in a sense that we think it's right).

P.S. Security is to know that NOTHING is 100% secure even Steemconnect, everything come from a purely personal trust on someone or group of people who are purely based on information that can be made in a sense to corrupt thoughts.

So you are @primerz, thank you. Is this project related to @steemapp/Steemy?

Yes it's my personal account.
Not at all, the code was built from scratch.

Another thing, you still need some way for people to be invited into your slack if you wish for people to participate. Slackin is commonly used for this.

Slackin is often hosted on Heroku

Our slack channel was replaced by the a Steem post.
You can find the chat here.

The slack channel replaced by a Steem post.
Here is the chat: ESTEEM8 - Community chat

I noticed you've moved since this message, but I'm still happy that you thought of chatting on the blockchain.

Hopefully @jesta will create a great forum for these types things.
@busy.org are also working on integrating direct messages on their platform, so maybe we'll see chat rooms there too in the future. =)