SteemMonsters Idea to safely have people safely play with your cards

in #steemmonsters6 years ago (edited)

I hope this solution is as easy as I think it is...

SteemPeak 11.png

THE ISSUE AT HAND

some people were heavy believers in SteemMonsters and have bought a ton of card... more than what they need to play. Perhaps they aren't even players. They would like to see those cards put to use and see their investment working for them.

THE FIRST IDEA... DELEGATION/RENTING...

This is perhaps the end game for a lot of large holders of cards... to put them to use as sorts of Mercernary cards... cards that will fight someone else's war for money... but are never owned by that person.
This idea is being pushed by co-founder @aggroed a bunch as well. And we may see it sometime after tournaments begin... let's say early next year is to be able to allow your cards to be used by another player while those cards remain safely in your possession with 0% of a bad actor or theft. It's a solid idea and it will certainly change the game up a bit and allow people with less money to get huge rewards in a given week and facilitate upward mobility.

blackline.png

SECOND IDEA: The "In the meantime" proposal
@nealmcspadden has basically proposed to users he is willing to give users cards in turn for the rewards they earn for the first 60 days and then when they work them off they get them. So they can play without money and put in the time.
https://steempeak.com/steemmonsters/@nealmcspadden/steemmonsters-want-to-play-without-spending-money-here-s-your-chance

This solution requires a lot of trust because he is giving access to a Posting Key... which is all that is needed to Transfer Cards away from one account into another.

On the blockchain the moment they leave his account there is no recource whatsoever.
All @steemmonsters is able to do is perhaps ban that account or those cards from being used in game play. But then what happens to other game creators will they now have that imposition put on them? What about markets... will PeakMonsters be required towards a burden of work if this is the case and be pushed into non-neutrality?

blackline.png

A POSSIBLE SOLUTION BY @jarvie ... GUEST LOG IN

A SOLUTION THAT IS MAYBE EVEN MORE THAN IN THE MEANTIME
I think both @aggroed and @nealmcspadden would love it and probably @yabapmatt may appreciate because it MAY not take too much effort.

  1. Create steemmonsters login for a separate account
    ... No we're not talking using any STEEM keys involved for this login.
  2. On this login allow (trust) SteemMonsters to save your POSTING key (cryptographically and safely)
  3. Allow this login to ONLY interact with game play, Nothing else.
    No transfers, no sells, no merging cards... ONLY play games.
  4. One step better is allow whoever has the posting key to select what this "guest login" can or can't do.
  5. Then you can safely and easily give that Login to any friend you want... the most they'll do is be really bad at the game and hurt your stats. But you gave them access to play.

I think it's a beautiful solution. I'd go right now to create accounts for all my nephews and put solid teams in there for them to play. Heck i'd give access to random strangers and have zero worry they transfer or sell or do anything stupid.

POSTING KEY SHOULD BE ABLE TO...

  1. Create a guest login (name and password)
  2. Decide what actions that login can do
    (default and perhaps only action is battle actions)
  3. Possibly they can also allow the guest to do the following
  • Open packs
  • Accept quest rewards or season rewards
  • Buy cards for this account (with guests' own steem account money)
  • Merge Cards (somewhat dangerous)
  • Sell cards (dangerous)
  • Transfer cards (dangerous)
  • Transfer cards TO a designated account (not dangerous)

BETTER THAN DELEGATION??

Both have good use cases but I think personally i'm more interested in getting new players into the game and hooking up friends and family than I am selling rights to use my card for a week. One option gets this game more users... but truth is i'll likely use both options.

THE WORK

@yabapmatt will have to tell us what's involved
If @peakmonsters were to do it i'd have an idea of how it'd all go down. First we'd only allow battle actions to start with and not even give other options for the time being and expand as we saw interest.
The biggest effort is safely guarding the posting key because as it stands https://peakmonsters.com doesn't even know that key. However if we used SteemConnect then it can give rights to use posting authority for that user for an extended time... so that could be a valid option. However this issue is easier for SteemMonsters because they already have the posting keys of most all the users. Only some have removed trust and used Keychain. Setting up a login system with differing rights however it's something all programmers do all the time is determine what authorities a certain user has on a website.

That's the Minimum Viable Product and it doesn't need a fancy interface to begin with. Just an interface that allows a posting key holder to create a login with a password.

blackline.png

RECAP

Let me repeat that this guest at no point should have access in any way to ANY steem key and yet should have access on SteemMonsters.com to play to their hearts content.

The owner of the account has to trust SteemMonsters with their Posting key or uses a nice secure and trustless system to be given and encrypt the posting key... but be able to have it used. Let's remind people that I'm guessing the majority of people input their posting key into SteemMonsters.com already. While many of us don't and use keychain instead.

And of course I want people to come up

blackline.png

USE THIS MARKET

Of course https://peakmonsters.com is a beautiful awesome place for buying and selling cards and packs. And as of today there is a whole slew of small updates that made it even better.

Sort:  

This would not only be gret for guests but also for the use on third-party apps, etc. you don’t want to give your keys to! Great idea man!

yeah if we ever think of a use case for steempeak i guess we could do the same idea.

  • Voting, Editing drafts?

I think this would be a good intermediary step.

Yes we all do want delegation/mercenaries ... however we also are crossing our fingers that there is a market for them... we can't be certain of this at the moment. Maybe it will be more evident with tournaments.

However with this as a seperate feature we can be pretty certain and have the control in our hands to get some of our friends to play with our secondary accounts.

And yes it's really only for maybe like 100-200 people that have enough for a couple accounts... but it also gets more people buying so that they can make that dream happen.

Yes, delegation is based on the idea that popularity is going to grow and the supply of cards will be constrained.

On the other hand, how many players are holding enough to make guest accounts viable? 20? 30?

Well guest accounts don't need to be max accounts so while there may only be 40-50 of us that have max accounts and can do beyond that some of us could make several accounts and really up the number of people playing pretty quickly. I would probably try to get quite a few of my family playing and several friends.

Also don't discount it for economic impact for the business minded out there.

Sure, I like the idea. I'm just wondering if there is enough demand to warrant doing the dev work.

That'll be up to @aggroed and @yabapmatt I guess.

I'm not sure if it's very hard at all. Maybe @asgarth can even shed some light on it.

From my understanding an easy UI that creates a username and password (or perhaps only a password)

And in the backend limitations to what a user can do when logged in with that password/guest account.

It really could be that simple.

I would propose doing this in reverse: create a new authority for transferring and merging cards. Posting key as it is on Steem isn't supposed to allow transferring of assets, which makes having Monsters tied to it something of a security hole.

I'd much rather see some new sort of Monsters active password that is required to do any of the asset-adjustment class of actions, which would accomplish the same thing as your proposal with essentially the same amount of work.

You could then allow them to be signed with active key as well for people who want to do them through blockchain actions.

I'm not sure how this works to be honest... how do you prevent transfer jsons that people have right now from being transfered with the posting key? Or do you first have to get everyone to tranfer those jsons to that other "authority" dominion?

Heck i'm not sure I'm even talking about it correctly.

And you can do all steemmonsters actions still on the blockchain with open transparency?

Custom_json has a required_auths attribute, I presume that can be changed to Active without too much trouble, although I haven't tried it. It would involve changing the transfer system to require it on the back end.

Doing it without active key would probably require the back end to publicly document transactions in order to keep the transparency, which does make it more centralized.

I'm revising my opinion of how much more work this would be as I think it through, though. It's probably easier to just get card delegation working, so we can move all of our Monsters into cold accounts.

Why not just create a simple login for your friends with normal passwords that they can remember. And it has zero risk. Because it only let's the user do battle related transactions.

Yeah, I think your idea makes sense if delegation isn't imminent. My issue with it is it doesn't solve the security hole of having large assets tied to the same key I have in code and hand out to front ends. But I'm less convinced those two issues can be solved at the same time than I was when I wrote the first comment, having thought it through some more.

Yeah i think you're looking more at the security hole which they can still work on. I just want to give access to friends to play... and I'm not even willing to give them a posting key even if they couldn't do transfers and other steem transactions... i just don't want them to have a key at all.

Yes ! I WANT THAT . I can pay people to play with my cards. But today I can not do it in a safe way

Posted using Partiko Android

To listen to the audio version of this article click on the play image.

Brought to you by @tts. If you find it useful please consider upvoting this reply.

As I understand, the way they've built the game is that both playing/combining and transferring/selling cards each require the posting key.
If you have it; you can do both.
If you don't have it; you can do neither.
Malicious actors don't need the site in order to post the transaction to the chain, so if I understand correctly it'd need to be a change in Steemconnect (unlikely) or in Keychain (far more likely to happen) which used the one posting key to generate additional, lesser authorisation tokens, then a patch of the game to reduce the playing requirement down to accept both.
I've been consistently surprised by how well these guys face down and destroy challenges; so I'm sure everything's on the table, and they'll deliver more than we imagine, as usual :)

And steemmonsters can create an authority to any internet user that could give the ability to use a posting key to sign those transactions, they wouldn't even need SteemConnect ... but SteemConnect dealing with the permissions is very doable.

On that interface they simply don't allow for that login to do anything but battle.

Yeah, we're right at the edge of my comprehension at this point. I don't know enough about the nature of the tokens used by Steemconnect and Keychain.
Interesting conversation though.

It's not really necessary. Think about it in terms of logins. If you have your posting key, you can do all of the posting keys things with it. But if you log into Steemit.com with your posting key and then hand your laptop to somebody else, they can only do the things that Steemit.com allows them to do. If they want to make custom Jsons, too bad for them.

Jarvie's idea is basically a little more sophisticated version of that.

Think about how much more intuitive to a non-tech non-blockchain geek who doesn't even want to know what an active or posting key is... they just want to log in with a normal password and play a simple game with your cards.

If i tell my nephew to save this crazy key and be careful with it because while a transfer they switched so that they can only do with this thing called the Transfer Key but they can write posts and spam accounts with this wierd thing called the "posting key" and cause a bit of mischief.

On the other hand... Hey nephew i made a guest account and the password is "myuncleismyhero" and you can go in there and play games.

I don't have to tell him anything else but perhaps how to play the game. And if he asks, "I hear these cards are worth money and you can sell them" I say yep... you can't sell or transfer my cards but I'll split the profits of the booster packs we get from you playing.

At the end of the day they should be able to go onto the site and not hate blockchain. Maybe not even need to know the site uses blockchain or cryptographic passwords.

I like the idea but nothing tops delegation. I see a good use to implement your idea and to keep it along side delagation ( when it becomes available ).

I think your idea would be used more for family and friends. For instance not everyone can afford to buy multiple $10 accounts. If you have a few children or a significant other that also wants to join in the game then your idea is perfect for each to have a different log in to the same account. And since the main account gets to decide who gets to use what that would be perfect for the parent to dictate shared cards to their child's cloned accounts.

On the other hand if someone with lots of cards had a staple of players they plan on delgating to then your idea isn't ideal for this method and delegation would be much better.

Yes it doesn't replace delegation ... but that idea they said is gonna be after tournaments most likely.


I'm hoping this is easy enough and has enough incentive because it increases the numbers of players. And possibly exposes a lot of people to game play... so it seems like a great marketing tool and good economic influence on the market as well.

So in essence this guest login should have less permissions than the regular private posting key right? So isn't that part the work of Steemconnect or Steemkey to code such a private key with limited permission?
Or could any App out there create its own Private Key with limited permissions?

Posted using Partiko Android

SteemConnect could be used by the account holder to facilitate the authority for SteemMonsters.com to have posting rights ... but they also already ask for posting key when logging in.

However part of the idea is the guest login should be a simple password... there is no risk to having someone have that password anyway when all they can do is start a battle.

Ja macht total Sinn sehr gute Idee. Dann kann man im naechsten Schritt gleich eine Account Management App entwickeln wenn das Projekt fruchten sollte.
Ich meine jede Steem App koennte so einen minimal Zugang Account gebrauchen um das Angebot fuer die User zu erweitern, tolle Sache!!!