@practicalthought does not trust anyone with his private keys. How could he? He knows that if he gives someone his private posting key they can post and upvote in his name. He knows that if he gives out his private active key all of his liquid funds can be stolen and a power down can be initiated. He knows that if someone gets ahold of his master key they can change all of his keys and try to steal his account!
Therefore, @practicalthought does not trust 3rd-party sites with his keys. By extension, @practicalthought does not trust SteemConnect with this keys. Why should he trust this centralized service that is "formally partnered" with Busy.org? Who is Busy.org and why would anyone ever trust them with their keys?
Backstory
@practicalthought has made these arguments time and time again over the last few months, but I never really challenged his skepticism. I trust SteemConnect because I never give them my master key and I never have that much liquid funds on my account to steal. Risk is very low for me so I blindly have trusted this service. However, over the past few weeks I've learned a bit more so I thought I'd share that knowledge for everyone's benefit.
dsteem tutorials for Utopian-IO
I've been writing these tutorials to give myself and others a better understanding of JavaScript, HTML, and the Steemit Inc API. One of the big things I learned is that we can use APIs like dsteem and SteemJS to sign transactions directly on our own computers without having to trust a third party to do it for us.
var key = dsteem.PrivateKey.fromString('')
This function is perfectly safe to run directly on our machines. It takes the raw string of your private key and encrypts it to be used later for signing operations. The raw data inside the quotation marks never reaches the internet. This is why I blindly trust services like SteemConnect. Surely this service must incorporate this feature to make it secure.
SteemConnect research
I've since learned that this is indeed the case. Just like Bitcoin and all other cryptocurrency is open-source, so is SteemConnect. Any programmer can confirm that when you paste your raw active key into the SteemConnect window, it creates an encrypted token directly on your computer. This encrypted token can only be accessed by the application that asked for permissions in the first place.
Your keys never leave your computer. The Internet never sees them. Applications that use SteemConnect use the token they've been granted to sign transactions on your behalf. Other applications can not use that token. It is reserved only for the specific app you gave access to.
But, Active key though.
If you're like me, you get very worried when an app asks for your active key when they only need permission to upvote/post in your name. Why would SteemConnect be asking for an active key if they only needed to post/upvote? Are they trying to steal your money? The answer is no.
This is not the same as an Android app that asks for access to your whole phone. If SteemConnect asks for your active key, but the application doesn't need permission to move your funds, then it will create a permission token with the active key but it will not give access to everything the active key can do. The permission token is selective.
I think at one point the "custom_json" and "claim_reward_balance" operations actually required the active key at one point. From this context, it makes sense why the Busy.org frontend would ask for your active key. Even when you give your active key to SteemConnect to log into Busy.org, Busy still doesn't have access to transfer your money. It would be near as safe to give SteemConnect your master-key, because the permission token created with your master-key would not have access to transfer funds or reset your passwords.
In fact, if an application needed access to send encrypted messages with your memo key, and needed access to post to the blockchain, SteemConnect would likely ask for your master password! Of course, this would make many people super nervous. Why would SteemConnect ask for the MASTER PASSWORD when it only needs to send messages? The truth is the Master password is the only key that can do both of these functions, so rather than ask you for two different keys SteemConnect would just ask for your master but then create a token that only has access to the aforementioned functions.
You'll notice that sometimes when you use SteemConnect you don't have to type in a password at all. You just click on your account name. This is because there is still an active permission token on your computer letting SteemConnect know that permissions are still active and don't have to be resubmitted.
Value of SteemConnect
I will likely never use SteemConnect because the point of it is to allow developers to obfuscate code. SteemConnect is open-source so the applications connected to it don't have to be.
Applications that use SteemConnect can hide behind a private centralized server. We can be absolutely sure that they will only have access to the exact functions we specified in the permission token, no matter what key we gave SteemConnect in the first place. I say again, the permission token created by SteemConnect is functionally exactly the same no matter if you give it the posting/active/master key.
Centralization has many efficiency bonuses at the cost of trust, but SteemConnect is an amazing service because it increases that trust by a huge margin. Therefore, we get the best of both worlds: The trust of decentralization with the efficiency of centralization. This is really what DPOS is all about in general; trying to find the middle ground between trust and efficiency.
It would be easier to install a key-logger on your computer than it would be to hack the encryption of SteemConnect tokens. This is what makes it a decentralized option. All keys are stored on the user's respective machines. There is no database of Steem blockchain keys floating around anywhere on the internet.
Fixing the trust issues.
A lot of people do not trust SteemConnect, and for good reason. The main reason is because they don't understand how it works. It's a very trustworthy service. However, who's fault is it that people don't understand how SteemConnect works? It's pretty much their fault, not the fault of any Steemian.
Take a look at the SteemConnect website. Really look at it. This website looks shady! We're supposed to trust that it's safe because the website said so? Literally every website on the Internet claims you can trust them. There is no information here. It looks really bad. SteemConnect should have a short white/blue paper and even an infographic that shows people how it works.
If people knew how it worked their minds would be set at ease. Are we really expecting non-programmers to look at the GitHub and figure it out? That's a completely unreasonable expectation.
SteemConnect looks totally centralized from the outside looking in. Users think their key is being stored on a server somewhere. You know, like every other site in the history of mankind? It's an easy mistake to make.
SteemConnect needs to provide an offline option, something that proves to Steemians that it can be trusted. When you get directed to a website to type in your password this is very misleading. Providing an app that lives directly on our devices will prove to the public that our keys do indeed stay with us the entire time.
Even a browser extension would be better than being directed to an https link. Although I can understand why the https link is used. A link to a website is portable across all devices and operating systems.
Conclusion
I hope I have diffused some of the security worries that come up when presented with this service. Hopefully I have convinced @practicalthought that SteemConnect is okay to use when only giving away permission rights for the posting role. That being said, even the posting role allows one to upvote and post with your @username. Perhaps even this is too much trust for some to be putting into 3rd party apps. That's why I hope to create legitimate dapps that are fully controlled on the client-side and interact with the blockchain directly.
Still, when one understands how the inner workings of SteemConnect function, it's easy to see that this service is a highly innovative boon for the cryptosphere, and Steem in particular. This technology will almost certainly be mimicked on other platforms as a secure way to grant limited permissions.
Return from The Magic of SteemConnect to edicted's Web3 Blog