I'm working hard on integrating various aspects of Hive, especially direct payments to content creators from their listeners and fans for the new Podcasting 2.0 effort. As part of my work there I'm in touch with many developers and interested parties and they're asking questions about Hive and I'd rather answer them in Hive rather than on the Podcast Index Social Mastadon server.
- What happens in the hypothetical scenario that your keys are compromised. I take it you can't just generate new ones, right?
The short answer is yes you can regenerate your keys and password if you think you've compromised a key but there are no signs that anyone has done something yet.
I will highlight something right up front however, an answer to a comment on one of @arcange's posts:
Unfortunately, if you don't have a valid private owner or active key or your Master Password at hand, no one can help you get your funds back.
If you completely loose all reference to the keys mentioned above, with or without an attack, there is no central authority that can get your account back. This is crypto, there is no Zuckerberg or Dorsey who can peak inside the user database and reset a password for you.
If your account has been completely compromised and you know it, there is a solution. @arcange (one of the luminaries of Hive) set up a service to make the account recovery process as easy as possible. This does rely on you setting up a trusted third party well ahead of times. He describes this in a post last year. He gave an update just recently.
There is another key thing to remember about Hive: if you do allow your keys to get out, including the Master Password or Private Owner Key, both of which you should almost never be using, the only thing immediately at risk is your LIQUID assets.
There are three ways you can store value in Hive:
- Liquid Hive or HBD
- Savings Hive or HBD
- Powered up Hive
If you make a mistake and publish your active or owner key, and someone malicious finds it, your liquid funds can be moved immediately.
Savings (which I must admit I've never used) lock up your funds for 3 days meaning that if you were to lose a key, and were to change it or recover with the recovery process and your trusted 3rd party, you'd have 3 days before funds in savings good be moved.
Powered up Hive (which gives you your voting power and greater ability to reward good content and earn curation rewards by making your likes worth more rewards) takes 13 weeks to fully power down. It is only after the first 7 days that any of the funds in a powered up account can be touched.
In many ways Hive is a lot safer than most crypto wallets with multiple layers of protection.
There's a final service which is worth noting: @keys-defender constantly looks for any leaked keys that wind up on the blockchain and alerts the user as best they can. Here's an example of a leaked memo key which would allow someone to decode private memos (messages sent alongside transactions).
This was Martin's second question and I'll answer it in another post soon.
- Let's say we wanted to have data on the hive chain, like reviews. How would we keep spammers out, but ensure our apps could post, and that we could invite new apps to participate too?