RE: HiveSigner is INSECURE? - discussion and deep dive

For some reason, we have missed this post and didn't notice mention. Apologies, any application (web, extension, mobile app) that helps you to sign transaction stores or uses your keys for intended purpose. Security of Hivesigner depends on security of your own device of course, hivesigner doesn't send your keys anywhere in anyway, only keep them in your local browser. Just like Keychain, just like another other direct ways of login. That's why there are different levels of keys so you only use it in trusted and opensource apps to specific operations you need to sign. Working of Hivesigner is slightly different in that you can give posting authority to application once and don't need to use Active, Owner, Master password keys ever again even on Hivesigner itself and you can take away posting authority anytime from any app. In your example, hive.vote it is utilizing posting authority, so you are required to give that authority with your active key, if you know that you just use your active key and can remove your account from Hivesigner that's it. All other keys are used for specific use cases within Hivesigner, memo key or other key login suggests because if you are unsure what key you need, you can try any key until you find one that works. Yes this can be improved but here you are not talking about improvement suggestions.

Hivesigner is opensource and maintained by our team so if you don't trust Ecency team, always do check source code to know what it does with your keys: https://github.com/ecency/hivesigner-ui.

When we have inherited the Hivesigner codebase, we have done extensive review and complete rewrite of most logic, so it is reviewed at least by previous creators and our team.

Deep dive like this should be done on all apps so people know what's doing what. Only be objective about what you find and/or ask team if you have concerns/questions, tell team if you find bugs after all that, release findings along with suggestions.