First of all, Steem is the first social media platform that I hope will bring something good to the world. Since I root for Steem's success (which it already achieved a fair dose of) I have to point out some dark spots I saw in its image when researching it deeper.
The Steem itself. The hardware requirements for Steem node are INSANE and they seem to grow pretty fast. I can easily keep full nodes for a handful of major cryptos on a 5yo PC and the only problem is storage space (hence I only keep those that can be pruned) but I would have to buy a solid separate server just for a minimal Steem node. This is far from acceptable. What a Steem node is supposed to do does not justify such requirements at all.
There are two possible explanations. Either authors of Steem can't code (highly unlikely) or they made some assumptions early in the life of the project that turned out to be really bad later on. The latter is a common problem of complex software and more often than not calls for a complete rewrite at some point. I really hope there is some serious work going on behind the scenes, because it looks like something that needed to be addressed like half a year ago.
Now the future - SMTs. I only know what was revealed in the whitepaper, so there might be some changes that address the problems I'm concerned about, however if not, these problems might cause SMTs to be a major disaster that will bring whole Steem down with it. There is actually just one big problem revolving around costs.
First cost is related to what I mentioned in first paragraph. Requirements on witness hardware are approaching technological limits, until code is optimised there is no point in bringing more people and movement to Steem.
The NAI space is limited to 9 decimal digits meaning at most 1B SMT. I suspect some NAIs will be reserved, but still it seems like more than enough. A single SMT is supposed to cost 1USD worth of Steem, so if some whale was to buy all possible NAIs in order to auction them later for much better price, he would have to first have nearly all Steem in circulation. With 1B limit on SMT count there is no immediate danger of this kind, however if the price was to remain at 1USD and Steem market cap would continue to rise this is something that might happen eventually. It will happen pretty soon if for some reason effective NAI space was significantly smaller than 1B.
The cost is so low possibly to encourage people to play with SMTs. People playing are the biggest danger. If SMTs were just colored Steem there would be no problem. However all their features described in the whitepaper suggest they are separate entities. They also seem to be on the same blockchain as Steem, which means witnesses can't ignore them (if they could that would defeat the purpose of SMTs I suppose). So the witnesses will have to deal with extra data and operation costs associated with all the existing SMTs while being rewarded solely with Steem. You can argue that there is a positive price pressure on Steem associated with SMTs (actually the whitepaper does exactly that), however that argument might only be true for SMTs that are actively used. If people start creating SMTs just to play with the idea and then forget about them, such play-and-forget tokens will forever consume resources of witnesses and clobber blockchain with their inflation transactions without bringing any extra revenue or positive elements to Steem community.
To address the above problem I'd propose the following changes. First there needs to be a mechanism to remove previously created SMT and free associated NAI. Eventually it should be possible to make forced buyout like in case of company that wants to stop having publicly traded stocks, however at minimum it should be possible to remove SMT while control account owns all available supply of particular token (of course pool of automatic market maker counts as owned by control account for that purpose). The second change is to provide clear incentive for people to use that mechanism. This is where the cost comes back into play. On top of the "burned" 1USD, creator of the SMT needs to have let's say 10k Steem frozen on control account. Frozen Steem cannot be powered up nor transfered, so while control account remains an owner of that Steem, the funds are basically useless. That limitation holds only as long as SMT is alive. Once SMT is killed the funds can be used normally again. The 10k effective extra cost should not be limiting for anyone being serious about their SMT, but for people that want to just play, it will be clear incentive to clean up after they are done playing. Of course the 10k number could be controlled by a parameter similar to steem_per_mvests so when Steem gains value the number could automatically lower, gradually freeing frozen funds, so the actual effective cost of SMT remains close to constant over time. The bonus of the extra effective cost is that it would forever prevent any whale from buying out the NAI space.
The wallets (list taken from steem center).
Piston is outdated/discontinued.
Vessel is nice, but only allows to control the funds, at least the 0.2.0 version I ended up with (at first I tried then latest 0.2.6, however it kept disconnecting, spewing server errors on the console and finally hanging when I tried to add my account to it, 0.2.0 worked right away so I kept it). Maybe the advanced option would allow me to send post, but how should the proper JSON look for this purpose?
Steem wallet for android seem to be only for controlling funds as well so I haven't tried it.
eSteem works, although is pretty slow on my old phone, besides as long as the phone is not rooted I'm not comfortable giving it any private keys which means I'm not going to be using it even when I upgrade the phone (rooting voids warranty).
CLI-wallet seems to be nonexistent for Windows. I've found the article on how to use linux version on Windows 10, but that malware gets nowhere near my PC, not even on temporary VM.
That leaves me with steemit.com which is basically an online wallet. Not a big fan of online wallets here, but it is basically the only viable option.
Let's take a closer look at steemit.
A lot of important information is spread in articles by various people, apparently not directly connected to Steem development, where in fact that information should be available right where the relevant functionality is presented on steemit.com. Let's take account recovery as an example. Such functionality fires all possible alarms - clear backdoor to an account, and it is marketed as a safety option. Only later I've found an article that describes how it works. Such information should be right there on the recovery page!
When I tried to set my account picture at first I gave the link leading to google drive. Instead of getting clear message that there was an error I got blank picture. Google apparently doesn't like hot linking and after a while was returning 404 on the link I provided - I'd prefer to get that information instead of blank profile picture with misleading error embedded in its source.
The posting of pictures does not work in Firefox with normal (aka paranoia) settings (adblock/noscript and permanent private mode). Even after I set all domains the steemit.com is using as trusted I still get server connection error when trying to dnd the picture to post. I had to use Chrome to send the profile picture and background. By the way, I find the idea disturbing that the picture I put in unsent post ends up on some remote server anyway.
While I appreciate steemit now supports my language, there really should be a way to switch it without the need to log. Typical small flag icons would suffice.
The main problem I have with steemit.com is that there are multiple points of failure associated with its use. First I need to have my passwords written somewhere - I hope I'm not expected to remember all of those long streams of alphanumerics. Yeah, I can have them in some encrypted file, but now I have to copy-paste a password. It ends up in clipboard where it can be captured by a malware. Finally I have to trust steemit.com itself. I could check if the login page does all client side but that check would hold only until I need to log again. It should look completely different.
The best would be to have a browser plugin with hardware wallet support. If no hardware wallet the plugin itself should offer to keep my passwords in encrypted form so I only need to log into it. What's the difference? I can be fairly sure the plugin didn't change between logins, not so much when the login page is loaded from server where it can change at any moment. The plugin could also offer transaction source to copy-paste and sign with offline app. Not very convenient to do that with every upvote but for operations that require active key convenience shouldn't be the priority. The plugin has additional advantage - could work with any site that supports Steem, much like what Steem Connect is supposed to offer but with no potential that something fishy is going to be added during integration.