EIL5: How Are Dapps Any More De-Centralized Than The Platforms We Currently Use?

I was browsing r/ethereum this morning, and I saw a cool post where a student in Australia was able to pull up his/her test scores on a blockchain powered by Ethereum. This is really, really cool — I thought: “Wow! This is only the beginning for real world Ethereum use cases.”

I’m having some trouble understanding how this example concretely looks like, which is why I wanted to solicit help from this community, to hopefully understand the concept of Ethereum a little bit better 🙂

Forgive me if I butcher this explanation; I’m new to this whole blockchain stuff and I’m outlining this in the best way that I can best understand it:

——————————————————————————————————————-

Okay, so in the Australian test score example, I’d imagine there is some sort of decentralized application (dApp) the Australian school system (A.S.S. for short) uses to post student test scores. To keep random hackers (or trolls) from posting false test scores on this blockchain and trolling up the entire grade posting, I’d imagine the A.S.S. needs some sort of gate-keeping code to say: “only those who verifiably work in the A.S.S. can publicly post blockchains on this dApp”. This, most likely, requires some sort of login/password system; only those with A.S.S. -verified accounts can make postings/edits.

Though, this got me thinking: yes, we are keeping student grade data on a decentralized blockchain, but at the end of the day, access is still centralized under the dApp. I understand the security of keeping something on the Ethereum Blockchain itself, but couldn’t a hacker instead steal the A.S.S. login credentials on the dApp, and make all sorts of fake grade postings?

I understand that it is more secure to keep (student) data on a blockchain, because once posted on the blockchain, it can never get erased/wiped off the blockchain. However, when it comes to security of “Who is making new posts on the blockchain”, I’m having trouble understanding how centralizing access on a dApp is any more secure than centralizing (student) data across a school-shared (Microsoft?) drive.

———————————————————————————————————————-

Thanks in advance for reading this post! I want to believe in the long-term adoption of Ethereum, but I’m having trouble getting comfortable around this idea of keeping access/login keys on centralized platforms. Any and all help, feedback on this concern is appreciated, fellow Redditors!