I'm not sure why people "follow" me on Keybase. Do people post updates on that site? I sure never do
@Gargron it's equivalent to them signing your GPG key, it's just named badly.
@rx14 Ohhhh.... But wait. My GPG key is offline. Only the public part of it is on Keybase, and I am sure not downloading it from Keybase, so how would the signatures get back to me?
@rx14 @Gargron If you follow someone you sign their current snapshot. If you then want to send an encrypted message to this account and something in their sigchain (gpg key, social media account etc) has changed you'll get a warning, letting you double check if this account is still owned by right person.
@fap @rx14 OK now I'm checking https://keybase.io/docs/server_security/following to be sure. It looks like when you sign that snapshot of the other party's identity, you can choose to publish that signature up to keybase for other people to see.
« This is not a web of trust [but] more followers means more confidence in the age of [the other party's] account. »
@fap You can also follow privately (Just keep the signature in your computer's local store), which means you can see if their snapshot changes in the future, but other people don't benefit from that information.
@Gargron It's not a real GPG signature that GPG would recognise, it's keybase's equivalent. It's a crypto signature of your key + a proof that the user checked that all your proofs were valid IIRC.