Yeah, ok. Keybase is deader than dead.
"So, our shortest-term directive is to significantly improve our security effectiveness, by working on a product that's that much bigger than Keybase. We can't be more specific than that, because we're just diving in."
How do you envision dropping the server? Going full P2P? It might be a bit tricky, because if I have non-public data and am trying to fetch semi-public data that's only supposed to be accessible to those who have the non-public data... who holds this semi-private relational database? If it's the user themselves they may go offline.
So for example, you have my phone number and are trying to fetch a record that has my public key, email, and ActivityPub:firstname.lastname@example.org
Well I think @weird_hell made the point that it depends on your use case.
With keybase you can say I'm discoverable with these data fields, when someone discovers me by that these (possibly overlapping) data fields get revealed to them, and this other data is just public-public.
If someone already has my phone number I'm OK with them having most things, but I wouldn't want to broadcast my email address to the whole public, and definitely not my phone number.
How about a scheme where the server (or distributed replacement) knows a mapping of hash to obfuscated data.
The client forms the request like, form the known datum in a known format of text, for example:
hash that, get (for example): 330eabe022b5876344c6f5b8f12a2761
Send that as the request. The app finds it in the dictionary/mapping/db, returns a block of obfuscated/encrypted data
@Parnikkapore @fribbledom @weird_hell
Then the client uses the original pre-hash text "tel:+1-123-456-7890" as a key to some clever but probably not hardened cryptography scheme to decrypt it and get a record (maybe in json) that has whatever it is I was willing to share.
And hopefully it would be secure enough that the server never actually has any knowledge about what it is it's sharing?
I'm suggesting reproducing it would be quite difficult. I was thinking of a Keybase alternative.
Two years later:
"Did you like our signature service?
Then you'll LOVE our set of licensed standard libraries for secure doorbells! We've already partnered with no one you've ever heard of!"
@fribbledom I'm a SW guys with some background in security, and honestly, that quote is not what's worrying me. It's basically business code for "right now we're being pulled in to look at Zoom from a security standpoint, and we have no idea how bad or good it is". I'd be more worried if they'd said "now we'll be working on the big changes to keybase.io which this acquisition will usher".
Ah, and I'm using pass on Linux. :)
@fribbledom I didn't particularly like keybase to start with, or think it was a very good idea, but this makes it a truly terrible one.
@fribbledom What would scare me more is something unthinkable like Microsoft acquiring Canonical. THAT would be a nightmare!
@fribbledom Congratulations, Keybase main team! *And I mean it*. Achievement unlocked. Creating something, making it somewhat interesting, selling it - was the original plan? The idea most likely was inspired by their previous startup - OKCupid. 👏
@fribbledom best part from keybase blog
keybases future in zooms hands 😂😂
like shitting on a pancake and hoping not to taste shite
But the last section of that announcement blog post confirmed that they're just dead fish in the water.
I guess I kind of knew this was going to happen when they switched from verifying identities to just instant messaging; but I least expected it to be #zoom, of all companies!
@fribbledom keybase sounded very dead already when they added "cryptocurrency" as a top-level function in their client.
So they were either scammers, or criminally gullible. Or both.
@fribbledom Such a shame. I saw a "key management" tool that purported to be better than keybase, but do you know of any serious contenders to replace what keybase does as a way to prove connectedness?
By following their moves you are playing their game. You should anticipate them. How...know thyself.
You are a part of a system that you can not escape.
The environment is stronger than you, learn more about it so you will be able to change it, everything that is happened is happened for a reason, more or less clear. If you're interested on accept the changing, just ask for more.
@fribbledom I tried Keybase once, back in 2014 or so as I recall.
While it *technically* worked, it was nonetheless a total waste of my time. Basically, it was an excuse for people to go to "key parties". But, after that, literally was never used again.
@fribbledom I can't decide if this is great news or horrible news. Keybase has, in my opinion, always suffered from a lack of adoption. Zoom suffered from a lack of security. This could be a great fit for one or both. And/or it could be a disaster for one/both.
@fribbledom Thank you *very* much for the heads up. Also *rather a lot of muffled cussing*
@fribbledom Keybase account … deleted. I knew that you had to search an exit strategy but this is mine …
Argh, to bad. I use it mostly for having an encrypted backup of my private gits in case I destroy my own hosting. I'm bad at backups. I guess I have to look for alternatives then. Recommendations?
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!