It's just because "blockchain" is the new magic word that gets you funded. You can do the same with public-key cryptography, but that's boring 70s technology. Who'd want that!?
You put your public (and private if you want) pgp key on there. Then you make public posts on your social media signed with that key. This way, you show everyone that you own these accounts or websites or whatever.
If any of the proofs changes, it puts it on a timeline. If your account has a hard reset it notifies all your followers.
Basically its safeish key sharing in the modern world.
> You put your public (and private if you want) pgp key on there. Then you make public posts on your social media signed with that key. This way, you show everyone that you own these accounts or websites or whatever.
If I don't want to give keybase my private key, which I obviously don't, how can it sign my tweets?
What is even the use case of signing my tweets? Presumably if I can access my account, t's me. There's only two alternative scenarios: someone hacks my account, or twitter is trying to screw me. Is there really a use case for this? Other than a few very high risk individuals, I don't think there's a point in signing tweets.
Keybase is primarily about signing linked identities, not content--you don't (and, AFAIK, can't) sign individual tweets with it. Rather, you sign one particular tweet which links your account to a Keybase identity. Someone who knows you on Twitter can use that to verify your identity on Keybase, and then transitively on other services such as GitHub, HN, your website, PGP, etc.
In addition, it also has some additional features to make cryptography slightly easier for the layperson, such as support for PGP through a web UI: this is why you might want to upload your private key, though they make it clear this is a bad idea in high-security situations. For all of the core service, Keybase generates various 'device keys' which sign these identity verifications, the private keys for which never leave the users' computers.
You've got it backwards. The point of Keybase is to replace PGP web of trust with a more human-friendly system based on proof of control of social media accounts (and/or domain names, and/or various other things).
The idea is that you tweet a message that's signed with your PGP key, then publicly register the URL of your tweet on the Keybase server. Later, when somebody requests your public key on Keybase, the Keybase client also requests that URL from the Keybase server, then scrapes it, verifies the signature, and tells that user what your Twitter handle is. That way the user knows that the owner of that private key is the same person who owns your Twitter handle.
Obviously this isn't secure by itself against a compromise of your Twitter account, but if you do this with multiple social media profiles (and/or domain names, and/or various other things), then the proof of identity becomes stronger. And there are some additional security measures based on timestamping and cross-signing.
> If I don't want to give keybase my private key, which I obviously don't, how can it sign my tweets?
You don't sign all of your tweets. Just one which proves that the person who owns the keybase account also owns the twitter account in question. Through transitivity, you can then prove that you are the same person who owns a particular facebook/github/HN account if you also sign a post on those services.
> Presumably if I can access my account, t's me.
That proves the person logged into the account is authorised to log in, not that the owner of the account is a particular person or the same person that owns another account on another service.
Yeah, that bothered me. As did the mention of press outlets allegedly featuring this group/company, complete with no links to these alleged features. Reads as a total scam-based vaporware. Cool domain, though. Would love to own it.
A blockchain - a secure public ledger with immutable history - does not need to use mining for authentication. When banks, etc. talk about blockchain I think they mean something that is publicly verifiable but only privately updatable.
Interesting question! I'm not an expert, but I suppose the answer is convenience of implementation? By using Bitcoin, the system is already in place for miners to verify signatures, tokens (i.e. "civiccoins") to pay for getting stuff verified on the chain by the signers, a well made and proven decentralized protocol, etc.