[tosh]

In a sense keybase is one of the most important projects built right now (that I can think of).

It covers aspects (think pareto principle) of email, linkedin, slack, github, dropbox, whatsapp, online banking and probably more core use cases that I don’t have on top of my mind.

That is now, today. With a decent user experience that keeps getting better (see recent improvements @ user profiles).

=> all of that end-to-end encrypted and delivered in a way that it is accessible and usable and fun with a long-tail of users in mind.

[I have no idea what an equivalent would be right now, not even as combination of multiple separate projects. Think about that.]

[dmitriid]

> It covers aspects (think pareto principle) of email, linkedin, slack, github, dropbox, whatsapp, online banking and probably more core use cases that I don’t have on top of my mind.

Soooo... A centralized solution for everything? ;)

[techntoke]

Exactly... unless the work is open source, they are just another centralized solution. Reminds me of Telegram.

[sympodius]

I thought Keybase was open source? Released under the New BSD (3 Clause) License?

[lrvick]

The clients are. The platform they all run on top of is centralized, made up its own irresponsibly insecure key handling and crypto protocols, and is proprietary.

[nickik]

They didn't make any of their own security, they use very well established open-source security libraries for everything. Stop spreading FUD.

[lrvick]

I have researched their approach in great detail and found design flaws in it like: https://github.com/keybase/keybase-issues/issues/1946

A lot of trust is rooted in their centralized proprietary walled garden API and to make matters worse they actually silently bypass hardware security modules in favor of keys exposed to system memory!

They even encourage users to expose their PGP private keys to their browser and didn't even bother to isolate it to a service worker so browser plugins can't steal it (or just supporting hardware tokens which GPG already did just fine)

Almost everything they do is non standard, not interoperable with anything else, not distributed to keyservers. They are the internet explorer of cryptography.

They did this in the name of UX but it turns out you can have super easy PGP UX AND follow standards as OpenKeychain has demonstrated.

Keybase introduced lock-in and their own protocols for problems that did not at all need them. They are 2 steps forward on UX and one huge backwards step for security.