[plttn]

I think the implication is that an unlinked and appropriately aged Github/HN account can be compromised to get 20 bucks by compromising and linking.

I'm sure if someone actually reached out to @malgorithms saying "hey someone stole my GH/HN account out from under me to get the 20 bucks" they'd resolve the issue.

[skybrian]

That's assuming you would notice. I just linked my HN account to Keybase, then deleted the proof from my HN profile. The link doesn't seem to be revoked?

It seems like an attacker could do that, and I don't know when you'd first notice that your HN profile is linked to a Keybase account that doesn't belong to you? Particularly someone who doesn't use Keybase.

[eridius]

The link isn't removed on the keybase side but the next time it's checked it will be flagged as bad. Clients will check it automatically when you follow; otherwise, I believe what happens is the system will periodically check it and cache that data for some time (so that way you're not hitting the external services every single time you visit someone's profile).

I would assume the airdrop ensures the GitHub/HN proofs are up-to-date before sending the lumens.