Hacker News new | ask | show | jobs
by robmusial 1400 days ago
It's interesting to me that you used Keybase as the example. My brain doing its guessing ahead thing assumed you were going to say Matrix. I've seen several popular instances of it, and run in to people actively using it at least monthly where I haven't seen anyone use Keybase in years (since the Zoom acquisition). Do you see a lot of people _actively_ using Keybase still?
2 comments
dcow 1400 days ago
I don't use Matrix a bunch so it might just be that I'm not as familiar and out of the loop. To me Keybase (despite all the drama) seems like the most isolated/pure example of a product that took the approach of username/password style accounts and applied it to application layer crypto to achieve secure messaging. Keybase later added all the network-y chat type features that make me think more of a product like Matrix. But if Matrix is good for 1:1 "chat up my contacts and groups thereof", then great. Matrix always seemed more like federated Discord or "crypto" IRC to me with the whole needing to join channels thing.
link
pzduniak 1400 days ago
I personally use it for LOTS of stuff, both personal and commercial (as a Slack replacement). Other than a couple bugs (pinch to zoom on Android, media playback), it's fine - I don't feel like I need any more features, though I'd love it to be a bit snappier. KBFS has been excellent for stuff like secrets in CI pipelines.

Disclaimer: I'm one of the ex-Keybase, now Zoom people. I'm definitely in a bubble. The non-Keybase people I talk with are my consultancy's employees + a couple clients.

Keybase's security model is excellent in protecting you from attacks like the one described in the OP. If you can't sign your device with another one, you can only recover a username if:

- it's not in [lockdown mode](https://book.keybase.io/docs/lockdown)

- it has a verified email / phone number

- you either click a reset link in the email / SMS _or_ know the password

- _and_ the user fails to cancel the reset over many days of warnings.

And if you manage to go through all that trouble, all your contacts will get blasted with warnings about your identity. Fun!

link