Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "keybase"
I love how the Keybase Linux client installs itself straight into /keybase. Unix directory structure guidelines? Oh no, those don't apply to us. And after uninstalling the application they don't even remove the directory. Leaving dirt and not even having the courtesy to clean it up. Their engineers sure are one of a kind.
Also, remember that EFAIL case? I received an email from them at the time, stating some stuff that was about as consistent as their respect for Unix directory structure guidelines. Overtyping straight from said email here:
[…] and our filesystem all do not use PGP.
> whatever that means.
The only time you'll ever use PGP encryption in Keybase is when you're sitting there thinking "Oh, I really want to use legacy PGP encryption."
> Legacy encryption.. yeah right. Just as legacy as Vim is, isn't it?
You have PGP as part of your cryptographic identity.
> OH REALLY?! NO SHIT!!! I ACTIVELY USED 3 OS'S AND FAILED ON 2 BECAUSE OF YOUR SHITTY CLIENT, JUST TO UPLOAD MY FUCKING PUBLIC KEY!!!
You'll want to remove your PGP key from your Keybase identity.
> Hmm, yeah you might want to do so. Not because EFAIL or anything, just because Keybase clearly is a total failure on all levels.
the Keybase team
> Well that's fucking clear. Could've taken some time to think before hitting "Send" though.
Don't get me wrong, I love the initiatives like this with all my heart, and greatly encourage secure messaging that leverages PGP. But when the implementation sucks this much, I start to ask myself questions about whether I should really trust this thing with my private conversations. Luckily I refrained from uploading my private key to their servers, otherwise I would've been really fucked.1
- popunder background bitcoin miners did become a thing
- keybase android beta uploaded your privatekey to google servers "accidentally"
- you can spoof email headers via encoded chars, because most apps literally just render them apparently
- imgur leaked 1.7 million user accounts, protected by sha-256 "The company made sure to note that the compromised account information included only email addresses and passwords" - yeah "only", ofcourse imgur, ofcourse.
I guess the rant I did on Krahk etc. just roughly a month ago, can always be topped by something else.
Looks like Keybase now also has its own shitcoin. Isn't it about time for that cryptocurrency wank to end already? How many more BitconneeeEEEECT's do we need?
But but but.. this is the next big thing! It will go *stellar*!10
I seriously thought I was losing my mind this morning.
Loaded up my IDE and got to work.
Needed to find something in the project, so I hit the keyboard shortcut to find all usages in the project path.
The dialog pops up, but my selection is replaced with a long hex string. I thought it was weird, but I just installed the latest update of my IDE so I thought I'd found a regression. I grabbed the hex string and went over to Google to see if anything useful popped up.
The first result is the reddit post for my keybase key.
Wait. The "random" hex string was the fingerprint for my keybase public key? I double-checked to make sure that keybase wasn't running and I didn't have anything weird hanging out on my clipboard. Nothing amiss, but I still got my key whenever I searched for something.
This is the point where my brain got a little melty. I started running weird conspiracy theories in my head. My ever-helpful coworkers could only suggest to "stop using a Mac".
I saw that the app menu got highlighted when I opened the dialog, so I opened the menu and looked at the Services. Lo and behold, the GPG Suite update I installed recently very "helpfully" added a global shortcut to "Insert My Fingerprint" with the same keyboard shortcut as the IDE action.2
I keep seeing a bunch of posts about WhatsApp or Signal or (insert messaging app here). Does anyone here use Keybase?
I just said "bye" to all my Whatsapp groups, and finally got rid of that service ! (meaning deleting my account as well, not just uninstalling the app).
It's so hard to make people understand what is happening and what I think about security/privacy... Guess I'll have to wait for people to finally come to Signal or Keybase if they want to reach me more efficiently :)12
I love keybase! Great application but not many of my friends and coworkers use it so have not that much usecase for it.😥1
It has to be Keybase.
It is exactly what I need - A secure yet practical cloud storage, where only you own the crypto key, with the added bonus of maintaining a blockchain-based identity online, with proof system and all.
Also has a secure PKI-Based E2E chat when I want to talk to someone about something I don't want the general government to necessarily know.
Definitely recommend the service! Even with the odd decision to include an option of a Lumen crypto wallet or whatever, you can just ignore that feature if you're not into it and it doesn't slow you down.3
Yeah, my interest in programming is returning! After creating a Keybase and a Telegram bot using Go. 😎
Two days ago I moved my active git repos to Keybase, created teams for each project and was so pleased to have one place to serve for chat, git and files. Now I have to move everything back and find new alternatives 😩5
Now that I learned that Zoom acquired Keybase and didn't yet comment whether they are going to keep the app going, I feel I should switch over to another similar platform.
Anyone has any other E2EE platform that supports, in the least, chats?
And I don't mean stuff like Telegram or WhatsUp. I prefer to steer clear of the giant corporates and their products.
Sure, I can always use TOR and just about any IRC, but that's a tad of a burden. Keybase was nice, easy to use, clean, supported all platforms I needed...2
I guess it has to be keybase. Keybase chat is now my go-to web based chat.
Using NaCl keys makes life so much easier but you have the choice of using PGP if you need to for encrypting files/text.