Every other HN profile lists a Keybase public key and a proof, but has anyone actually needed to prove their identity on HN? Does anyone use Keybase for encrypted communication?
It's just a way of minimising your footprint. If you google me, and can't find what services I use, it makes it that much harder to try and find a foothold into hacking something, or building up a profile.
Then you wouldn't be using Keybase if that was part of your threat model - since a significant point of using it is to tie together and prove identities across some popular sites on the net.
This is why I use a different username on each site.
Some people use the same username on HN, github, reddit, gmail, etc. (and then they complain about internet privacy and being tracked.)
I don’t, but I’ve rarely needed to send files etc to other hacker news users.
I would LOVE it if I could use keybase to send a copy of my passport to companies (for example) which is nessesary for day to day life, and always done in a redicously insecure way. :(
To be clear, I 100% support keybase, and if I thought there was a chance in hell of getting some other non-tech person to use it, I would put in the effort.
I just don’t see myself being able to convince some recruiter, or HR person or something to sign up and install keybase just to get a file from me
I've thought about this problem, specially in LATAM countries were gov agencies are still ages behind in terms of security/compliance and sharing these type of documents. There is definitely a need for this.
Few engineers at my start-up were using keybase to share credentials between them, as well as between company and/or personal laptops. A lot of information was exposed to the wild internet (machine names, developer names, connection between them,...) posing a clear security risk. My experience is that most engineers do not understand how to safely use keybase at that point.
You choose those names when you add the device. It can be anything.
That said, it would probably be good if they added a note saying that the device name you choose is public, which is not really clear in the current UI.
I use it. I've been impressed with all the improvements they've made over the years. I've struggled to get other people to use it though, but I have had some success and when I've talked other people into signing up it has worked well.
Yes, I use its git feature for certain projects, and have used it for chat for a while. I have found if I come across a developer who has a profile its the easiest way to get in touch with them.
I've started using kbfs for personal notes and encrypted git for financial planning code.
We're also trying Keybase out as a family chat channel. I really like the CLI interface and the integration with kbfs, and of course the e2e encryption. We're probably going to stick with Slack for now, though, mainly because it runs on Chromebooks.
I have used Keybase since it first showed up on HN for Comms and Git. Technically I have done the proofs for identity, but no one cares about that.
The Git usage was really nice. It's fast and secure. While I didn't use it for most projects (because I want them on github/gitlab for various reasons), it was very useful for backing up machine specific configs and history (using a script and mackup). Knowing that it was well encrypted made me not worry about what was being backed up, if there were credentials, etc.
As for comms, I used the 1:1 chat with a friend for quite a while. While it worked, it's slow. Sending messages is a little slow, sending images is VERY slow. Anytime the app is closed (like constantly on the phone), re-open times were slow (for decryption). Eventually I gave it up and moved those few chats over to Telegram (Because it's secure enough for most conversations).
Wire & Telegram are both cloud connected, while Apps on the Signal protocol depend on your phone to be functioning and in reach AFAIK (huge annoyance/problem for me).
That's not true about Signal. You may probably be facing some bug that should be reported to the Signal team.
Telegram is completely cloud based. So all your conversations, except secret chats that are end-to-end encrypted, are stored on Telegram servers in plain text for as long as your account is active. This is why you can get a new device, activate it for your account and get all your conversations back on it from the Telegram servers.
Wire and Signal work differently. They use their servers as a temporary storage to hold your messages until the recipient comes online and then deliver them. Wire also retains the messages for a few days to allow delivery to multiple devices that a user may be using, with each device possibly coming online at different times. Signal doesn't have to support this because it's tied only to a single device, which is your phone.
Not the GP, but Telegram > Wire > Signal on user experience, features, message delivery speed, etc. There's simply no comparison at all on these aspects.
Our team uses it to share sensitive docs (logs, user details, api keys etc.) and occasionally as a secure chat channel (i.e. if we want to communicate off work Slack).
I have a copy of some important docs (taxes, etc.) in my private KBFS.
The Keybase filesystem docs still contain the text:
"At the time of this document, there are very few people using this system. We're just getting started testing. Note that we could, hypothetically, lose your data at any time. Or push a bug that makes you throw away your private keys. Ugh, burn."
And considering that kbfs is one of the more mature parts of Keybase, it has never inspired confidence in me that any of it is really ready for serious use.
Keybase is shitty. They had the ambition to somehow build a new generation of keyservers, they built it using technology that could easily be a distributed protocol and then they made it a completely centralized and commercial bs crypto startup. So much waste since keyservers and distributed identity (and reputation, and naming system in general) is a field where everything is still to do. They could have overthrown DNS (machine names) and HTTPS (certified names; any CA-based ssl system) and google contact ("people" names). I'm very salty that they've diverted so much hype in that area for so few results.
Yes, mostly as a means of verifying identity across accounts.
I'd probably pay a few bucks a year (thinking 20) for the base identity service, if we're being frank. Even if the only separation between a free tier and a paid tier is e.g. more service integrations and an uptime SLA... sure, why not?
72 comments
[ 3.9 ms ] story [ 141 ms ] threadSee: https://keybase.io/nadya
I would LOVE it if I could use keybase to send a copy of my passport to companies (for example) which is nessesary for day to day life, and always done in a redicously insecure way. :(
I just don’t see myself being able to convince some recruiter, or HR person or something to sign up and install keybase just to get a file from me
https://telegram.org/blog/passport
i used the filestorage/filesharing earlier and was happy about the git repository support though.
there were however very few of us, and we all dropped it when they jumped on the crypto currency wagon.
Encrypted communication (and files): yes, we use it for Solo, and we also have a public team https://keybase.io/team/solokeys.public
Also, I'm curious where machine names were being exposed in Keybase?
That said, it would probably be good if they added a note saying that the device name you choose is public, which is not really clear in the current UI.
We're also trying Keybase out as a family chat channel. I really like the CLI interface and the integration with kbfs, and of course the e2e encryption. We're probably going to stick with Slack for now, though, mainly because it runs on Chromebooks.
The Git usage was really nice. It's fast and secure. While I didn't use it for most projects (because I want them on github/gitlab for various reasons), it was very useful for backing up machine specific configs and history (using a script and mackup). Knowing that it was well encrypted made me not worry about what was being backed up, if there were credentials, etc.
As for comms, I used the 1:1 chat with a friend for quite a while. While it worked, it's slow. Sending messages is a little slow, sending images is VERY slow. Anytime the app is closed (like constantly on the phone), re-open times were slow (for decryption). Eventually I gave it up and moved those few chats over to Telegram (Because it's secure enough for most conversations).
Telegram is completely cloud based. So all your conversations, except secret chats that are end-to-end encrypted, are stored on Telegram servers in plain text for as long as your account is active. This is why you can get a new device, activate it for your account and get all your conversations back on it from the Telegram servers.
Wire and Signal work differently. They use their servers as a temporary storage to hold your messages until the recipient comes online and then deliver them. Wire also retains the messages for a few days to allow delivery to multiple devices that a user may be using, with each device possibly coming online at different times. Signal doesn't have to support this because it's tied only to a single device, which is your phone.
I have a copy of some important docs (taxes, etc.) in my private KBFS.
"At the time of this document, there are very few people using this system. We're just getting started testing. Note that we could, hypothetically, lose your data at any time. Or push a bug that makes you throw away your private keys. Ugh, burn."
And considering that kbfs is one of the more mature parts of Keybase, it has never inspired confidence in me that any of it is really ready for serious use.
I'd probably pay a few bucks a year (thinking 20) for the base identity service, if we're being frank. Even if the only separation between a free tier and a paid tier is e.g. more service integrations and an uptime SLA... sure, why not?