
Keybase.io - holodigm
https://www.tbray.org/ongoing/When/201x/2014/03/19/Keybase
======
epistasis
What I think that they get very right is tying keys to social identity, as
these networks function much better as a web of trust than the original PGP
version. But I don't know why I can't shake the feeling that this is not a
trustworthy service.

~~~
egwynn
One really nice aspect of keybase is that it can be used at a number of
different levels that suit one's own flavor of paranoia. You can use it as a
key repository, just grabbing people’s keys and using your own PGP/GnuPG
apparatus for signing. Or you can use their (much more pleasant) CLI and see
their social identity tracking data. Or you can use their web UI just for
client-side encryption/verification (also without uploading your key
anywhere). Finally, the bold can upload their keys and use the web UI for the
whole shebang, including decrypting/signing.

I think paranoia is warranted in this day and age, and I think one of the best
outlets for paranoia is for people to try and educate themselves about privacy
technology. Keybase is a great opportunity for that, since all of the most
sensitive operations happen client-side via open source software.

------
fiatjaf
Someone could serve a Javascript encrypter-decrypter app from IPFS so it would
be certainly the same whenever you accessed it with the same URL.

------
hkdobrev
Love the service.

I've invited few friends (from the IT industry) and nobody ever joined. I
guess there aren't so much paranoid/gpg-aware people.

So I have 10 invites to give. Let me know.

~~~
ParadoxOryx
I also have some invites. Let me know if you want one!

~~~
o_s_m
I would like one please!

~~~
hkdobrev
Sent.

------
IgorPartola
I have four^Wtwo invites available, if anyone's interested. Message me via
email. FIFO and all that.

Edit: invites are gone. Try emailing the project leaders for some.

------
edent
They're also very prompt and responding to fixing bugs. E.g.
[https://shkspr.mobi/blog/2014/12/disclosed-minor-bug-in-
keyb...](https://shkspr.mobi/blog/2014/12/disclosed-minor-bug-in-keybase-io/)

Excellent service which makes determining keys much easier.

~~~
malgorithms
Oh cool - thanks for linking to that. I actually think the Github discussion
that followed on Express was a good example of how people can actually
collaborate well on software. In this case it just led to resolving a
misunderstanding on my part:
[https://github.com/strongloop/express/issues/2464](https://github.com/strongloop/express/issues/2464)

At the bottom you can see I tipped some BTC. I recommend everyone should have
a little balance of cryptocurrency to throw out thank yous to project managers
who take the time to explain usage. It's worth a lot to you, so you should
give some back.

------
danieldk
I have 8 invites, let me know if you want one (see my profile). I would be
extra happy if you could send me a lobste.rs invite :).

Edit: it turns out that my wife also has 8, so I'll forward once mine are
gone.

Edit 2: my lobste.rs wish is fulfilled, thanks! We still have some invites
left.

~~~
anfedorov
Ooh, also have invites if anyone wants them. Hadn't heard of lobste.rs, but
seems cool if I could get an invite there in return, as well :)

~~~
superobserver
If you have anymore left, I would appreciate one: rahool @ tuto.io . Thank
you!

------
billbrown
I've got 8 invites available. If you have a lobste.rs invite, I'd appreciate
one but I'm happy to give the invites away besides.

[https://keybase.io/bbrown](https://keybase.io/bbrown)

~~~
jmervin
If you have any invites left I'd love to have one. [email in about]

~~~
imrehg
I have, but can't see your email in your about, am I missing something?

------
kstrauser
6 first-come, first served invitations.

I love the idea of Keybase and wish more people were using it. While it's not
a replacement for keysigning parties, it's a nice probabilistic model for
casual security.

~~~
malgorithms
If you run out of invites for HN folks, email me. (I'm
[https://keybase.io/chris](https://keybase.io/chris)).

We're working pretty hard on Keybase. For the last year it was just 2 of us
(me and [https://keybase.io/max](https://keybase.io/max)) , but some amazing
people just joined the cause and we're building a much better service. Our Go
client, for example, is almost on feature parity with the old Node reference
client, and we've started working on a nice OSX GUI.

A lot has been written about PGP and its shortcomings, and we agree with
pretty much all the points: client integration problems, usability, the WoT
just sucking, key management, revocations. So far at Keybase we've attacking
one of the most important problems with PKI in general, not just PGP: getting
the right key for someone. But it's really only one piece.

I don't want to (yet!) give away too much of what we hope to launch later this
year, but there's nothing about Keybase that's specific to PGP. Or chat -
which people seem to get hung up on. We think we're in a very good position to
release open source software that makes people's lives more secure _and_ more
convenient. Everything from financial transactions, chats, and releasing
public software should be easy with a PKI. It's just not working yet.

~~~
IgorPartola
If I may use this as a way to publicly suggest some features that I would love
to see:

\- Client should support looking at my existing trust.db. I already have a
number of signatures I collected pre-keybase, and I have verified a bunch of
identities. I'd like to use these, and in fact be able to tell keybase.io that
I have more than just social web proof that these are who they say they are.

\- Ability to use email addresses instead of just keybase names when referring
to users.

\- Autocomplete when typing handles/emails on the client's command line. Using
the Node client currently without this feature.

\- When I tried to encrypt a file using keybase recently, it gave me an
obscure error (#100) instead of telling me that I was logged out.

\- encrypt should not silently create a new file by default. It should not
overwrite an existing file either. Do `keybase encrypt joe@example.com
foo.txt` twice, and have foo.txt.acs overwritten the second time. Instead by
default it should output to stdout, and let you specify a file as an optional
argument.

\- Lastly, and this is way outside the scope of what keybase currently does,
I'd love a built-in tool for exchanging encrypted files. Currently, I use
chunk.io + curl + gpg to do this:

    
    
        function send-encrypted() {
           gpg -o - -aer "$2" "$1" | curl -T - http://chunk.io
        }
    

I am not suggesting that you guys host any type of file sharing tool, but
perhaps integration with a service like chunk.io or similar would be nice.
Otherwise, the process of sharing a secret (say a file with API keys, etc.)
with a co-worker is to encrypt the file, then email it, which is annoying.

Thanks so much for the great work you are doing!

------
holodigm
My thoughts are that with the implementation of data retention laws in
Australia the ultra paranoid arena of PGP is becoming of greater relevance to
the average citizen and so a simple, easily implemented, non-centralised,
publicly identifiable crypto for everyday comms may become not only viable,
but sought after - [http://blog.lrdesign.com/2014/03/thoughts-on-keybase-
io/](http://blog.lrdesign.com/2014/03/thoughts-on-keybase-io/)

------
lorenzfx
I will invite people to lobste.rs. Because of their rules (you misbehave, I
have to bear the consequences) I will not just invite anyone, but only people
I can find on the net and can be reasonable sure are not assholes.

So write me a mail with some information about yourself (have a look at my
profile for the address) and if you don't look like a total dick I'll send you
an invite.

I do have three keybase.io invites as well.

~~~
ddworken
What is your email? I'm not seeing it on your profile.

~~~
lorenzfx
Sorry, looks like it isn't public. contact@lostpackets.de

------
nailer
How can a web service encrypt your plaintext unless they have your private
key?

Edit: ah you up an encrypted private key. I guess it gets decrypted live in
your browser, without touching their network, if you trust keybase.io's JS.
Whether you do indeed trust keybase IO's JS (it's OSS, yaay, is your browser
running exactly what's on GitHub though?) is another matter.

~~~
neckro23
You don't _have_ to give them your private key -- it's just for convenience,
if you happen to trust Keybase.

You don't have to run it in the browser, either; you can just install the
command-line tool via NPM and know exactly what code you're running.

------
draugadrotten
Previous discussions about keybase.io:
[https://hn.algolia.com/?query=keybase&sort=byPopularity&pref...](https://hn.algolia.com/?query=keybase&sort=byPopularity&prefix&page=0&dateRange=all&type=story)

------
habi
I have 6 invites to give out. Keybase proof and contact can be found in my
profile.

~~~
col_rad
I'd really appreciate an invite =) collin.raddatz@gmail.com

~~~
habi
I just sent out my _last_ invite to you. Have fun with it.

~~~
col_rad
Thanks a lot!

------
fweespeech
This is from 2014 and should be marked as such.

------
Daegalus
I have 8 invites to give out for those that want it!

Been on Keybase for a while and love it. Used it with a few coworkers.

------
holodigm
I'm interested in chat client capacity implemented on top of something like
keybase.io. Anyone?

~~~
xrstf
I remember reading somewhere that PGP is not suited for realtime web chats.
Can't explain precisely why or cite sources, though.

~~~
atonse
It's because asymmetric cryptography is very inefficient, so most protocols
just use asymmetric public/private keys to send a symmetric key (AES, etc) to
the recipient, so further communications can happen over the much more
efficient symmetric keys.

~~~
IgorPartola
That and PGP, AFAIK, also doesn't really do perfect forward secrecy. If you
get the private key, you can decrypt all stored messages.

That said, you provide the answer: use PGP's asymmetric encryption to
establish a session key, then use that to communicate.

------
gglanzani
Have some invites as well, shoot me an email if you want some.

------
Volundr
Late to the story, but I have 8 invites if anyone wants them.

~~~
killing_time
I'd be really grateful for one if you still have any up for grabs. My email
address is in my profile. Thanks in advance

------
GrayCodex
I have couple of invites. Let me know if I can help someone.

~~~
eligundry
I'd love one: eligundry@gmail.com

~~~
habi
I've just invited you.

------
darklajid
Another one with 8 invites. Send me a mail if you want one.

~~~
namewithhe1d
Just tweeted to you. Interested!

------
ciriarte
I have a few invites, again asking for a lobste.rs invite.

------
rahulrav
I have some invites, if someone's interested.

------
gkelly
6 invites here. Email in profile.

------
grayfox
8 invites available!

~~~
bvirkler
I wouldn't mind an invite if someone has one to spare. Email is my username at
gmail.

~~~
imrehg
Sent!

~~~
bvirkler
Got it, thanks!

------
wanda
9 invites available

~~~
thethinker1032
If these are still available, could I get one? ETA: Disregard this post.

