
Keybase iOS Has a Backdoor? - sneak
https://sneak.berlin/20190929/keybase-backdoor/
======
malgorithms
Official response here - I work for Keybase.

This article isn't just misleading; it's entirely false, and the title is both
highly damaging AND false. Someone below threw out the word "libel" here. I
don't know about that, but it's incredibly frustrating to read this title on
HN right now.

* THERE IS NO BACKDOOR HERE. Neither the especially scary kind suggested by the title (everyone assumes encryption breaking!), nor the coerced attestation kind suggested in the text.

* Put simply, KEYBASE HAS NOT BACKDOORED its apps and cannot coerce them into signing someone else's Stellar address into a profile.

Further, THIS USER VOLUNTARILY GENERATED A STELLAR PRIVATE KEY. What follows
is the flow for generating a Stellar wallet and attaching it to one's profile.
The author of this post went through this flow on Feb 4, 2019:

1\. Visited the "wallet" tab in the app

2\. read a brief description of Stellar in a modal.

3\. Saw our disclaimer in a modal (not hidden - printed out front) about how
scary cryptocurrency is, how it's permanently attached to your identity, and
how it's important to backup your private key if you plan on leaving Keybase.

4\. Only once they accepted that, then their client app (not our server)
generated a Stellar private key. The app signed the public Stellar address
into his sig chain. And the Stellar private key counter-signed, proving
bidirectionally. The stellar key was then encrypted in a way so their devices
could gossip them to each other.

So to be clear (1) this writer __did in fact have that Stellar Key __. And (2)
we, Keybase, did not. And (3) they knew they were doing it. I encourage anyone
curious to go try it out -- the flow has not changed.

I don't understand what their agenda is here. Offering some charity, perhaps
they went through this flow late at night and forgot. (Looks like they
generated their Stellar account well after midnight in Europe.) But the claims
in the post are just false.

I accept some people don't like the opinionated cryptocurrency partnership
Keybase has formed. We do like Stellar. However, that doesn't change our
security story. Nor does it force users to set up Stellar keys, and something
like half of our users have not. Actually - we spent a great effort building
around the fact that many users wouldn't be interested in the cryptocurrency
side of things.

For those who generate Stellar keys and then change their mind, not wanting
them, we'll add the feature to delete all of them.

Anyway, this is just not true. All of it.

~~~
wmichelin
Reading the article, I took sympathy with the Keybase team. As a dev working
at a relatively large software company, I commonly see the smallest issues
causing users to knee-jerk and claim conspiracy to harm them. Of course, this
headline is shocking, and many probably upvoted it without reading the
article, or having any context into your software.

Is there any precedent to getting posts like this (blatant lies) removed from
HN? I will report the post, but this article has the potential to be highly
damaging to your business, even if it has zero truth to it.

~~~
crazygringo
The post appears to have been flagged and is no longer visible on the front
page.

Honestly I don’t know if it’s better to hide it so it doesn’t do more damage,
or to change the title so people who already saw it can see it’s false.

I actually can’t ever recall a story on HN that was so highly upvoted and
damaging yet unsubstantiated. What a crappy situation.

------
crazygringo
Hold on, I'm confused.

This isn't allowing anyone to arbitrarily add _any_ Stellar key to somebody
else's profile or anything, is it? (And thus redirect actual money?)

It's just _generating_ a new Stellar profile/key for each Keybase user
automatically, and affirming that it belongs to each Keybase user?

Hardly seems like a backdoor, just a mildly annoying/unwanted marketing
partnership. Actually not even partnership -- since Stellar is now _funding_
Keybase, just cross-product promotion? [1]

[1] [https://keybase.io/blog/keybase-stellar](https://keybase.io/blog/keybase-
stellar)

~~~
aeternum
The affirmation part is the problem. Generating trustworthy signatures is a
critical part of a cryptographic system.

Signing something requires access to the user's _private_ key. If that key can
be used by other entities to produce signatures, it is no longer private and
can no longer be trusted.

------
lucb1e
So basically:

\- You can send a message to anyone with the iOS Keybase client, asking it to
sign a message saying that a certain XLM address is theirs

\- Your client will happily and automatically do so and add it to your Keybase
profile page, no interaction needed

I base this summary on the statements " _Keybase updated their iOS client to
sign an attestation, as a user, that a given stellar address belongs to them,
even if it does not. This is done without any user interaction_ " and " _There
is no option to remove this payment address from my Keybase profile_ ". Did I
get that right? It seems kinda weird, but given the partnership, I guess this
is the way to roll that out quickly.

So the point of Keybase is tying profiles together, like HN and GitHub
account, Powerdraincurrency addresses, PGP key, etc., all with cryptographic
proofs. It would be pretty weird indeed if any of the Keybase clients chose to
cryptographically sign a proof for a random GitHub account upon being asked to
do so, no matter whether is really is your GitHub account. I can see why the
author calls this a backdoor.

But what everyone expected to read is a way for Keybase to read your messages
(Keybase chat) or your files (Keybase filesystem) or something. This is not
the case in any way, as far as I can tell. The "backdoor" headline is somewhat
clickbaity (the owner of Keybase would probably consider it slander though
it's not a good PR move to actually say that), even if I see what the author
means.

~~~
seveneightn9ne
No, I think it's saying that your client only does this at the request of the
keybase server to create an initial XLM address for the user, not that it will
on-demand add random stellar addresses to the user's profile.

EDIT: See malgorithms's comment; it doesn't even do this much

------
lambada
Gotta say, I didn’t expect Keybase to do this after they announced their
partnership back in 2018[0]

Automatically attesting keys with no user consent? Not good. This implies you
are happy and willing to add arbitrary attestations to a users profile. For
now you presumably have a rationale. But this is a can of worms I don’t think
should have been opened.

[0] [https://keybase.io/blog/keybase-stellar](https://keybase.io/blog/keybase-
stellar)

~~~
shakna
> Automatically attesting keys with no user consent? Not good.

Yeah. That's why Keybase doesn't. The app tells you exactly what you're doing,
and requires you to confirm you want to do it. It even has a scary warning
about cryptocurrencies.

------
Gallactide
This is clickbait. The author is using a version of the term backdoor, as in
an action in a cryptographic system is undertaken on behalf of a user but
without that users consent, but is clearly just irate at being associated with
a cryptocurrency. This is an idempotent single action, less scary, even in a
secure context.

The author clearly was just momentarily angry, used some exaggerated language
knowing how it would read and is now trying to stand their ground.

Closest thing to a point I see them making is that generated wallets should
include an option to be removed from the attestation list, or be deleted if
not wanted to begin with.

Valid (if not slightly petty) user feedback maybe, "BACKDOOR IN SECURE APP
ALERT ALERT" definitely not...

------
novok
Keybase has a built in business model that they don't want to take advantage
of for some unknown reason.

They made a combo of services that are a "more private" business dropbox,
slack and git hosting, which are all business that charge money. I don't
understand why they don't charge money for it? Is it because all of their
implementations are currently slow and they don't want to be subject to the
SLAs that businesses demand? That seems somewhat bizarre since they are
solvable problems.

Hell I would like to like to pay them money for the service, in exchange for
defined storage quotas (which expand in response to paying more $$$) and
better performance but I can't.

~~~
giancarlostoro
I too would pay even just for more storage, and an ability to manage E2E
encrypted emails through them. @keybase.io / .com(?) emails would be awesome,
especially if it could cross-contact a protonmail email (anyone able to send
emails to protonmail accounts outside of protonmail, encrypted and decrypt the
responses yet? never looked into this).

~~~
shakna
> anyone able to send emails to protonmail accounts outside of protonmail,
> encrypted and decrypt the responses yet? never looked into this

Yes. It's dead simple. Get your protonmail keys here [0], and on the contacts
page, click the cog next to the user's email address to import public keys.

[0] [https://mail.protonmail.com/keys](https://mail.protonmail.com/keys)

------
lilyball
My vague recollection is that I had to agree before Keybase would add a
Stellar key to my account. Now it's certainly possible that they've changed
things since then to do it automatically, but if so, you should be able to
find the code for it as all of the apps are open source:
[https://github.com/keybase/client](https://github.com/keybase/client)

Are you sure you didn't just accidentally agree to it without realizing it?

~~~
sneak
I am aware of the things to which I consent. This is not one of them.

~~~
lilyball
Apparently you did.
[https://news.ycombinator.com/item?id=21110473](https://news.ycombinator.com/item?id=21110473)

------
facethrowaway
Well, that’s one way to kill your credibility quickly. Even if it was
innocent, they should have anticipated that someone would have found this and
inferred otherwise, and preemptively disclosed it.

This is public key encryption software, not a toy. Don’t act confused when
your users pick everything apart.

------
pfraze
It's not a backdoor. Read the post, decide for yourself how you feel about it,
but don't go off the headline.

------
buildbuildbuild
Signing an attestation without user consent is certainly a huge breach of
Keybase’s trust, but describing this as a “backdoor” feels inaccurate.

~~~
sneak
[https://keybase.io/blog/2014-10-08/the-horror-of-a-secure-
go...](https://keybase.io/blog/2014-10-08/the-horror-of-a-secure-golden-key)

Keybase uses the term "backdoor" in their blog to describe an app using a key
to sign another key as valid (violating user intent/consent).

~~~
shawnz
That is not how they use the term at all.

> A “golden key” is just another, more pleasant, word for a backdoor—something
> that allows people access to your data without going through you directly.

Clearly in this situation nothing has been done to allow anyone else to access
your data without consent.

I get that you are upset about being made to look like you endorse a
cryptocurrency, but that's not an excuse to be purposely misleading. You
should edit the post and remove the backdoor claim.

~~~
vageli
They signed an attestation, that is essentially using your authority to say
something is yours. I would consider my ability to consent as something that
belongs to me. This change indeed allows people to access my data (in this
case, saying I have something I don't, and using my authority without
permission).

If they automatically joined my keybase user to my hackernews profile without
my consent, it would be just as egregious.

~~~
shawnz
You actually do have the key in question though, so they did not claim that
you have something you don't.

Furthermore the change did not give them more access than they had previously
like you are subtly implying here. The app could already make attestations on
behalf of the user since that is what it's designed to do.

> If they automatically joined my keybase user to my hackernews profile
> without my consent, it would be just as egregious.

Egregious, maybe, but also not a backdoor.

------
enekdkkeken
Oh bs, it’s associating a new XLM address with your profile, and giving you
free money. They gave everyone $20 USD worth. When PayPal started they gave
away $5...

------
Kovah
Not sure how the author defines a backdoor, but my definition does not include
the addition of a payment feature, even if you don't want to use it.

The "article" reads like a rant from a user who is upset, that a free app now
includes a cryptocoin partnership...

~~~
lez
The user is upset about the lack of user consent, which is a red flag in any
open-source software.

~~~
PhaedrusV
But he apparently did consent, and just doesn't remember doing so.

------
mfer
Not every keybase user has a stellar attestation. When it happened to me I
think I had to take some action. I don't remember the exact language. Anyone
have that detail?

~~~
grinsekatze
I think you’re right. If I remember correctly I did not have a stellar address
until I clicked the ‘Wallet’ button in the Keybase app. That action and the
device it was issued from was recorded in my chainlink on Feb 15, 2019 ..
which sounds about right.

I also remember feeling a bit tricked, because I wasn’t aware that by clicking
that button a stellar address would be created and permanently linked to me.

~~~
edoceo
I recently got my XLM drop. Had to click to accept too. Also felt a bit
tricked. Like when randos slide into my Keybase messages

------
hrdwdmrbl
How exactly is signing a transaction on a user's behalf a backdoor? Headline
seems extremely clickbaity.

At worst it's sketchy. For me as a user I don't even really care. Should they
have asked for explicit consent? Yeah I guess...

~~~
segmondy
keybase uses private/pub key. if keybase can use your private key to sign on
your behalf, then maybe they can use that same private key to read private
documents, transfer money, etc. no one but the user should ever have or know
about the private key.

~~~
hrdwdmrbl
They write the software so they can likely do whatever they want with your
key, even if it's only decrypted client-side. At the end of the day I still
trust them which is necessary with all software, especially closed-source
software.

------
st3fan
I closed my account.

------
bigiain
I am _extremely_ disappointed by this news.

I would have been _much much_ happier to hear "we are not charging $5 (or $30
or $60 or whatever) per year for keybase users" than "we're going to make
claims that you've signed or agreed to attestations which you do not know
about and would never have consented to".

I've just update my keybase bio to say:

 __I 'M NOT SURE I TRUST KEYBASE ANY MORE - THEY ARE REPORTEDLY SIGNING
ATTESTATIONS FROM ME WITHOUT NOTIFICATION OR CONSENT. TAKE APPROPRIATE CARE
WITH ANYTHING THEY"VE CLAIMED I'VE SIGNED __

~~~
Operyl
Not sure if you're still following, but Keybase replied and this entire
article was blatantly false. There's an explicit opt-in here.

