"Ironically, only the first commit is signed."
(If my use of meta is unclear, see how Stack Exchange uses it.)
HN has a duplicate detector. You're allowed to repost things that are on topic and that didn't get much conversation, so long as you don't do it too much. That link got > 100 comments and > 200 votes, so that counts (I think) as substantial discussion. https://news.ycombinator.com/item?id=7544123
HN doesn't have a meta because META == DEATH.
I'm tempted to set up a totally unofficial unsupported HN Meta community on Imzy, but it's probably a bad idea.
A few of my friends use this (which I wrote): http://lettergram.github.io/AnyCrypt/
You may ask, "when do you really deal with sensitive data?" My answer, is a lot more often than you think... The cool part about encryption, is I can use it over an insecure line to communicate. For example, I can post encrypted text here and only people I wrote it for can read it.
Regardless, ill try to be more careful in the future.
However, I think it is an interesting concept for identity proofs.
Never really thought about using it to share credentials but I might give that a try.
Feature Request: I'd love an easier way to find the keybase accounts for my friends on twitter.
This isn't regular use as I don't regularly have secrets, but I've used it to exchange passwords, 2FA QR codes, and other sensitive data like this, with people with whom I'm remotely communicating with.
As an example, a number of us use it to address pain points around SSH. I keep this: /keybase/public/chris/keys/ssh.txt (you can see them on keybase.pub/chris/keys/ssh.txt ), and I keep all my known hosts as a reference in another file (that one in my private directory)...so when I'm SSH'ing to a machine from a new one I never have to say yes to connecting to a fingerprint I haven't actually verified. If I don't recognize a fingerprint then in turn I contact the appropriate party using Keybase, get a confirmation, and then add it to my file.
I'm bringing up SSH because we're thinking of making SSH public keys an important part of Keybase and curious if others share the same pain point. You mentioned a bunch of team uses and wondering if this was part of your use too.
This is interesting, and I am super glad that you are here, haha. I am about to (in 2 hours) give a presentation on keybase.io for a MS-level cryptography course. I like all of the features, but I was curious what the primary goal was.
I see a lot of people mentioning the encryption tools (which are awesome and easy-to-use); however, I cannot help but think that keybase.io is really about identity proofs and signing. Would you say that this is the case?
If so, are there any plans to, say, add driver's licenses, passports, or other documents to a user's signature chain? There are some countries which actually give citizens public/private keys for cryptographic purposes like voting, etc.? I ask about this specifically because my professor is Josh Benaloh (author of the Benaloh cryptosystem [https://en.wikipedia.org/wiki/Benaloh_cryptosystem]), and one of his major passions is voting and identity proofs for internet users.
Thanks for joining in, by the way!
Bonus question if you have time: any thoughts about forward secrecy as part of the encrpytion stack in keybase.io?
The known_hosts file is kind of a weak point for SSH security when using public key auth, and I'd love to see something external that can improve upon this.
It was kind of ad hoc thing; it's free and was easy to setup.
In those situations, I just give them my Keybase public encryption page, and have them enter the credentials and then send me the cypher text. Works fantastic, and much better than just sending via plain text over email or Slack.
Of course - this assumes Keybase has not been compromised, but that isn't an attack vector I worry about.
Pasting a message into /verify is a lot easier for people than installing GnuPG and verifying it themselves. Still faster and more user friendly even if they already have GnuPG installed.
 Otherwise, I haven't really found a use for it since setting it up. Would probably be really useful if a tonne of people used PGP, but they don't.
I also stash some dotfiles in my private folder, and it's extremely handy for sharing signal desktop client safety numbers with other crypto minded friends. I use it for my ssh public keys as well.
I've also used it for snippets with coworkers (secrets or no, it's really nice to be able to sent python /keybase/private/foo,bar/test.py in a chat window, and it can be directly pasted without needing to share the script, or relocate the paths in the command.
I feel like I've naturally developed tons of ways of using it at this point. I'll probably come to depend on it, soon enough.
At the time, Keybase didn't have the appropriate APIs to allow third-party integration like that. I haven't checked if anything happened on that front since.
mike@snake:/keybase/public/mickeyc$ time ls
I don't know if the slowness is due to the requirement to access the network, or the crypto, or whatever, but it will remain a toy unless they do something about it.
I understand it's very much a beta though, so that's ok.