Thanks, Chris. You're doing a great job of making me look like an asshole for believing in you guys.
I don't want your "monetization plays" and my clients don't either. Giving you guys money for Keybase is infinitely preferable to having cryptocoin crap, Stellar or otherwise, being jammed into a tool I use for work. (Or anything else, really, that I ever have to touch.) And I feel like a sap for being an enthusiastic user of Keybase and recommending it to people when this sort of garbage is coming down the pike.
I am really, really disappointed.
That's not to say you even have to use a payments feature if it's integrated into the primary Keybase application. You don't have to verify ownership of a domain or register a Bitcoin address, but both of them are options in Keybase right now.
An auditor who did not bug his or her eyes out at that and ask some very hard questions would be doing a bad job as an auditor.
It is harsh--but, one, I thought they were legitimately better than this, and two, it's a problem. Keybase wants to be infrastructure, and people have different needs for infrastructure. That's an argument for different tools, not a multi-tool that makes its use in some situations problematic.
Why would anyone install the Keybase app on production servers?
After the user system, they created a network filesystem, which their git system is based upon, and I'm guessing it's also something their team chat system uses too. The entire groups system is also based on their user system.
It looked like they were building out a dependency tree bit by bit.
Don't you think your prejudice against cryptocurrency is clouding your judgement here?
Keybase is an identity tool and it makes every sense for it to make a wallet. Also, you provided no reasons that being involved in cryptocurrency will undermine keybase's security. Do you think?
By adding cryptocurrency to a communication/identity client, a jurisdiction will probably classify your business as a money transmitter, financial institution, and/or stock broker. After reclassifying your business, they then fine you into the stone age for not registering and following all of the laws associated with that status. While technically, it might be no different than handling money via your bank, the law has not caught up with that yet in quite a few jurisdictions.
Granted, that's just the US, but..
Keybase is the first product/software of its kind (as far as what I've seen)
Maybe Keybase will be wildly successful. Maybe someone else will come along and build upon what they've started.
Either way, I'm excited to see its continued development, and if this partnership helps fund them and keep them developing the concept, then even better.
It is the pure addition of risk to my operations and my clients' operations and offers nothing to me except a ding to my reputation, because I now look like an asshole because a security tool I recommended and spoke highly of is now going to be flogging funbux.
This really is about Keybase bringing expertise with identity to the table and it makes a lot of sense for the two teams to work together. The currency side of things is still going to be handled by Stellar as far as I can tell.
Here's how normal people look at something like this. It's not "oh, but they're just facilitating," it's "why is there cryptocoin crap in this thing we use for work?". Then it's "Ed, why is this thing you recommended and spoke so highly about doing this? Are they cryptomining on our computers now?". Then, even after an explanation, they're probably still suspicious and probably right to still be suspicious because the cryptocurrency universe is, by normal and sane people, still viewed as a scammer's paradise. (To be clear: is this entirely justified? No, and I think there are decent people trying to make a go of it. But there's plenty of dirt going on and people should be suspicious until it's proven otherwise.)
I don't want this on my computers. But, more than that, I don't want my clients thinking that I am a party to shady business because of the tools I recommend that they use.
There are obviously annoying ways in which keybase could support cryptocurrency, but you are making a lot of assumptions about what Keybase is going to do that are not based on the blog post. For example, wallets do not mine coins and Stellar does not support mining.
Why don't you wait to see what comes out and submit a feature request if you don't like it, instead of flipping out about some hypothetical feature you won't like.
Where is this risk you speak of? Can you articulate it in any way? "Flogging"? Not anymore than they're flogging Hacker News or Facebook or Reddit by having an ID verification hook into them (complete with corporate logos!)
Hell, they already let you add Bitcoin (that thing that's only ever supposedly used for scams and drugs if the cynics are to be believed) and ZCash addresses for verification.
If the people you recommended Keybase to weren't turned off by having those front and center, it's likely they won't be turned off by this either. Take a deep breath.
If they wanted to build some whateverthing that leverages Keybase for identity? Sure, go nuts, I think it's silly but it's not my time. But injecting it "into their apps"? No. These are tools for production, for me, and were developed with certain explicit and implicit promises. I see cryptocoin junk being shoved into production tools as a break of those promises.
So... don't use it? I probably don't use 99% of the functionality in the software installed on my computer.
It sounds like you just have an axe to grind with anything relating to cryptocurrency.
AFAIK Keybase's clients are all open source. If this is a real problem someone (maybe you?) will fork them and remove the "cryptocoin crap".
What is it about this change that makes you assume you're going to have to deal with cryptomining et al?
I know a bit about how Stellar works, and I can't imagine any kind of software they could "inject" in their apps besides perhaps a way to post a Stellar address into the current merkle-tree they host and a way to fetch that through an API. How is that worse than having a Bitcoin address optionally includable in the same way?
The rest of their announcement, I legit don't care about. This is the deal-breaker here. You don't need a Big Announcement or to hire more people to add a Stellar address for verification. I know a bit about Stellar as well (granted, you probably know more) but this reads to me as a let's-be-a-wallet game.
And this is worse than having Bitcoin addresses: active functionality versus passive functionality. Difference of kind, yeah?
It's also prone to reputational risks; basically everyone who hears about cryptocurrency almost immediately either loves it or hates it.
It seems less like you're being given a free piece of asbestos and more like you're being given tongs for holding some asbestos if you choose. Allowing one technology to work with another is different than marrying two technologies in an inseparable way.
Someone made the sandwich and let you use it, being clear along the way optional toppings may be added later.
If people want to mess with cryptobullshit, that's on them, but the more code that's active and doing stuff, the wider the attack surface is. I don't want it and don't need it.
* Keybase's plans will create an unofficial security bounty that is paid (1) out of users' wallets (2) to actors who haven't agreed to responsible disclosure practices.
* My personal choice not to use this (presumably) upcoming feature will protect my financial assets from exposure to (1), but it won't protect my data and identity from exposure to (2).
I myself am happy with Keybase, and looking forward to using it with crypto. I don't think it's irrational for someone with a different set of concerns to raise this, though.
But I think for the average platform, taking money from cryptocurrency foundations is a lot better than taking VC money. This was seen recently with the Matrix funding by Status token. Cryptocurrency goals usually need the platform to be open: just having a big integration with your token or cryptocurrency system can be a massive boost to your ecosystem. On the other hand, VC goals eventually require the platform to be closed off to milk all their users with actual "monetization plays" like Slack has recently done.
For a moment, I put myself in the shoes of Keybase and thought “how would I respond if a user felt this way?”. I would probably reply with a respectful something like “I’m sorry you feel this way but here’s why we are doing this”, but behind all of that, I probably wouldn’t care that much. You just insulted my vision, so why would I want you as a user? You gave me money, but you clearly didn’t trust me enough with it. Is that my fault?