the Fediverse as a whole has a very different 'feel' to it compared to Twitter. Twitter feels significantly more commercialized amd stressful...mastodon / pleroma feel a lot more relaxed and pleasant in comparison.
Maybe i just accidentally joined nicer communities, but i see a lot of small-scale chitchat and genuineness on mastodon than i rarely see on twitter.
I've also had zero issues with the platform from a technical perspective...overall i think Mastodon, etc have done decentralization "right", and have a lot of potential for growth in the future
I try to pretend it doesn't matter to me, but calling individual posts "toots" really does keep me from talking about the service with other people.
Many instances block Mastodon.social and other massive instances, and different instances will have different views of the network (based on who the users of the instance follow and how long toots are retained).
1) Look at this great thing a few geniuses developed
2) The intellectuals and forward looking people early adopt
3) It slowly turns from being cool trendy and useful, into a Walmart-like all things to all people behemoth of gross negligence.
4) Some heavy abuses are uncovered, and using it is no longer valuable to anyone.
Most of my friends are on Instagram and think I’m funny for being on twitter anyway. They have a business twitter account that they only use at conferences and socialize on IG.
I tried setting up a new ig account (deleted my first when they sold to Facebook) and couldn’t get past the input phone number portion of the signup.
Anyway trying to convert people from twitter to mastodon is sorta hard. If I couldn’t get them to go from to IG to twitter there’s very little chance I’m going to get them to go from ig to mastodon.
That's because going from Twitter to Mastodon is a downgrade in pretty much every concrete way and only an upgrade in less concrete more esoteric terms.
From most people the main benefits I've seen cited are censorship resistance (how many people encounter significant censorship on twitter today?) and decentralization (which only really matters philosophically, to the user on the site the decentralization gets hidden).
On the downsides though there's plenty right on the surface for users: limited users (like all social networks if the people you want to interact with aren't there it's useless), mediocre default layout (the 3 column default doesn't make good use of space and give equal importance to everything cramping the main thing you want to see the toots) and discovery (the main way I've found people to follow on Mastodon? finding them on twitter where I already follow them and seeing they're on Mastodon too).
To a random user who doesn't really encounter censorship on twitter or care about decentralized/federated networks it's just a sub-par version of Twitter with a worse interface, a sparser social graph and longer handles.
The point is not that you user are being censored, but that twitter "lies" to you about social dynamics with their obvious (yet hidden) biases.
Twitter promotes the extremes and hides the middle. If this is not enough they also apply a consistent political agenda (by protecting their main cash cow of liberal journalist) and lie about it.
Perfect example is what happened with the Convington kids and journalist calling for doxxing.
Mine is: https://toot.jeena.net/@jeena
As you allude to, discovery is harder since you don't have an algorithm pointing you in the direction of content you're likely to engage with (yes, engage with, and not necessarily enjoy) but once you have found the right people to follow, it's more rewarding because it's your community, not owned by a single corporate entity.
Although I didn't use G+ much in the later days, its closure showed my how irresponsible it is to rely on proprietary platforms. I'm committed to never be active on a proprietary, closed social media platform again.
My main account is here: https://functional.cafe/@loke
I don't “post” on Hacker News. I do comment, but I don't think anyone who are interested in following whatever it is that I may have to say would come here to look up my posts.
Or, to put it in another way, if this place would introduce some social media features, such as the ability to follow people and post to followers, then it is highly unlikely that I would be interested in using those features.
Of course, I'm not hosting my own server, so I am in some way in the hands of its administrator, just like I was in the hands of Google when I used G+. However, I can talk to him directly, which is a huge benefit. Also, if he decides to shut down the server, I can still join a different instance and reconnect with all the people I was following on the old server.
I'd love to self-host a Mastodon instance that two-way mirrors my Twitter account and acts as a Twitter client (letting me pseudo-follow folks from Twitter). But in any case, I'd want to ensure that no content from people I follow gets mirrored/hosted on my own instance; the only content actually hosted on my own instance should be the content I post.
Not sure if there are bots / apps that can easily let you follow Twitter users on Mastodon, but I've definitely seen mastodon - twitter crossposter apps before.
there are also admin controls for managing moderation and federation.
I also made a guide for making your own Mastodon CSS:
I've thought about putting one up for social.bbs.io or bbs.land
Ummm. I mean, https://keybase.io/mirimir has nothing to do with my "real life identity".
I guess this could be useful to make switching mastodon servers smoother.
Okay, I'm not that dumb, but some users are. And I really don't know how to get started. Not that I've ever been a big social media user, but I'm enough of a hipster to want to say I was on Mastodon before it was ruined.
I'm honestly fine with the mastodon devs not having to spend 1000s of dollars to get the mastodon.com domain. Evidently that domain is so expensive that even the popular heavy metal band "Mastodon" haven't bought that domain (they seem to be at https://www.mastodonrocks.com/ )
BTW, if you're having difficultly finding an instance that caters to your interests, https://joinmastodon.org has a signup flow that shows mastodon instances based on interests. That might help.
Yes it is, because when people thing of $something, they assume the website is $something.com.
If Mastodon plans to appeal to the general public then it will need to be easier to find.
Most users of the internet have been exposed to TLDs other than ".com". For example, wikipedia is at a .org TLD, US government sites are at .gov domains, university websites are at .edu domains. Most non-US users will frequently interact with their country's (and neighboring countries') ccTLDs, like .de, .uk, .in, ... I find it surprising to assume that users of social networks who have already understood abstract concepts like "like vs retweet" or "like vs share" would find it difficult to understand the difference between .com and .social.
Also in a sense, it is more accurate for Mastodon to be at a .social TLD instead of a .com since Mastodon is a Patreon-supported FOSS project, and isn't a commercial entity like twitter.com or facebook.com. But yeah, I know that .com doesn't really mean "commercial" anymore, and is more of a general-purpose TLD now.
Mastodon has a number of issues that could stifle broader adoption, but I can't convince myself that the TLD is really relevant here. Most users will just be linked to Mastodon from other sites, or find it from a web search. Once its in their web history, web browsers will just autocomplete the site name in the address bar. And isn't the domain squatting and exorbitant pricing on ".com" the main reasons why the new TLDs have been released anyway?
I'd say most users won't type "mastodon.com" in their "browsers". They will type "mastodon" in their "internet" or, if technically savvy, into Google first.
Second, from following the fediverse (not just mastodon, but also pixelfed, peertube etc), i have a feeling that they aren't into mainstream, general audience anyway. A lot of them are small focused instances and as such, won't even be attracting new people via Google, but by invites anyway. Many instances have closed registration anyway. So if you need to land anywhere it's likely not on mastodon.social, but something like ...(checks last five accounts to post directly on top of timeline):
icosahedron.website, fostodon.org, mastodon.social, mastodon.technology (my instance) and hackers.town.
Ultimately this is kind of a problem, as we desperately need an general audience alternative to FB/Twitter that isn't about turning outrage into dollars. Right now I'm sure it's nice to hide from the Eternal September, but in the meantime Facebook is enabling ignorance, wasting everyone's lives on purpose, and proposing laws that only they can afford to comply with.
OP is about Keybase, which is trying to solve the problem of why the whole world isn't using GPG. I'm just pointing out that Mastodon has some public adoption issues still, despite the benefit that it can bring to the world.
You make a good point about how many users will simply Google the name, which naturally opens the question about whether users will want to scroll past info on the band & prehistoric animal before finding the service.
Yeah, this is it for me. Also I don't want to tie my various online profiles together in general. Providing an open, strong, independently verifiable cryptographic link between my online profiles seems like something that a bad actor could exploit to harvest data about me far more easily and with a far higher degree of confidence than would be the case without it. It might even be hard to get rid of if integrating websites aren't careful about deleting your keys when you want them to, leading to a bunch of cryptographic litter linking your profiles even when you don't want that.
Also this is a FINE example of why niche communities need unbiased online infrastructure. A casual google-searcher may judge them by whatever google's AI decides is representative of the group, and choose not to deal with them at all.
maybe other variations on that search come up with much more risque results?
...A decision I now heartily regret. The two major things I found is that some people are very weird, and some other people hate the weird ones disproportionately considering their prevalence and general demeanor.
also i find the "rabbit hole" metaphor and a username beginning with "dbased" to be pretty "on the nose" in the context of this thread (sorry, i couldn't resist any of that, and i only realized i ended with a pun after typing it out).
For other differing rules, instaces generally silence from the federated timeline. Eg: I can still follow Humblr.social and Sinblr users, but Federated timeline users won't have to drown in porn if the admin silences the server.
They want ActivityPub servers to apply to a central service (keybase) to offer cross server identities.
And they want users to trust that central service to decide who is who.
It's always amazing, how strong the force of centralization is.
Even when the whole value proposition of a technology is that it is decentralized, users will soon flock to centralized services built around it and end up in the mercy of a few organizations again.
Reminds me of all the people who think they hold crypto currency while in reality they "hold" yeah-we-promise-we-owe-you-somethings by some exchange.
Reminds me of how little resistance the Ethereum elite faced when they flushed "code is law" down the toilet and forced all users to switch to a fork with rewritten history.
What makes this attempt of centralization even more tragic is that it does not bring anything to the table. If you want to run a service that let's people claim they are joedoe@host1 and joe_the_doe@host2, just let them publish two messages. "I am joedoe@host1" on joe_the_doe@host2 and "I am joe_the_doe@host2" on joedoe@host1. Neither the integration with the hosts nor the crypto spiel is needed.
- Any identity on any service can (now) be linked
- There is only one protocol to do it and it is all done on the client side
Why would Mastodon (or, really, ActivityPub) be The One service when there are other, working services worth using ?
Any identity on any service can (now) be linked
Keybase provides an (open!) protocol, along with (open source!) tools to do what you describe and then some (a lot of crypto stuff is needed, for instance). You can probably fork the keybase client and have your own hub at notkeybase.founderling.io if you want, so you can implement your very own idea if you so desire, and that would even be an interesting addition to the open web.
Also, you might have missed it but identity providers do not need to "apply" for keybase integration anymore: _any_ service can provide identity and link up with keybase without asking first (https://keybase.io/docs/proof_integration_guide). It doesn't even have to be a web service, so if they want any email provider can do it (although the whole linking thinking would be through http)
This is because Mastodon is a UX nightmare because of the way they decentralized it. With Twitter you go on and you @ your friends / etc and you're done. With Mastodon you have to figure out where they are and if they're not all in the same place it becomes a nightmare to try and manage.
I get it, decentralization can be great. But so far most of the implementations of decentralized social networks have been a UX nightmare for even the casual user.
Nope, that's actually not the problem with Mastodon UX. On Twitter you still have to ask if your friend is @Johnny or @John1256 or @JDoe or depend on visual cues (avatar).
The problem with Mastodon UX (and Fediverse in general) is the friction of "remote follow" buttons instead of one-click Follow (the same goes for reply/like etc.)
The bigger problem with Mastodon is the explicit support for censorship via defederating instances you don't like.
This all requires people to explicitly copy user/page URL to clipboard and paste it on their instance. "Follow me" buttons or twitter.com/share-link URLs are just not possible on Mastodon. Copying and pasting stuff doesn't look like good UX to me.
For both it's a bad way of doing it because people with their own domain can't use it for email and the Mastodon one would be too long to select something.
Actually, no, the whole point of Keybase is that you don't have to trust the central server, and can verify all the proofs yourself. The CLI does this automatically.
2: The whole user interface is set up so users believe in what they see in the web interfaces.
And you want to tell me with a straight face that users will do their own crypto foo instead and validate hashes?
Even if the users used that CLI, that does not help. As we saw with Ethereum. They simply pushed out new code that rewrote history.
Your Keybase client (for whichever platform) will perform the verification for users you follow. There is no need for any manual action and the verification has to happen when you follow someone (by following someone you're attesting that your client performed the verification).
Do some basic research. History was never rewritten and new code was never pushed on users. Users voted in favor of the DAO fork, then users voluntarily downloaded newer versions of their wallets in which the respective developers had implemented the agreed upon new rules that moved the stolen money to a recovery account.
The money was never stolen. A person found a loophole in the code, which everybody agreed upon by virtue of buying into it, and took advantage of it. Code is law. It said so right in the terms & conditions. It is on each buyer to fully audit the code for every single possible loophole--that what is expected of all parties when "code is law".
The DAO rollback destroyed any credibility ethereum (or any crypto) had. The blockchain is fully mutable if the mob wills it. Calling it "theft" is one of the more laughable ways the top of the pyramid tried to spin the whole thing.
For most people it's an entirely secondary concern, not a concern at all or even an anti-feature.
Who do I appeal to, to take down that cyber-bullying material? How do I get my transaction reversed, as the victim of fraud? What do you mean I can't and the system was deliberately designed that way?
Decentralization is not a feature for the end-user, it's a feature to developers. It's probably impossible for a new social network to take on Twitter, Facebook, etc. directly. However, a decentralized social network allows startups to move far quickly and implement other features that the big social networks are lacking.
I suspect that whatever social network eventually pushes out the dominant players today, will use tools like these.
One good precedent for this is AOL. AOL was safer and more user-friendly than the world-wide-web, but the web's decentralized nature allowed competitors to spring up much more quickly. I suspect something similar will eventually happen to today's social networks.
On one hand you are right, it's a huge benefit to developers as they are able to create new services that leverage the strength of the existing network. Such as Peertube getting subscription and commenting features from other servers for free, and it “just works”. Imagine a youtube competitor wanting to leverage Twitter in the same way. Highly unlikely that it would be allowed, and even if it did, the integration would be Twitter-specific.
On the other hand, (at least some) end-users see decentralisation as a huge benefit, and at least in my case it gives me confidence that the whim of a single company can't ruin the experience for me, or even take away the platform altogether.
Most people may not consider this, but some people definitely do. And hopefully that number will increase over time.
"Nobody can censor us!"
is absolutely, unfortunately equivalent to -
"Nobody can take down race hatred, online harassment, child abuse images or other evil shit"
And we've adequate evidence now to show that humans will use such platforms to post exactly that sort of stuff. For instance one of the bitcoin forks that allows larger data payloads had child abuse images uploaded to it, in an immutable, permanent way. Many/most people are not OK with that.
I'm not yet seeing a way to balance these concerns.
Just b/c something is decentralized doesn't mean you can't take it down or hide it.
So we already have lines on 'speech'.
I agree, censorship can be sinister, but I disagree that it's so sinister that we have to allow everything for fear of allowing nothing. Society already doesn't work that way.
Yes, but those are already illegal. That does not (or at the very least should not) mean politicians get to dictate what kind of technology is allowed. You cannot outlaw a technology (or require a backdoor) simply because it may not support deletion as a feature by virtue of being decentralized.
The post I replied to was singing the praises of decentralisation, as if the idea that nobody can control what's said and done is a universal positive. I'm just putting across the counterpoint that it's not, there are circumstances where unilateral control could be (and is, by large sections of the population) seen as a good thing.
> You cannot outlaw a technology (or require a backdoor) simply because it may not support deletion as a feature by virtue of being decentralized.
I mean, you can. I'm not necessarily saying it's a good thing to do, but there's no real reason a government couldn't make exactly such a rule. Whether it could be enforceable in any way is a different matter.
And that's okay. It's important to bear in mind the things lost by not being decentralized also, though. I think this is presently not very prominent since a lot people started using the internet for a few large centralized services so they are not very familiar with the idea. Arguably, there was a period when people flocked to the internet because of the newfound decentralization.
> I'm just putting across the counterpoint that it's not, there are circumstances where unilateral control could be (and is, by large sections of the population) seen as a good thing.
It's seen as a good thing as long as the single point of control is doing things which are (mostly) aligned with the desires of these large sections of the population. This is a tautology. History teaches us that this is not at all given, though, so it's important not to rely on it strongly.
> I mean, you can. I'm not necessarily saying it's a good thing to do, but there's no real reason a government couldn't make exactly such a rule. Whether it could be enforceable in any way is a different matter.
Well, certainly. You can declare anything at all. I was proclaiming that from a position of practicality.
Most Mastodon instances have pretty strict policies with regards to the speech that is allowed on them. Many instances block federation with other instances whose policies they don't agree with.
Other instances allow pretty much everything (they are usually called “free speech zones”). The result is what you would expect, and they end up being mostly blocked.
I'd argue that it works reasonably well for now (but it may of course change if the Fediverse grows further). Everybody is allowed to say what they want on the Fediverse, but others are not forced to listen to it.
Citation needed, please. This really sounds like your personal opinion presented as a general statement.
It's not just my opinion.
He's the most tech-focussed minister we have. He's pushing tech pretty hard, so for him to be saying this should be a clear signal to the industry.
See also the consultationn for the online harms white paper: https://www.gov.uk/government/consultations/online-harms-whi...
It's really weird that this extremist position ("any removal of content is censorship, and censorship is always bad") is so prominent on HN whenusers of products have shown, every single time, they they don't want it.
I've seen darknets (or a P2P networks) which were hard to censor (Tor) but also where you could influence via supply and demand (Freenet, IPFS).
Why are you trying to paint this as an extremist position? Perhaps we are misunderstanding each other. Any removal of content is not censorship and that position is clearly nonsense. E.g. a commercial entity can do what it wants with its own property, including removing content.
What is universally negative is requiring all future technologies to have loopholes through which things can be deleted, thereby preventing some designs outright. I think this parent comment sums it up quite nicely why having such systems is something very reasonable and desirable:
> On the other hand, (at least some) end-users see decentralisation as a huge benefit, and at least in my case it gives me confidence that the whim of a single company can't ruin the experience for me, or even take away the platform altogether.
Public opinion heavily depends on context and evolves continually. Of course people are going to get behind the idea of preventing teen suicides, particularly when it seems that the solution might be preventing a huge, corporate giant do as it pleases.
Given the context of government censorship, which is happening and is likely to increase and become a larger problem in the future, and myriads of smaller, independent entities, people might react differently.
In any case, I don't think it's a good nor strong enough argument to abandon decentralization and anti-censorship efforts.
I'm not saying you should abandon decentralisation efforts if that's your thing, I'm just saying don't expect the world to flock to (or praise) what you create. Censorship resistance is not seen as a universal good.
> Of course people are going to get behind the idea of preventing teen suicides, particularly when it seems that the solution might be preventing a huge, corporate giant do as it pleases.
The criticism is usually that not enough was done to police the harassment. Decentralised systems are likely to make that worse.
Isn't not being controlled by the whim of a single corporation/government everyone's thing? Or the ability to be your own free person whose actions are not thwarted by a petty desire or ulterior motive?
Of course, in times of relative stability, people are sometimes lulled into thinking this is not and cannot be compromised in any way.
> Censorship resistance is not seen as a universal good.
Of course, it's a deep and fundamental issue. There are bound to be proponents of both sides with a lot of people in between.
I argue that inability to destroy abhorrent stuff is likewise not universally viewed as the ultimate evil, though.
> The criticism is usually that not enough was done to police the harassment.
You elided the rest of my argument so I'll repeat it rephrased: I think the current design of the system, where there is a very public single point-of-"failure" that is very easy to hate (big corporation) makes this more prominent.
There is abhorrent stuff printed on paper all around the world, but you don't see people claiming that not enough was done to seek out and destroy every such piece of paper. It is apparently enough to people that such paper is not very prominent in day-to-day situations.
That's a very exaggerated and polarised way to look at the question of decentralised social media.
> I argue that inability to destroy abhorrent stuff is likewise not universally viewed as the ultimate evil, though.
Clearly, you're here making the argument.
Why/how? I truly do not see why it is exaggerated: I did mean to talk about an edge case and I'm not saying we are exclusively dealing with that edge case today. However, being prepared for this edge case and having a viable alternative seems extremely important.
> Are there sites you won't link to?
> Like a Mastodon instance, we reserve the right to work with whichever partners we prefer. We specifically will avoid at least these sites:
> sites which encourage or are known for illegal activity
Just what is "illegal activity"? According to whose laws?
Given that Keybase servers are in the US, I suppose that means US law. And frankly, that sucks.
But please do clarify.
Signal has a lot of experience in UI  and security, and Keybase had the identity proofs. I'd love to see them work together rather than compete.
 Signal UI used to be horrible but as of the past few months it's improved a ton! It's now my preferred SMS client.
That's funny, I've had the opposite experience. Once I got everyone I know to start using it and was completely locked-in, I started having all kinds of weird issues.
My favorite is when my phone has been off awhile. After I turn it back on, I get a notification for every message I sent/received on another device while it was off. Usually takes about 30 minutes for it to fully sync, buzzing and/or producing popups for every message along the way. I have about a dozen equally frustrating issues I could, if I had the time, enumerate.
And of course because it's free, there's no real support. Signal has been a huge disappointment for me. I'm preparing to move back to regular SMS, but now I have to untangle all of the users like my mother that I convinced to use Signal. Caveat emptor!
Recently I failed to reply to an urgent text about a medical diagnosis from my fiance due to Signal failing to push the message to my phone. This is unacceptable behavior from a critical application.
Do I get on a soapbox about how surveillance is terrible and miss being there for her by insisting on using Signal? No! I want her to be able to get in contact with me if there's an emergency, and that's the #1 priority.
in the situation you describe, or any urgent situation where speed of communication is paramount, what about bombardment through multiple channels? like, i'll often leave my phone out of my pocket, and not pay super close attention to it. and if it lights up with one text message, or one signal message, or whatever, i might not look at it. but if it's buzzing like crazy, or someone starts calling, i'd pick it up.
i guess what i'm saying is, "urgent" to me means signal/text/call/call someone that might be around the person/whatever, until the message gets through. if something is urgent, i would not send it solely by text. i've certainly had SMS messages get dropped or delayed many many times over the years.
can you really only use one messaging app at a time? signal is my primary messaging app, but i don't really find it bothersome to use whatsapp and regular SMS also. different people i communicate with prefer different channels, and often the same person will use different channels with me depending on the purpose (e.g., my dad mostly chats with me by SMS, and most of my immediate family's group chat is on SMS, but when my dad is texting with me about some sensitive personal financial info, it's over signal).
also, i hope that whatever the urgent issue was, it was resolved in an ok way. like i said, not trying to shortchange the urgency of a medical emergency or second guess your decision making or frustration at the time.
I think the idea is that privacy != anonymity. Signal provides the former, but not the latter.
It's tough. I think that usernames could become messy, but I also think it'd be amazing to anonymously tip a news reporter via Signal, but at the same time the latter would not be as safe as Tor etc.
But presumably if proving a Keybase user and a Mastodon user are the same is given, when a Mastodon user wants to contact another outside of Mastodon, Keybase Chat may be the new default choice.
id much prefer to see chat that’s just thinly wrapped in a pgp implementation that gets its keys from keybase (maybe just initial secrets transferred with pgp for handshake or something)
The two examples of that not being the case are OTR XMPP and PGP e-mail.
> particularly where neither end is running the software in question
You cannot have useful encrypted communication if your software does not support it.
2. I find it weird how busy we are as a community are: scaring each other away from the solutions we should use by pushing Joe Average in front of us (like the post in this thread about mastodon.com being up for sale).
: yes, there are problems. But FWIW mail disappeared before Gmail as well: I have memories of customers complaining about mail from "central USA" (or something) not arriving and after hassling our email provider and having them hassling their connections mail suddenly started to arrive. (And no I don't think it was acceptable then and I don't think it is acceptable now.)
I moved to the fediverse to NOT be controlled and regulated by corporations, because there's no need to. Adding such a feature in Mastodon is stupid. What's the next step? Integrated Twitter client?
> To send us the config, you can send us the public URL for your config file or attach it directly in a Keybase chat message to @mlsteele or email firstname.lastname@example.org. In our example the file is hosted at https://keybase.io/.well-known/example-proof-config.json.
Will this always require manual step (sending config by e-mail) or is there some automation planned?
For now, we want to talk to everyone working on integrations, so we can see what steps are working and what are confusing, what could be improved, etc. So we're talking to everyone doing an integration.
There's a middle ground: you can add integration so that it's available from CLI (`keybase prove ...`) but don't show it in GUI ("select integration") so it's not advertising that site.
The proof integration guide looks neat by the way.
Edit: Disregard, chris/malgorithms answered above.
Challenge: Finding me on Twitter. For example, I am not @Nadya
Extra Credit Challenge: Let's say I'm e-famous enough to have imposter accounts but not have a Twitter "verified" badge. Which Twitter account is the real me? And how do you know?
Where Keybase comes in: On my HN profile itself you can find my signatures on Keybase. Keybase is not necessary for these signatures but becomes a convenient place to look. You also do not need to trust Keybase; although in practice many people will. Don't lie to me and tell me you'd verify the keys. :)
Now you can go directly from my HN profile to my Twitter profile and tweet at me knowing that I am who I say I am. Or at least the individual posing as me has access to three of my accounts (HN, Keybase, and Twitter) and that you'd at least be talking to the same person.
The social proof and web of trust bit is where Keybase falls down but that's an inherit flaw of the web of trust (key exchange parties aren't as popular as they used to be and people will sign/trust keys of people they've never met IRL). Ultimately you'll have to trust that the people who follow me on Keybase are certain beyond a reasonable doubt that I am who I say I am. From there, you can trust the social proofs.
I personally use it so that people can find me on other services more easily and know that they are speaking to me.
… or your HN account could just link straight to your Twitter account. I don't get what Keybase adds here.
Or you could collect all of your identities into a Keybase profile, which all of your other profiles link to. That's a lot less to manage. Plus, proving your identity at some site (usually) has the byproduct of pointing back at your Keybase profile, so even if you come at this just from a "less work for me" angle, you're getting verifiability for free.
Take a look at https://keybase.io/anthonyclarka2/sigchain
You can see a whole bunch of extra crypto is being used to verify the information.
Also, I can write the name of any twitter account in my HN profile. I can only link _my_ twitter account to a keybase account I own.
It comes with some issues, namely that I suck at keeping it up to date and that not all identities I would like to list there have a way for me to provide proof beyond my word alone. For most use cases and attack vectors I consider this sufficient enough. Now this is outside most peoples' threat models, but Keybase also provides some mitigation against some other scenarios.
1) If nadyanay.me becomes compromised the imposter could update /identities.html with a new and fake list and I would need to update my link everywhere it is used or I would be pointing people to the imposter list. I have more faith in both (a) Keybase is less likely to be compromised and (b) in the event Keybase has become compromised someone will notice. Nobody would notice if my personal site was compromised, as even my closest friends don't regularly browse my website. It could honestly take weeks or even months to discover the file had been changed.
2) A person who compromises my account(s) must also have access to my private key in order to sign messages in my name. This is important because even if any of my accounts is compromised they're still unable to prove they are me if asked. This is something I actively practice with a few online friends of mine. We pretty regularly lend large sums of (virtual) game cash to one another worth in the range of $10,000-$15,000 USD if RWT'd. The last thing either of us would want is an imposter asking to borrow some money in-game from them and selling it off and so anytime we ask to borrow some in-game cash we ask to see a signed message. I admit that's the primary reason behind most of my signed messages...
3) Any attempts at creating a new key will allow users to see that my key has been revoked and replaced. Users who had signed my old key would need to re-verify with me that my new key is valid. Social engineering and people's casual use cases means the imposter would just claim to be me and most people would believe them. Few would bother verifying but it at least provides an additional opportunity for the imposter to be outed.
And the answer is a lot of the New Famous don't have domains to list canonical social media profiles on. They exist solely on silos like YouTube, Twitter, Facebook, and Instagram with no way to connect to their fanbase without it.
I see Keybase as a secure address book, on top which secure applications can be built.
*Maybe I shouldn't trust them more than Slack? But I know from experience with pen testers that a password in Slack causes all kinds of problems.
How are people using Keybase right now? I added several of my accounts but I'm especially interested in the GPG encryption/signing.
Would be nice to add "extra" verification via Signal too, or Google Authenticator. Although GPG's public key, if already known, provides a good source for that.
As I understand it, I need to register for Mastodon at some server ``foo``, and with this one single registration I can also access other servers ``bar`` and ``baz`` and read what their members post, but I’m not able to post on those servers myself, only on my original ``foo`` server.
So what happens when ``foo`` goes under for whatever reason? Or what if the admins at ``foo`` decided to ban me from their server for whatever reason? Am I just shit out of luck now?
And what if my friends decide to join Mastodon some time later, but they all agree to join ``bar`` leaving me the odd person out? I think I’ve read somewhere that it’s not possible to relocate my ‘home server’?
The entire ActivityPub concept is flawed, but not because you would be left alone in your server, it's the opposite: since you're interacting with your friends, your friends' server would then fetch all posts from your server and vice-versa, it will be as if there was just one server, but maintenance costs are now duplicated and the discovery process is not great also.
These problems are less problematic the smaller the servers are, which makes me think the best structure would be one in which each user is its own server and just syncs to temporary syncing hubs when possible -- or maybe sync directly to other online peers they know.
Oh, wait, that's what https://www.scuttlebutt.nz/ does!
(Disclaimer: I don't use Scuttlebutt nor Mastodon nor anything like that, and I really thought about Scuttlebutt in the middle of my comment, not before.)
How do I integrate with Keybase?
Why would I want my online presence 100% identifiable and traceable back to me?
What is the appeal of this service exactly?