This article isn't just misleading; it's entirely false, and the title is both highly damaging AND false. Someone below threw out the word "libel" here. I don't know about that, but it's incredibly frustrating to read this title on HN right now.
* THERE IS NO BACKDOOR HERE. Neither the especially scary kind suggested by the title (everyone assumes encryption breaking!), nor the coerced attestation kind suggested in the text.
* Put simply, KEYBASE HAS NOT BACKDOORED its apps and cannot coerce them into signing someone else's Stellar address into a profile.
Further, THIS USER VOLUNTARILY GENERATED A STELLAR PRIVATE KEY. What follows is the flow for generating a Stellar wallet and attaching it to one's profile. The author of this post went through this flow on Feb 4, 2019:
1. Visited the "wallet" tab in the app
2. read a brief description of Stellar in a modal.
3. Saw our disclaimer in a modal (not hidden - printed out front) about how scary cryptocurrency is, how it's permanently attached to your identity, and how it's important to backup your private key if you plan on leaving Keybase.
4. Only once they accepted that, then their client app (not our server) generated a Stellar private key. The app signed the public Stellar address into his sig chain. And the Stellar private key counter-signed, proving bidirectionally. The stellar key was then encrypted in a way so their devices could gossip them to each other.
So to be clear (1) this writer did in fact have that Stellar Key. And (2) we, Keybase, did not. And (3) they knew they were doing it. I encourage anyone curious to go try it out -- the flow has not changed.
I don't understand what their agenda is here. Offering some charity, perhaps they went through this flow late at night and forgot. (Looks like they generated their Stellar account well after midnight in Europe.) But the claims in the post are just false.
I accept some people don't like the opinionated cryptocurrency partnership Keybase has formed. We do like Stellar. However, that doesn't change our security story. Nor does it force users to set up Stellar keys, and something like half of our users have not. Actually - we spent a great effort building around the fact that many users wouldn't be interested in the cryptocurrency side of things.
For those who generate Stellar keys and then change their mind, not wanting them, we'll add the feature to delete all of them.
Anyway, this is just not true. All of it.
Is there any precedent to getting posts like this (blatant lies) removed from HN? I will report the post, but this article has the potential to be highly damaging to your business, even if it has zero truth to it.
Honestly I don’t know if it’s better to hide it so it doesn’t do more damage, or to change the title so people who already saw it can see it’s false.
I actually can’t ever recall a story on HN that was so highly upvoted and damaging yet unsubstantiated. What a crappy situation.
I agree with this. It is very sensational & I was expecting something totally different when I clicked on it then what I found.
I think a moderator should change this title.
This is done without any user interaction or consent, violating the fundamental principle of Keybase’s product until now: the user controls their keys.
I am confussed by this. Pre- stellar accounts have to opt in to a wallet... and after you get one you can easily find the private key in the settings.
I checked a few friends' profiles. I knew one of them hadn't set up a wallet and hey, you know what? Their profile doesn't include a Stellar address.
Where? Your comment, and now this reply, are the only occurrences of that word on this page.
It's really irksome when someone tells me I consent to something that I don't. I'm the authority on whether or not my keys were used improperly—no one else.
You used my keys in a way in which I did not want. That's the beginning and the end of it.
I hope you got paid a lot for it.
Here are dozens of other users who made it all the way to GitHub and provided feedback in an effort to resolve the same issue:
How many others just gave up?
> I created a stellar wallet to explore the feature
Furthermore, there is a way to remove/revoke every other type of attestation/claim on a keybase profile - except for the permanent, paid ad for Stellar.
It sounds like that part is being fixed, though, which is good.
1) I have never seen the private key you claim I "in fact have".
2) I have no way of verifying this information, but I will accept your words on their face.
3) I did not. Your own description of the UX flow says nothing of using the keybase (not Stellar) device key to sign an attestation/proof. That was the unwanted bit, the use of my keybase (again, not Stellar) key to publicly state that I wish to use Stellar.
I'll make a screencap video of the flow if necessary to illustrate how sketchy it is.
Also, I made a test account from scratch to test out the UX flow. Here's what I found (Note, this is the Android version, not iOS).
1) I created a new username and entered the new account on mobile client.
2) I created a password so I could log into the web client.
3) Out of curiosity I went ahead and clicked the wallet tab in the burger menu.
4) I'm then presented with a brief (full screen) 'Welcome' message and have to click a button that says 'Open Your Wallet' to continue.
5) once that button is clicked you are presented with a more lengthy, full screen, disclaimer that takes a minute to read.
Here is what point #3 says
3. CRYPTOCURRENCY ISN'T REALLY ANONYMOUS. When you sign your first of "default" Stellar address into your signature chain on Keybase, you are announcing it publicly as a known address for you. Assume that all of your transactions from that account are public. You can have as many Stellar accounts as you like in Keybase, but whenever you make one your default, that one is then announced as your. Consider that data permanent.
6) I then clicked 'Not now' button. Instead of 'Yes, I agree' button.
7) I log into my web client to see how my new account looks, and in fact, there is no Stellar wallet or address.
Seems to me like you have to explicitly opt into creating a wallet, and the disclaimer is very clear about signing it into your signature chain and announcing it publicly.
So unless the iOS client does not have the same disclaimer and wording, which would surprise me, I'm still not understanding what the problem is. The developer also said they are working on the feature totally remove your default Stellar wallet, so I imagine in the near future you can delete it.