Hacker News new | past | comments | ask | show | jobs | submit login
Keybase cancels Stellar token airdrop (keybase.io)
255 points by ceejayoz 45 days ago | hide | past | web | favorite | 124 comments

Seems like a lot of people are saying the airdrop and integrating Stellar to Keybase was a bad idea, but I don't think so. There's a lot I like in the Stellar-Keybase integration.

Keeping cryptocurrency keys secure has always been a challenge. Keep them too well, lose your money; keep them not well enough, someone can steal your money. It's a thin line to walk.

Keybase wants to make encryption user-friendly, and keeping cryptocurrency keys secure fits very well to that purpose. This is probably the least painful way I've kept crypto private keys.

Besides, the wallet is pretty functional, and is integrated to an app that's already sync'd to my phone and computer. It's without fuss and just works. Compare that to yet another app which I don't know, need to evaluate, don't trust to keep my secrets, or won't share them across my devices. Here, it's painless.

I personally knew Stellar already, but as a technical user (which I feel is a natural demographic for any crypto to start to get early adopters), this brought back Stellar in my mind and renewed my interest (or would've interested me if I hadn't known it).

Besides, I quite like Stellar as a cryptocurrency for payments: fees are low, and confirmations are near instant. And I'm not even naming the fact that it natively allows you to keep fiat money as a Stellar asset instead of exposing yourself to the risk of losing value to fluctuation. (Though there are caveats, but the infrastructure is there natively to build very useful things.)

I don't think this was quite bad a move as some make it out to be.

On the flip side of the anecdata I signed up for a thing that could prove I am me in case it ever became useful then they added chat to it and something to do with git and then started spamming me with some cryptocoin bollocks

I discovered the first (surprisingly good) use case for keybase the other day -- Terraform encrypted outputs which you can configure by simply providing your keybase id. Extremely convenient. Perfectly joined the dots between a complicated but secure thing (you had to store sensitive state in S3 with server-side-encryption, which made it way too complicated to have sensitive data in a small side project) and the throwaway easy but very insecure thing (store the state locally/in a private git repo).

Of course, absolutely ZERO crossover between that kind of utility and this Stellar thing. I'd like them to find more life-improving nuggets of utility like that instead. Find more places in your life where you want something encrypted ad-hoc but don't want to memorise your GPG key ID. Any time someone would normally whisper to tell you something could be a candidate.

> Perfectly joined the dots between a complicated but secure thing (you had to store sensitive state in S3 with server-side-encryption, which made it way too complicated to have sensitive data in a small side project) and the throwaway easy but very insecure thing (store the state locally/in a private git repo).

I use git-crypt for storing secrets in git repositories.

In the future, I'll probably switch to this, though: https://github.com/bitnami-labs/sealed-secrets

Could you please describe in more details the workflow with terraform?

(Using the IAM module because I'm lazy)

module "iam-user_foobar" { source = "terraform-aws-modules/iam/aws//modules/iam-user" version = "2.3.0" name = "foobar" pgp_key = "keybase:foobar" force_destroy = true create_iam_user_login_profile = true create_iam_access_key = false password_length = "${var.password_length}" }

This sets the users password then PGP encrypts the password with their keys from keybase. You can then use the module output to get the pgp encrypted password and pass it to the user (manually, email etc...).

Otherwise it will put the password in plaintext in the state, not a massive issue as you can set it to require changing next login. But eliminates the even slight chance of leakage.

You can also encrypt the state with KMS (for example) and manage access to the key to prevent casual access to your secrets in statefiles. Uploading encrypted values in state is interesting though and using keybase for that is awesome!

This was my first intro to Keybase as well. I believe it is still limited to the AWS provider (Google provider maintainers are dead set against it last I checked) but for resources like `aws_iam_user` you can specify either a GPG pubkey or a keybase username and upon creating the user the Terraform provider will generate a random password and encrypt it so you can store it / share it safely.

When I started getting the spam I deleted my account.

I love the idea of keybase but in practice I never had contact from strangers suddenly using GPG, so it felt more aspirational than useful. But with zero interest in cryptocurrencies any tiein/integration was just wasted on me.

It's interesting how experience differs. I created my keybase account out of couriosity and when chat was added, people I know started messaging me. Now it's more a communication tool to me than something to prove my identity. I don't care that much about stellar, but it's more in the realm of interesting things than annoying. :-)

That's a fair defense of Keybase and Stellar. But it's not a defense of the airdrop, which seems to have had the effect of introducing a new population to Keybase, one that is more interested in cryptocurrency speculation than any of the things Keybase did previously. That, I think, was a big mistake. It increased engagement metrics while annoying all the existing users; effectively it pivoted Keybase into a chat app for altcoin enthusiasts. Which would be fine, if that was actually their goal, but it doesn't seem like that's what they wanted.

Agreed - the first distribution required registration prior to the announcement. I don't see why that didn't apply completely, why use it to drive Keybase sign-ups? They were essentially all 'fake users'.

Even the first distribution temporarily put a market value on old GitHub accounts, since their anti-grab measure was that you needed a pre-existing Keybase account or a new one linked to a pre-existing GitHub account. There were several people on /r/github confused why they were getting monetary offers to buy their accounts. That already didn't sound like the intended outcome.

It's not clear to me how I'd exchange my lumens for goods or services.

I could imagine transferring some lumens to a friend for my share of dinner, but only if my friend is actually going to want lumens. Even if they're a keybase user, they're hardly going to be excited if I transfer them tokens that they are then, themselves, going to find difficult to exchange for goods or services.

If Keybase had to cancel this because all of the people signing up were after the lumens to speculate, maybe they should work on making the currency actually usable and liquid. I'm not interested in speculating; if I could use this to buy something down the supermarket, I'd be very interested.

Indeed. If there were businesses on Keybase at verifiable addresses that accepted lumens as payment, we'd be in a much more interesting space. ...And I do think that might be a place Keybase can excel, because they could provide the method to be sure @walmart was actually Wal-Mart. But it requires that companies be willing and able to accept cryptocurrency.

You could get a Wirex credit card and spend them anywhere that accepts Visa: https://wirexapp.com/global

> Keep them too well, lose your money; keep them not well enough, someone can steal your money. It's a thin line to walk.

Nah, not really.

Unsophisticated users tend to keep their crypto on the bigger exchanges, which means someone else manages their keys.

Sophisticated users tend to use (cheap) hardware wallets or at least understand paper backups of keys and passphrases.

How-tos and warnings are exchanged ad nauseam on crypto Twitter and crypto blogs.

I imagine Keybase would have moved this forward about as far as they've moved forward GPG / PKI for the general user. (Not much)

This is mostly Stellar trying to gain some marketshare since they haven't made much progress elsewhere.

I agree, I think airdrops with Stellar and a wallet on many developer computers could create the critical mass to more crypto applications.

As a keybase user, why should I want to be a part of that?

I don't know.

Then why did you write a post emphatically stating you agree with an opinion that the airdrops were a good idea?

Did you just get really excited by their enthusiasm?

You can downvote me as much as you want - I wish more people would say "I don't know." if they don't know - on the internet and in the office.

I don't think the downvotes are because of that. It's more that "creating a critical mass" via something people don't actually want is pretty much the definition of spam.

Thanks for articulating my thoughts and feelings regarding Keybase and Stellar.

This was a terrible idea from the start. And I've been hearing from lots of folks that the influx of "users" attracted to scammy stuff like this have been harassing other Keybase users via DMs. Congrats on ruining your service, Keybase.

Yeah, I got this one: https://twitter.com/kstrauser/status/1199040190980845575

I went from about 25 followers to over 50 in approximately a month, after being there more or less from the launch. Those first 25 were largely people I've personally met in real life. The rest are entirely fakey.

Until Stellar, I've never been followed or contacted by some rando. Now if I see either from a person who only has stellar and bitcoin attached to their profile I just block them. Hopefully this Dec 10th announcement returns some peace and quiet to keybase.

Keybase/Steller incentivised spam has also apparently been the inducement for much of the vacuous-but-annoying "great post" and "hello" comments infesting HN in recent months (per exchange with admins).

So yes, it's had an effect here as well.

Yeah, I think their fundamental error was making a definitive way to join a future airdrop.

They should have just given coins to existing active keybase users. They would have had healthy increase in users based on regret and fear of missing out again.

On the other hand, if Keybase continues to grow, network abuse (spam and harassment) is something they'd have to solve eventually anyways.

This has just forced them into coming up with a solution now rather than waiting a few more years when the network's larger.

I don't know if it's "scammy," but it comes off as desperate. The "scammy" part seemed to be phony users registering to grab cash.

I received one unwanted DM which was removed when the user was deleted by keybase an hour later and I have been on keybase since the early days. I've replaced most of my slacks with it and use it as my shared drive, static web server and personal git. I don't use the wallet.

I feel like keybase is great as a key-management platform and _that's it_. I found it to be a fairly pain-free way to manage a pgp key, and the ability to associate it with a public social media identity is super cool. I don't really get why all the other features are needed, and if there's a better platform to do key management easily across devices I'll jump ship in a heartbeat.

It's pretty good for end-to-end encrypted chat and file sharing. I've used Telegram, Signal and Wire in the past, but I've found Keybase to be the best for my needs.

The cryptocurrency wallet feature is not useful for me, but it hasn't really impact me in any negative way, so I don't mind it.

It's not particularly strong end to end encryption, to note. It doesn't have perfect forward secrecy, for better or for worse.

Without any context as to whether it's worse than the encryption in eg WhatsApp, Telegram and Signal, this is a pretty useless comment.

Is it "not particularly strong" against nation state adversaries? Or can any script kiddie with a toolbox break it?

It’s only useless if you don’t know what perfect forward secrecy is and would rather complain than look it up. Yes, this feature is provided by Telegram and Signal (probably WhatsApp too). It makes it so someone who compromises your key can’t read all past messages. It’s pretty important. Future secrecy (key compromise doesn’t grant access to all future messages) is also important. Keybase only has forward secrecy for its exploding messages.

These are why I’d never use Keybase to chat even though it’s better than Signal from a usability perspective.

Could you sum up how someone is able to read keybase exploding messages when a key is compromised? After it explodes

If an attacker obtained the ciphertext of the message, they are under no obligation to delete it just because it "exploded" on your device. They can hold onto it as long as they want, then if they ever get your key, they can decrypt it.

So, firstly the comment you're replying to specifically says that Keybase _does_ use PFS for exploding messages. I'm going to assume in good faith that you've simply misread the comment but I'll circle back on this because the technical details are interesting.

1. For _other_ Keybase messages without PFS it's open season. Say Alice sends you a normal Keybase message right now about murdering her husband Bob. Keybase will ensure Alice provides keys to decrypt that message for your iPad, iPhone, the MBP and your old Thinkpad. This way you can read the message from any of your devices. Convenient.

Spooks can record Alice's encrypted message and get it back if they at /any/ subsequent point obtain the Keybase device key for your iPad, iPhone, MBP or Thinkpad, for example as a result of seizing it for some other reason. Maybe it's next week, or next month, or next year, or in ten years time. The device may never have received these messages, maybe it was switched off, or they've since been removed. Doesn't matter until the key is replaced.

In contrast a PFS system would discard the keys as soon as they'd been used to decrypt stuff, and agree new keys for subsequent messages. Signal's double ratchet does this for every single message back and forth. "I killed Bob" (new key) "You did what?" (new key) "I was so angry I just stabbed him" (new key) "Shit. Now what?" (new key) and so on.

2. Actually though "exploding" messages are another Keybase compromise. Visually it seems like they blow up instantly when the time limit expires right? Gone. But cryptographically it takes up to a month or so for the bomb to "explode". Suddenly it's more like you wrote the message in chalk on an outside wall rather than it instantly "exploding". This was easier for their multi-device large group stuff. That's right, your 1 hour exploding message about the lawsuit was optimised for cases where you'd need to share it with a 500 person group who all have multiple devices. That makes sense right?

Always with "exploding" messages the actual expiry is implemented by some software explicitly deciding to throw ephemeral data away. Signal's ratchet makes doing so constantly the unavoidably the correct software engineering choice, otherwise your code leaks endless old keys because of the ratchet. But Keybase only throws away "ephemeral" keys after at least a week, chances are if you're a multi-device user there are some fortnight old "ephemeral" keys in one of your systems right now. A Keybase exploding message you got on the 1st of December with a one hour "fuse" on it is still actually readable now using keys from that device. Huh. The Keybase UI doesn't make that apparent at all.

Actually his comment is quite useful and tells you enough to know notnto use it if security is actually a concern. Without PFS (Perfect forward-secrecy) someone who obtains a key or brutes/reverses one has theoretically unlimited time to do so and gain access to all future communications with that key because the key isn't Ephemeral.

Compared to WhatsApp and Signal that's bad, they both use a well-thought out security model.

As for Telegram, well, Telegram is Telegram.

It's up to the reader to decide what "theoretically unlimited time" means in this case with regards the adversary.

> I feel like keybase is great as a key-management platform and _that's it_.

I agree, although I'll freely admit I haven't tried to use the other features all that much.

However, I do find myself a little uneasy with the key management aspects too. The official keybase CLI package being ~500mb when installed, the background server, etc concerns me. The alternative of using curl with a heap of largely inscrutable commands seems unworkable¹.

I wonder if anyone has worked on an alternative, and easy to inspect, client to interact with keybase for just the key management aspects?

1. I largely used the curl method, but suspect very few others would.

I don’t enjoy the key management part of Keybase and don’t find it particularly strong, but why do you think the curl method is inscrutable? The entire payload (basically a JSON blob plus a signature) is there for you to see instead of a binary client that could do god knows what (even if you have the source code it’s probably harder and at least slower to understand than the final payload sent over the wire). I would say the curl method is actually the most inspectable one.

Inscrutable may have been a little strong, but just having a re-test here shows me a nine argument curl call in some paths. I'm not saying you can't inspect it, but there is a lot going on there.

I think we're in agreement that a huge binary client is worse, but I'm suggesting there may be a middle ground with a small/simple open source client just for the key management aspect. That said, it does of course rely on people actually looking at the source of such a client ;)

The parameters are mostly server states. What’s interesting to you should be “what am I signing” (since that’s the only part they didn’t provide you in the first place) and it’s a JSON blob that’s fairly understandable.

A small client is still going to send the same payload.

> "I don't really get why all the other features are needed"

Because growth. Either by VCs insistence, or founders ambitions.

Or that they hired X people to build the identity bit and needed to build more to keep all funding and staff.

If they had separated it more under a suite of products then it would have been ok, instead of bundling it all in one client and service.

All I need is the web page for identity and the CLI for encryption and verification.

I don't need a heavy electron UI always running on my devices.

I signed up for Keybase during the alpha because I liked the idea of PGP-verified identities on different web properties (and I still do). However I uninstalled their client when it was “upgraded” to a Mac app complete with a kext for a goddamn FUSE mounted at all times (that and the fact that the client was somehow spamming my DNS server). But at least the chat service makes sense for part of their user base. Then came the crypto nonsense....

I guess being a free keyserver and identity verification service (they frequently check all your signed messages across all linked web properties) just isn’t a viable business model.

Lots of services are great key management. What I'm waiting for is encrypted (or at least signed) email between myself and literally any company on the internet communicating by email.

"can you just email me a copy of your passport photo and these 5 other things i need to completely verify your identity to banks and so on"

errrr .... no ?

Individuals are arguably not fussed. But surely business can get behind some better levels of encryption / verification ?

I wouldn't bother waiting. Just use a web site to transfer anything important and give up email for this purpose.

A hard problem with email is that there is a boundary inside the address itself. How can anyone know this is steve@example.com? Maybe an outside authority can verify it's really @example.com but if I thought this was Steve and it's actually Tammy then I'm unhappy anyway.

For your purpose you probably don't think you care. You don't know whether custserv@example.com or customer@example.com or jenny.smith@example.com is the right email address to be telling you that your complaint is being confidentially processed anyway. But what about steve-the-plumber@gmail.com ? Does it matter if this is really from Steve or the mail actually came from tialaramex@gmail.com ?

Because the web doesn't have this authority boundary the Web PKI can actually assure you of a meaningful fact to a worthwhile degree. This is really https://example.com/. Is example.com really your local plumber Steve? Are they legally authorised to repair your gas appliance? Are they crooks? We can't answer those things. But we can tell you this is definitely example.com

Facebook of all places has PGP email. Even encrypts your password recovery emails.

I found it convenient for syncing private git repos between machines. But now that gihub allows private repos for free, maybe that's not so useful anymore?

I think this is a good move.

Keybase had a certain quiet dignity to it. Everyone listed there was easily identifiable to me so there was never any confusion over who I was talking to, and it was easy to turn the notifications right down. We even used it for team chat. Keybase had some appeal as "crypto means cryptography." Introducing a cryptocurrency shattered that quiet careful image.

I wouldn't say cryptocurrency integration and the surrounding song and dance is the reason we switched to Slack for team chat, but it is the reason I stopped advocating for staying on Keybase.

I hope this move is part of shoring up the "quiet reliable tool" image I had of Keybase. Among the 1e6 chat programs I have to use to talk to everyone, Keybase was the closest to feeling quiet and reliable, and I hope it does again soon.

One interesting thing I found was that they must have done some cleanup very early on, or perhaps many people decided to opt out. According to the wallet tab in the app, the Sept 9 airdrop went out to 280,598 users, while the Nov 17 airdrop (after the fake accounts started piling up) was only to 145,263 users. Curious to see what this final airdrop will be like.

It seemed kinda novel and fun, but I've never really been interested in cryptocurrency, and I have no idea what Stellar is good for, or even if I care more than my ability to cash it out as USD.

Overall Stellar feels like a distraction from Keybase building out their core platform and improving the user experience to the point where I'd even think of trying to get my non-technical friends to use it. And if they want to attract the masses (maybe they don't), they need to integrate traditional payments, in local currencies. (Yes, I know Stellar can act as an exchange medium, but people will want single-click ability to transfer fiat currency in/out of their bank account.)

> And if they want to attract the masses (maybe they don't)

It's not super widely known, but Extinction Rebellion NYC relies highly on the whole keybase suite of tools, and I've heard they mostly like it (and they're def not predominantly technical). NYC is also likely inspiring other XR global chapters, but hard for me to speak to that.

The Sept airdrop went to all their users, whereas you had to opt-in to the rest. The balance, minus new signups, were likely inactive users.

I too received one drop in Sept and one in Nov. The communication from Keybase sounds like the drops were happening monthly though. Was there an Oct drop and did we miss it?

They pushed it back at the last minute because of the rework in registration opt-in. Their disclaimer om the whole process was basically that it was a gift and came with no guarantees.

Thanks, so I'm not the only one who wondered what is going on. Their last message said literally: "You are still registered; there is nothing for you to do". Emphasis theirs, not mine. I didn't receive the December drop either. Their communication is confusing.

I have been unable to login for months because the password reset is disabled.

> perhaps many people decided to opt out

November airdrop required providing phone number.

That was only for new users. Existing ones didn't need to verify their number.

You had to register your wallet to receive gifts after September. I'm assuming many people just didn't know. I hadn't used Keybase in a while and I just found out about the XLM giveaway.

$16,000,000 spent to acquire users that you had to then build a "block all other users" feature for.

Does anyone know how successful this was at getting people on to the platform? I had the same number of friends on Keybase before the airdrop was announced as I do now.

You are thinking about this wrong. This is not money they had and are now losing but value that they created and are now distributing to improve the robustness of their economy (everybody wins). The SDF actually burned a lot of tokens recently (way more than this airdrop) as well because they concluded they were stockpiling too much and thus were putting their economy at risk. the point of this airdrop was to increase circulation of XLM among real users. The reason they are stopping it is that keybase had to scramble to keep bots, spammers, etc. out, which kind of defeats the purpose because you get a few bad actors accumulating disproportionately large amounts of tokens.

I was on Stellar already and received both airdrops so far. About 55$ in total at the current rate. It peaked out at ~65$ a few weeks ago. It's a nice gesture; much appreciated. I already earned (as in I worked for it) some XLM through other means so I have a nice stash that I'm HODLing.

Keybase is actually a nice product. It lacks a few of the niceties of Slack but it has made nice progress over the last year. Setting up a team is quite easy and right now they are not really charging for it. I would consider it for a small team.

Yeah, I like the product and I think sending money in a chat app is nice.

I guess it doesn't really affect me that the userbase is 50% crypto speculators. I don't have to interact with them.

Yeah, giving away money scales only in the short-term like a negative price product, increasing demand that usually doesn't translate into recurring users or revenue. I think they need more freemium and related paid services, and integrations. Like why aren't they also the "gravatar" of GPG fingerprints and keys? They also need a widget generator to spread the word on websites.

How would a "gravatar of GPG fingerprints and keys" look like?

The money was spent by Stellar, who raised a huge amount during the ICO hype era, and have been quietly spending it in huge chunks in an attempt to build a market for their shitcoin from scratch. Their CAC must be 10x that of almost any other internet business, but, hey, they can afford it.

They supply the tokens, and presumably are paying Keybase for access to their userbase (and non-removable ads for their coin on almost every single keybase profile page).


I just don't understand how it's a good investment. For the people that desperately needed the free $20, they probably immediately withdrew it and will not be building any blockchain apps in the near future. So what did Stellar even get? A few crazy people that use a very off-the-beaten-path chat app now know about it? I feel like the money could be better spent.

I also don't see how this works as a pump-and-dump to turn their ICO into actual United States Dollars. With the vast majority of people wanting hard currency instead of a cryptocoin... I feel like that can only drive the price down. Looking at some charts (https://finance.yahoo.com/quote/XLM-USD/), XLM has been trending downward for a year. There is a small spike right around the time of the first airdrop. Maybe that was all they needed to make some money?

I don't really know but it all seems shady to me. I have decided not to hold this against Keybase; it's an experimental app for "stuff" that I don't have to pay for. I am still suspicious of cryptocurrency in general, and especially ones I haven't heard of like Stellar.

Stellar couldn't sell those coins for face value today without tanking the price and thus value proposition of their platform. The airdrop is for a significant chunk of their token's daily non-wash volume, and would trigger a lot of price instability if they tried to cash it out themselves.

I truly think they are simply okay with a $200-500+ CAC because it's all found money anyway (that dumping on an exchange would ultimately disclose and hurt future potential profits).

If they can make it actually get adopted, they stand to make a lot more—but it's a huge if.

Yeah this whole farce turned my 'trust' beacon away from keybase. I know that sounds like a strange thing to say, but I feel like trust is a compass and this move was quite polarising. It felt like the iTunes U2 fiasco. Don't give me something, and have me live with it if I never asked for it to begin with.

... especially considering that there might be confusing tax consequences for people who receive these.

About as confusing as receiving a cash allowance from your mom.

Guidance from the IRS suggests that you need to maintain cost basis information for cryptocurrency, and pay tax on any gains if/when you do something that causes it to be converted to US dollars.

Hell, even with a cash allowance, if it exceeds a certain value during the year, you owe gift tax (though it's obviously difficult for the IRS to figure out about your allowance, especially if you never put it in a bank account).

Providing you don't actually spend any of that allowance.


> It felt like the iTunes U2 fiasco.

Looked it up now and this explains why I had a lonely U2 album in my iMusic when I finally got another Apple product after 7 years.


Originally you couldn't delete it.

And if your phone storage use was near Max, your phone was now full. You couldn't delete the (partial) album, you you started trying to delete something else, and when it was noticed there was available space on your phone, more of the album was downloaded. Repeat, until full album was on your phone and now you're missing photos of your kids, apps you want to use, etc. Just so there's available space so your phone will run normal-like. But you can't take any new pictures...

Not saying some didn’t experience the issue you pointed out, but to be fair, the album was under 100MB. It’s not like they forced something on you that used even 1% of the storage of the minimum storage option phone at the time.

The outrage over needing multiple gigabytes of free storage for OTA updates at the time was much more warranted imho.

I appreciated the free only-crypto-I'll-ever-own-probably? But Keybase learned that people ruin everything. I still think what they built here is really neat, and hopefully once everything settles from the giveaway, what's left will be worthwhile.

The original design of the airdrop seemed designed to reward mostly/only existing users, but with the in for existing HN/GitHub users who might join. Basically it was narrowly intended to be for developers. The redesign to "avoid" abuse involved phone numbers, and allowing anyone with one in, which was the real floodgates.

FWIW, the initial "in for existing HN/GitHub users" caused a huge spam account problem for HN.

Yeah, but the floodgates opened far worse when it wasn't limited to developer focused websites. I feel they should've shutdown the way for new Keybase users to join the airdrop. Stellar would've benefit from a large number of developers having their crypto and potentially developing software to use it, and Keybase would've been seen as rewarding their loyal users.

A lot of comments here don’t understand why Keybase added a crypto wallet, or chat, or git, or file storage, etc.

It’s about user growth and attracting more people to the platform. Yeah git repos seem a little random, but you can’t have huge user growth from just offering identity verification.

Git repos are the only thing I use. I imagine there is a colossal overlap between "people who can use Keybase" and "people who use git".

That said sharing files from the command line is super-convenient. I just never remember it's a possibility!

It's also the only thing that provides all these things end-to-end encrypted, a lot of people don't realize that and so don't realize why others are interested in it.

Git repos aren't bad for secret management within teams, IME. So there is some use.

I am willing to bet it is about Stellar giving Keybase a lot of money to force a non-removable ad for their coin onto nearly every active keybase profile page.

Still no way to get it off of there, save for a total account reset that wipes all data and connections. No warning or notice when you are offered to generate stellar keys for a wallet that it’s going to separately use your keybase key to also make a signature and post this permanent, non-removable ad to your profile page.


Almost two months ago the Keybase guy said they were going to allow people to remove it; no progress as yet. I wonder how much they got paid by Stellar to make their client app abuse a user’s trust like this. I hope it was a lot, I used to really like the idea behind keybase.

Stellar is a seriously cool cryptocurrency. The more I learn about it, the more I want to actually use it for everyday stuff. And unlike bitcoin, it isn't causing a massive energy waste.

Really the only thing missing is a way make semi-anonymous payments (sort of like cash).

It's still mostly a bad copy of XRP so although overall "better" than bitcoin is does nothing better than the predecessor (XRP). In fact stellar was created because Jed McCaleb wanted to do a FB airdrops to push XRP but the rest of the team dint like this idea. Their though a giveaway for actually crypto interested people is enough and giving coins to people who don't understand it would not add any value. Quite obviously they where right. But Jeb started stellar and since day one airdrops the token wherever he can.

Disclaimer: I sold the XLM I got years ago for XRP. I didn't participate in the recent giveaways.

Starting in the last week or so, hordes of fake people were beginning to come in, far beyond the capacity of Keybase or SDF to filter.

Assumptions regarding the original purpose of the air drops:

1. Stellar's goal was to spur use and circulation of XLM.

2. Keybase's goal was to increase their user base.

I think they both took the easy way out: Give-away and pray.

If Stellar wanted to increase circulation, they should have rewarded transfers and payments. Keybase could have supported that effort via their infrastructure and possibly convinced their existing user base to become more active on their platform. I suspect that they'd have gotten much farther by demonstrating value to existing customers than trying to attract (buy, in the basest sense of the term) new ones.

Opportunity lost, it would seem.

> they should have rewarded transfers and payments.

It doesn't matter what they would have rewarded, it was going to be gamed. This is a fact of life on the internet.

Sure, but when you're fighting a public perception that cryptocurrency is a value store to be bought and held for huge windfalls, just giving it away won't change perception or behavior. Incentivize people to learn to transfer, spend, trade, or somehow use the currency rather than hoard it (or immediately cash it out as many of the fake users were likely doing).

Stellar is a nonprofit and an organization that is trying to do positive things in the space. Much respect to them. I agree with other commenters that airdropping millions of dollars to Keybase users was not the best - I myself traded them immediately. I think they could have spent ~$15million on devs around the world to build integrations and features and that would have been a far better investment.

They devs probably don't exist. Stellar is a copy of XRP. Its rather unlikely any developer would build on stellar instead of XRPL.

I think this whole thing was a good idea, at least for me. I've had a Keybase account since back when they were invite-only. Once this whole thing launched, I finally convinced myself to take a closer look into this crypto currency thing. Certainly an interesting topic.

I love Keybase for the ability to link together multiple identities together.

I use keybase with two profiles. One which is linked to my IRL identity. And one which is linked to my internet identity.

The Stellar offering seemed really odd to me - because it seemed so outside of its core functionality. Almost scammy.

Then I read an article on Ars Technica about a flood of scammers and that sort of connected the two dots. The Stellar offering seems to have flooded them with more “people” than they can handle.

Stellar doesn't seem odd to me at all. One of the large hurdles of working together with freelancers (especially from outside the US/EU) are payments.

If I find someone on Twitter or elsewhere posting artwork I like and I want to hire them, then Keybase makes the rest quite simple: easy to confirm identity, discuss details over chat, share files, and finally make payments.

Seems like a platform with great potential that's horribly misunderstood.

That’s actually a fair point.

I hadn’t considered Keybase as a platform for freelance work. If Stellar is supposed to tie in with their Teams, Files and Git offerings - that makes much more sense.

But the airdrops just felt off to me. Last time I checked the github issues page - I saw half dozen issues raised just asking for airdrop info.

I got one drop, but then there was the demand for a mobile number. So that was that.

And what are Lumens good for, anyway? Are there any ~anonymous exchanges with Bitcoin, etc?

I went looking around when I got the first airdrop, and it looks like the answer to "what are lumens good for" is "Nothing." Turning into Bitcoin I guess...

Stellar looked promising a few years ago, but doesn't seem to have gone anywhere.

I was amused when their FAQ had "Q: So, what can I do with these?" and the A was basically... "send them to people I guess I dunno". -.-

I guess ...

I never had much interest in trading or investing in Bitcoin.

But I do earn a little Bitcoin, now and then. And I like to play with VPS, and the occasional server. So I probably spend maybe $100-$200 in Bitcoin each month.

And given that I do all that ~anonymously, it'd be far more hassle without cryptocurrencies.

Bitcoin isn't anonymous. The ledger is public and your wallet has to be linked to you only once for every purchase you've done to be entirely attributed to you.

This can even happen years after you've deleted the wallet key and moved on to a new wallet.

Sorry, forgot to mention mixing multiple times, using multiple Electrum wallets, in multiple Whonix VMs via Tor, using different mixing services, etc, etc, etc.

So sure, all that Mirimir spends is linked. But nothing is linked to my other personas, or to me in meatspace.

Edit: Bitcoin Fog was used to mix thousands of Bitcoin from at least two thefts. In 2013 from Sheep Marketplace, and in 2015 from Bter. And as far as I know, none of that was ever traced.

That's just one of the mixers that I used. So I'm not at all worried.

Edit2: I should mention that the current status of Bitcoin Fog is unclear. See their Bitcoin Fog thread. So best don't use them.

Make that "... Bitcoin Forum thread".

Spending anonymously is much easier if you hold Monero and send Bitcoin through xmr.to.

Well, at xmr.to:

> We can recommend Monerujo on Android and Cake Wallet on iOS. These wallets integrate natively with XMR.to.

I don't use either Android or iOS.

Do you recommend a suitable Linux wallet?

Just use the official Monero wallet, the only difference is that you'll need to visit xmr.to to enter the Bitcoin address you want to pay to instead of doing it in-app.

OK, thanks.

My wife received the first airdrop and then they wanted her mobile number while I've never been prompted for it. I doubt too many people were willing to sell their mobile number for some funny money. More for me! (Not that I know what I'll do with it.)

They're great for randomly holding / forgetting you're holding onto and waiting for a bubble, like that time in 2014 that Stellar gave away bundles of free coins (I think it was like 6K coins per user?) and then it bubbled in 2018.

I kinda feel sorry for them. They must have realized they can't make $100M for their investors by managing GPG Web Of Trust for a bunch of nerds.

Keybase was a nice protocol/command-line tool to prove identity, but it was over as soon as they flipped it to being some wannabe Dropbox with Adobe-quality autoupdate, then wannabe Slack, then some shitcoin-powered Twitter DM spam.

I like Keybase. Pity about the outcome. Quite happy with my Lumens, though.

Also, interesting that the same user acquisition strategy works so often. Paypal gave away money to acquire (it's also in Zero to One but you'll remember it when it came out), Coinbase did, Jet did, etc. I'm quite happy with this strategy to be honest.

That's a bummer. I liquidated the stellar they sent me. Free money. I bought some plastic Orks to paint, ha.

I bought some Lego. Well, I mean, I withdrew the funds to coinbase then my bank, and used those funds to pay for 2 Lego sets.

If I'm getting all my Stellar at once next week, I can complete my collection of Avengers Lego sets.

OK, so it's not WAAAAAAGGHHHH! But it's the same small pieces of crack cocaine. Although the WH40K lore is so much more wonderful than even the Avengers movies :)

(are you cunning and brutal, or brutal and cunning?)

> While this giveaway mostly worked, it's clear that there will be decreasing returns and massively increased effort required. Why? Starting in the last week or so, hordes of fake people were beginning to come in, far beyond the capacity of Keybase or SDF to filter.

Keybase still doesn't see the hordes of real people and their Eternal September effect on the platform as a problem. I'm not saying they have to see it as a problem - if they want to tell investors "We increased our userbase N-fold by attracting a bunch of people who are just here for the free money," that's their right. But for those of us who were previously on the platform for all the things Keybase used to advertise, it seems we're no longer the target market.

"Starting in the last week or so, hordes of fake people were beginning to come in.."

Who would have imagined giving free money would cause that?

I've had keybase for a while, but never really used it. After spending an hour going through all their requirements to sign up for this, it said I was qualified, but then when I clicked the button to claim it... it said I wasn't. I've tried 4x since and it didn't work

For people like me who is confused about what this means: https://airdrops.io/stellar/

I used to huge advocate for Keybase. I was drawn in initially by the elegance of their social identity proof, and the chat that came from that. The idea of being able to send a message to someone and know it was them struck me as very powerful.

When they then announced KBFS I was excited. It was just as useful as chat, and makes a ton of sense as a next step for the product. My second thought was hoping that I'd be able to pay for a "pro" tier and they'd then become profitable and sustainable.

Teams I also think was a very natural progression and definetely felt like the next thing for them. Especially with sub-teams, it opened a lot of doors when combined with KBFS and chat. To me it seemed to be gearing towards an eventual free personal tier with paid-for teams funding the platform. This would be similar to the model we've seen work with GitHub and such.

What came next was months of hoping that Keybase would become more stable and easier to use. The apps were buggy, but I could deal with it. The UI/UX wasn't very intuitive but with some effort I, as a technical person, could figure it out. I could even explain the concepts to non-technical friends and get them excited for it. But the quality just never picked up. The pain my friends experienced came from a crappy user experience, an incredibly flakey app (mobile and desktop). They all stopped using it, and so my usage became limited as well.

Then after months of waiting and hoping for improvements, they announced Stellar integrat. I was confused, it didn't really seem to have a straight forward commercial aspect. In my mind, you can sell keybase with file storage and teams, it seems like an attractive offering! Especially with hard line gaurentees of identity, that's a huge problem which is suddenly solved. But cryptocurrency, while fitting with the cryptography theme, didn't feel like it fit with the product they'd built. What's more, the apps still hadn't become more usable or stable.

I think my frustration with Keybase is that I thought they were using cryptography to solve problems with communication and collaboration. Instead it seems to be an excuse to for some crytopgrahy enthusiasts to build more things with cryptography. There doesn't seem to be a commercial approach, nor a true desire to make the power of cryptography accessible to the masses.

I really wish they'd invest in making teams, kbfs, chat, and identity easier to use and more stable. If they did, I'd find it really easy to convince my employer to give them money for the product suite. But instead they seem to want to throw in any feature related to cryptography, rather than building a product suite and applying cryptography to solve common issues.

I hope someone will one day take what Keybase has started, and will focus on the product rather than the tech. I'm not a cryto expert, most of what I learned was from being inspired by the Keybase articles. But at the end of the day I want to leverage this tech to it's maximum, not just use it because it's "fun".

Courtesy of Internet Archive: screenshot from December 4th, 2019:


2 Billion Lumens (XLM) were going to be shared over 20 months.

100 Million Lumens will be distributed on December 15th.

So, Keybase profits by keeping the remaining 1.9 Billion Lumens (19000000000*0.053261 current USD rate)

You were beating this same drum on /r/keybase and nobody was buying the story then either. The fake money will most likely remain with Stellar, although I'd rather it did go to Keybase, a company which provides actual value... even if it's fake money that I'll be leaving to languish in my Keybase wallet until it drops to $0 value.

Keybase is such a strangely positioned product. Really misses the mark for us. No password reset, chatting, public profiles, likes, follow "crypto influencers" ... And this campaign felt like a nigerian letter. It's like that strange guest who noone invited.

The whole office will be relieved when we switch.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact