I'm curious if anyone who worked on this article would be willing to comment on what they think of Keybase.io's client-side crypto implementation:
> Browser crypto can be scary. Do you have an evil extension
> installed? We can't tell. Further, have we been tortured
> into serving you custom, targeted JavaScript? Hopefully
> you're not that important.
> So: only use this page if (1) you feel your browser is
> clean and (2) a life doesn't depend on it.
If you use the web based crypto from keybase.io, your key can be compromised if they are compelled to do so, or they are hacked.
The good thing about keybase is that they also provide a cli tool for interacting with the service, so your private key never needs to go near a website.
I personally use a smart card and reader, so even the cli tool couldn't read my private key if it was compromised.
I had a keybase.io account for a few days and then deleted it recently. It seemed pretty nice, but then they sent me some invitations and it dawned on me that I don't know anyone else who would use it, and it adds even more complexity on top of the existing system, so isn't going to be that useful for newbies either.
