A good article that covers what Keybase is, where they came from, what they try to do, and where they're trying to go -- although you couldn't tell from the headline. As in the article body, Slack is namedropped just for effect; Keybase Teams being a decent proof-of-concept of a popular kind of application to show that the ideas behind Keybase can be used to build real products.<p>That being said, Keybase has been moving more and more towards building these higher-level services on top of (and app-wise, deeply integrated into) their core offering: Chat, File locker, etc; presumably other than delivering value these offerings make the company easier to position in the grand graph of services, and more palatable for raising capital or as a future acquisition target.
They don't really address the fact that every single Slack "leak" is from someone already part of the team taking screenshots of the conversation. How does any kind of encryption help that?<p>Also doesn't mention everything you lose out on with this approach - like searching through message history.<p>It's a neat product I guess, but mentioning Slack in every single line seems more to get eyeballs than a valid comparison.
> Two veteran entrepreneurs are running a little startup built around making it easy to build web and mobile applications from day one that make data impossible for a digital trespasser to read. In fact, it encrypts data in such a way that even if you use some company’s service, that company can’t see what you’re doing with it.<p>Is it? Not that I'm questioning Keybase, I just had no idea they were offering some type of encryption-as-a-service thing. I thought key base offered encrypted identity management, along with some encryption focused tools (kbfs, and now chat). Of course, I don't know/use key base - hence why I'm asking.<p>Can anyone go into more detail on how key base is offering this service:<p>> In fact, it encrypts data in such a way that even if you use some company’s service, that company can’t see what you’re doing with it.<p><i>(Assuming "some company's service" is a 3rd party service)</i>
Tangent, but the article mentions using Google Authenticator -- I was going to start using that recently, but the reviews indicated it had some really big problems with restoring when you get a new phone etc and Google isn't really maintaining it.
<a href="https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8" rel="nofollow">https://itunes.apple.com/us/app/google-authenticator/id38849...</a><p>Can anyone comment on their 2fa approach to google?
Nice work team. I've been on Keybase for a while but I've only recently installed and started using Teams on iPhone and Mac and both the apps are very polished and easy to use. Definitely a lot easier than posting up my key and waiting for someone to email me encrypted text ;)!<p>I think the strategy of decentralising the data is a good one for enterprise apps like this, where there's typically little value from the perspective of the business user, employee user, or service provider from holding the data. Lots of data is great for driving personalisation and other features in a million+ person network but not really in cases like this one.<p>Hopefully this is a pattern that will keep working its way into enterprise apps.
> In order to give everyone confidence that the people shown in the Keybase are who they say they are, Keybase encourages users to attest to their identity cryptographically on social media. Keybase is its own social network, but it’s not one for sharing pictures of food or sad status updates. It’s a place for Mary to say “This really is Bill” and for Bill to say “this really is Mary.” With enough attestations like that, it becomes really hard for people to pose as someone they are not.<p>Doesn’t this sound like a nightmare in terms of social engineering attacks?
I don't really get it. I have a Keybase account. It's attested on my social media accounts (including on HN). It includes a private key on my personal laptop and one on my phone. I haven't extended it to my work laptop because I don't want my company IT having access to a key that I've gone and told all my friends they can trust. So I'm confused about how this is supposed to work.
This is going to sound like a dumb question, but.... how much would encryption help? Even if we encrypted all of our data at rest and on the wire, I feel like a lot of security vulnerabilities wouldn't have been prevented with encryption. If you have any way of interacting with the application or the database, it's basically game over, no? Is there any data on this?
I've come to the belief that crypto and security are a 'feature' and never a product.<p>As important as these issues are - I find that businesses and consumers don't often opt for these things as a primary choice except in specific circumstances, or for specific consumers with specific needs.<p>The fact is - I think - most people don't care. Even most startups don't care that much. If their conversations are 'reasonably secure' then they're good with it.<p>I think HN readers are way to one side on this issue - we care a lot about it. I think our views are different from that of most people.<p>This could change but I think we're still in this mode.
If there's anyone working on an Open Source Slack (or Keybase) alternative, hit me up. I run a UI design agency and we'd love to help design a better interface for an open solution that we and others can use. Find my details in my profile, or go to <a href="http://fairpixels.pro" rel="nofollow">http://fairpixels.pro</a>
Ok, I'll bite. Is this actually a thing??<p>> You texted that dude about the weird thing you like to do with silicone ice trays and that admission will remain in the bowels of the Match Group forever.