Keybase Chat is audited and widely regarded as secure, but when prodding for details on how key verification works without human verification, people kept telling me that blockchain magic takes care of it. Eventually I did a deep dive and spent some hours trying to find any path through which the keys are reliably verified, resulting in the post as linked.<p>As far as I can tell, there is no key verification possible in the mobile app and it's basically "trust the server on first use" (TOFU; details are in the StackExchange question). I'm not saying that this is <i>insecure</i> per se, better use open source Keybase than some of the more popular apps, but they claim it's proper end to end encryption (E2EE). One might argue whether this can perhaps fall within the E2EE definition and shift the discussion to whether we should weaken the definition of E2EE to unambiguously include TOFU, but the question whether my analysis is correct remains: is there a way to verify Keybase's end-to-end encryption between me and a friend, or do I just have to trust the server's initial key?<p>It seems weird for Keybase to make a claim that is not in line with what I think is the common understanding of E2EE, so I'd love if someone else can also read all the docs and post an answer to either confirm it or prove it wrong. Maybe the Keybase authors could chip in, and one of the auditors is also the highest ranked user on the security stackexchange site so I had some hope that he would answer (I also sent him an email). It is now tied for the highest voted unanswered question on the site and someone opened a bounty on the question for more attention but it hasn't elicited answers so far (that's actually why I posted it here for attention: someone with only 100 rep whom I don't know opened a bounty for 50 rep, and I don't want it to go to waste). If someone here knows more, a definitive answer would be welcome!