What do you think about Keybase.io?

iam trying to get a good alt for wire (because wire storing your contacts in plain text & not encrypt meta data) so i found keybaseio but iam not sure they encrypt metadata or no & its saving my contacts in plain text or no so yeah

SOLVED

https://keybase.io/blog/keybase-chat

What about metadata?

Like with most chat apps, the Keybase servers will see who you’re looking up.

For a given message, Keybase servers know who sent it, approximate size, who the recipients are, and an ID for the channel. All of this is a requirement for performance and (upcoming) mobile notifications.

It’s better than PGP because of many modern crypto best practices, easier and safer key management, and easier and safer identity lookups.

If your biggest fear is hiding whom you’re talking to, none of the apps mentioned on this page are safe unless you’re coming in over Tor, with no info connected to your real identity, in a library or cafe, and wearing a disguise.

1 Like

One purpose of Keybase is to publicly and cryptographically link different accounts of yourself, so third parties can trust all of them if they trust one. The same is true for contacts that are always public. So, your contacts are always publicly visible as soon as you add them or they add you.

However, it isn’t necessary to add people for messaging. You can send messages to any Keybase account.

The Keybase chat is an encrypted alternative to Slack. They don’t try to replace other chat apps like WhatsApp, Signal, Wire, Telegram etc.

Contrary to most state-of-the-art messengers, Keybase chat doesn’t support Perfect Forward Secrecy by default. They added this as an optional feature, called “exploding messages”. Compared with Signal, there is more metadata visible to Keybase servers.

3 Likes

How does Keybase compare to Riot for metadata? Which one would you say is safer? I am not looking to hide the metadata too desperately, so long as conversation contents is fully private/E2EE

Metadata *are important, https://ssd.eff.org/en/glossary/metadata

Do we have a privacytools.io keybase team (I use keybase more than riot)?

2 Likes

This is a great idea

2 Likes

I don’t know about a privacytools.io team, but there is a team called “kb_infosec” and we (InfoSec Handbook) have a team dedicated to InfoSec news called “infosec_news”.

2 Likes

I’m not sure about metadata, but after reading this stuff about riot and matrix, I’m not sure if Keybase can be worse. Aslo, all Keybase messages are encrypted by default, unlike Matrix (Riot) or XMPP

Though for me it doesn’t matter, cause no one I know uses keybase, riot or xmpp. Only 3 family members use Wire, and few colleagues are using Signal.

2 Likes

Can I have an invite?

I don’t think we are going to be officially on Keybase anytime soon, but maybe if there was a Matrix bridge we could try talking @jonah into it.

I am also at Keybase more than in Riot as the app performs better and it somehow made its way as one of the three IM apps I have stating on login.

I am not sure which team you mean, but you can run keybase team request-access kb_infosec and keybase team request-access infosec_news, I am not sure how the graphical way works. Or if you mean a Keybase invite, I don’t know how to find your email address.

I’m not super interested in running Matrix bridges at the moment, especially ones to E2E encrypted apps like Keybase or Wire, because they defeat the purpose of E2EE.

1 Like

You don’t need an invite. Simply join, both teams I mentioned are open for everyone.

Just open the Keybase GUI, go to “Teams” and click “Join a team”. Then you can enter, for example, “kb_infosec” or “infosec_news” to join.

Ah, didn’t realise that they were open to all!

I forgot to say here too that a team was created this morning.