Keybase security was independently reviewed in 2018/2019.Secure, end-to-end encryption protects the contents of your messages and files.Here are some key features to consider when deciding whether the Keybase is right for you: Now that we’ve touched on the pros and cons we found in this Keybase review, let’s cover some of the major features. Chat not as easy to use or full featured as competition.Now owned by Zoom with ties to China (privacy concerns).With the new ownership change, and the privacy-abusing practices of Zoom, Keybase is no longer recommended. This is bad news, and we have updated this review (below) to explain why. UPDATE: Shortly after publishing this review, Keybase announced it was acquire by Zoom. Let’s start by looking at the pros and cons of Keybase messenger capabilities. While Keybase can do everything from encrypted chats to providing a massive amount of free cloud storage, to storing your cryptocurrencies, we are going to concern ourselves primarily with Keybase’s role as a secure messaging service. In this Keybase review you will get a sense of how well they have succeeded. Keybase is meant to eliminate most of the geek work required to use public key encryption. Used properly, public key cryptography can eliminate most of the problems we have with hackers and unwanted government surveillance of the Internet.īut the tools for using this kind of encryption are generally too complicated for all but the most hard-core privacy aficionados. Keybase was designed to make public key cryptography more accessible to regular people. Chris Dixon, in his message announcing a $10.8 million investment in Keybase. It is a centralized system that applies end-to-end (E2E) encryption to every message you send and every file you store. Play with it, please, and let us know what features you want added.Keybase is a secure messaging and file-sharing service. If your biggest fear is hiding whom you're talking to, none of the apps mentioned on this page are safe unless you're coming in over Tor, with no info connected to your real identity, in a library or cafe, and wearing a disguise. It's better than PGP because of many modern crypto best practices, easier and safer key management, and easier and safer identity lookups. All of this is a requirement for performance and (upcoming) mobile notifications. Like with most chat apps, the Keybase servers will see who you're looking up.įor a given message, Keybase servers know who sent it, approximate size, who the recipients are, and an ID for the channel. More advanced blocking / reporting / nuking features will be available in an upcoming release. This version supports muting individual conversations, so you're not interrupted and can ignore conversations that you're not interested in. What block/muting features are available? When our mobile apps launch, your phone will be a great device for provisioning and chatting. Maybe even 3, if you start caring about your data in Keybase. So it's extra important to make sure you have at least 2 devices or paper keys. Keybase cannot read any of your encrypted data. ![]() ![]() If you lose all of your devices and paper keys, you will lose your data. But that would be publicly discoverable because of the new device name announced in your signature chain. If someone were to steal a device of yours that wasn't revoked, they could use it to read your data (of course), and therefore provision another new device. The old key is signing a statement about the new key, and the new key is countersigning. This isn't just two-factor auth with server trust. ![]() (a) type something on your first computer, or (b) enter a paper key. You'll see this policy in action when you install Keybase on a 2nd computer. This is verified by everyone you chat with. Key additions must be signed publicly into your signature chain by a currently active key,Īs determined by your signature chain. What's preventing Keybase from adding a device for me, that's really just owned by Keybase or nefarious shadow organization X? You can think of a PGP key as another part of a user's identity, and therefore one of the assertions you can make, like a Twitter address. You can, however, address someone by their PGP key! I've proven ownership of this PGP key, which your own client will verify: keybase chat send 'hi whoever owns 9701 6CB3' The basic idea here is that non-technical people won't get confused and do something irresponsible. You can read more about our key model here. People aren't so great at managing and moving PGP private keys around, so PGP keys are not included in our chat or filesystem. Even if you have a PGP key on your Keybase profile, these messages are only encrypted with your Keybase device + paper keys.
0 Comments
Leave a Reply. |