Keybase Alternatives?

> I myself mostly use the following features from Keybase: Chat, KBFS, Git repositories and encrypting messages sent out-of-band via PGP in Keybase (and the various cryptographic tools [signing, validation etc])

While all these features are individually nice, I kinda started to worry about Keybase as a product when they started bolting on stuff like this.

I think the key (pun intended) to stable & ongoing success in this space is to focus on doing one thing well. Keybase was incepted as a service for signing & validation. There's currently https://keys.pub for that. I'd be interested to hear if there's others.

For chat, there's a lot of competitors to choose from. I like Riot.im.

For KBFS, Tresorit has been mentioned. I signed up, but haven't been super impressed with their clients yet. I'm not sure what better options are out there.

I think the only complete alternative is to successfully persuade the Keybase team to release their server code under an open source license. Their client is already open source.

https://github.com/keybase

The only other alternative is a mishmash of multiple apps that each do part of what Keybase does.

I'm not seeing much mention in this thread of the cryptographically-linked identities feature of Keybase, i.e. where you can link your Website, Twitter, Reddit, HN, etc.

As far as I know, that was Keybase's initial offering, which they then built on top of to create a full suite of applications.

Although to play the Devil's advocate - while the feature is cool and implemented nicely, I doubt that many people actually use it beyond the novelty factor.

Hi, I'm developing Bloom[0] which is an entirely FOSS encrypted[1] and offline-first (but with multi-devices sync!) productivity app which features Files, contacts, calendar and notes. So no chat nor Git, but everything else :)

If you are interested in joining the (coming soon) beta, feel free to contact me: https://bloom.sh/contact

[0] https://gitlab.com/bloom42/bloom

[1] https://gitlab.com/bloom42/bloom/-/wikis/security

Since nobody's mentioned Wire, it's not a 1:1 alternative but it's close in terms of chat. I don't think any 1:1 alternative to KeyBase will rise up anytime soon, hosting git and files will be a bit to build up to.

Website:

https://wire.com/en/

Their backend is open source unlike KeyBase:

https://github.com/wireapp/wire-server

Handshake [1] is a great keybase alternative that doesn’t even rely on centralization. All information is verifiable with the blockchain acting as the root of trust.

[1] https://handshake.org

If you just want to share your public key safely, a .well-known directory on your domain works these days: https://wiki.gnupg.org/WKD

Scuttlebutt is an open source p2p gossip network (no central servers) that includes clients that implement chat, blogging, git and github replacements, Shamir's Secret sharing (splitting up a secret by encrypting it so that a number of your friends are needed to decrypt, via Dark Crystal [https://darkcrystal.pw/]), games and probably more that I am forgetting. You could easily place your public keys in your user profile.

If anyone's looking for a fully open source, decentralized encrypted filesystem similar to KBFS, then checkout Peergos[1][2]. It's built on top of IPFS.

[1] https://book.peergos.org

[2] https://github.com/peergos/peergos

[disclaimer: Peergos founder]

I'm expecting Matrix/Riot has some of those like chat, and will develop some more.

And there'll be definitely alternatives, which is the beauty of FOSS.

I am also curious here. I have used and advocated strongly for Keybase with a couple of local government clients to send sensitive files back and forth (not sensitive in the sense of national security, but more to preserve privacy and store encrypted at rest).

But I want to get ahead of the concern that Keybase is now owned by a Chinese company, which instantly compromises it.

PGP is dead on arrival, since it's an overcomplicated mess.

Keybase felt like WireGuard for its use case, just dead simple and also secure.

Update: I just want to clarify that I am happy for the Keybase team. This is clearly an Aquihire meant to bolster Zoom's security talent. And as a Zoom user, I'm generally happy about this development. But there will definitely be a concern about them being acquired by a Chinese company.

Update #2: I thought about FooBarWidget and others' comments, and I'm going to alter my wording. Zoom isn't a Chinese company, but their development team has been entirely based in China all this time and there have been concerns about that (which are entirely legitimate for certain groups like governments, in my opinion), especially given their communications aren't e2e encrypted.

Thanks keybase for the free 100$ worth of lumens. You'll be remembered fondly.

The Keybase acquisition is a reminder of the potential fragility of using centralized services (root servers, GitHub, CAs) to support decentralized tools (DNS, Git, TLS).

> ideally either FOSS or at least not run by a for-profit company

I agree with these aims, but ideally I’d hope for the alternatives to be decentralized as well.

Why not Mattermost (https://mattermost.com/)? If the key feature of keybase was encrypted chat, seems like Mattermost solves the problem.

Or Signal?

For e2e encrypted chat there's https://conversations.im. I've been using it for a while since it lets me bring my own domain and have been very happy. The Android client supports encryption with PGP keys and OMEMO (a double ratchet like Signal uses with some nice key trust options added on top to make it easy for novices, but configurable by experts).

I've only heard about https://keys.pub

Signal App - Completely open source

https://signal.org/en/

Chat: Pick one of the many available. telegram, signal, wickr etc etc

KBFS: personally I switched to gpg encrypting important files on a NAS with encrypted backups to amazon glacier and backblaze.

Git: gitlab, github, bitbucket (just to name a few)

Encrypted messages out-of-band: Just use plain pgp/gpg

The big feature for me is easy and secure backup of things like dotfiles (and it not being secured ONLY by a password). I may just combine gpg and a private S3 bucket now along with some simple bash tooling.

I have been working on this decentralized key-value database: https://github.com/kevacoin-project/kevacoin Together with W3C's draft Decentralized Identifiers (DID: https://www.w3.org/TR/did-core/), it could provide a decentralized alternative.

Not sure what is the best way to verify Twitter/Github account though. This has to be managed by users themselves. E.g. one user posts a proof in the Twitter account, the other user verifies the proof by checking the proof against the public key posted in the database.

We're working on a solution for user to link their Fb/twitter identity to a decentralized ID and post encrypted post/comment (even sending any crypto over) on Fb/twitter only viewable by friends *(not able to decrypted by Fb or NSA) -

https://maskbook.com

Source code:

https://github.com/DimensionDev/Maskbook

For now we're trying to integrate decentralized FS solution as well so eventually Fb/twitter can be merely an infrastructure layer

keys.pub does the signing/validation part

What's a good business model for this kind of company?https://news.ycombinator.com/item?id=23106043

I'm a light user of Keybase and used it primarily for validation & signing. The social identity verification was quite nice. It seems that's what most of the users here were using it for.

My suspicion is while we're not likely to see much new development from Keybase, the existing capabilities aren't likely to go away for some time.

The premise of validation/signing isn't a technically complex approach and I'm sure someone can create and FOSS it. The question however is - what features would you want integrated and what things did you find annoying?

You can do the PGP part in a decentralized way with notations and proof-specific posts - including HN: https://metacode.biz/openpgp/proofs

And then there is WKD if you have a hosted site: https://metacode.biz/openpgp/web-key-directory

Can someone ELI5 why an alternative is really needed here?

Hopefully something with Activitypub can be created... splitting up lots of independent Keybases connected using federation protocols would be rad.

The main thing I miss about keybase is the signing and verification of public resources like Github, mastodon accounts and personal websites.

upspin.io seemed like a strong decentralized alternative from the same people who maintain the Go language, but unfortunately it seems defunct, judging by it's GitHub activity. Anyone know if it has been forked and maintained elsewhere?

I host a git repo on Keybase. Is there a replacement specifically for this feature? I don't want to host the plaintext on any cloud, but I want the ciphertext to be highly available and easily re-encrypted in case of compromise.

A bit late, but I just wrote https://cryptologie.net/article/502/alternatives-to-pgp/

https://keys.pub

keybase is unfortunately one of those programs that combine many things into one - somewhat antithetical to the Unix philosophy of doing one thing well.

For kbfs, tahoe-lafs is a nice alternative. I don't know about the fuse interface as I haven't used it, but it has some solid fundamentals behind it, actively being developed and can be self hosted.

GPG still works! GPG also is a swiss army knife, unfortunately. There is OpenBSD signify (or minisign) if you want signatures.

There is also age - https://github.com/FiloSottile/age

GPG works, I don't know why anyone thought that anything else is needed.

Bitrated is an interesting alternative for identity/reputation validation - wot based: https://www.bitrated.com

Can someone suggest an alternative for encrypted git?

Honest question: What function does a server perform in end to end encryption?

Because I see that the Keybase client is open source but not the server…

10 years ago I was able to get good result from ads, but now it is an absolute waste of money and it's not worth it anymore.

protonmail for mail/chat and protondrive (when it's released for kbfs) or tresorit

Ethereum.

Unironically WhatsApp it has its own end to end encryption

https://pgp.mit.edu/ has been around before and will be around after Keybase is long gone.

I'd suspect this is jumping the gun a lot bit. Keybase was running a free service for years and has matured a lot in the last year (post crypto debacle). There's nothing stopping them from 1. Letting Keybase go into maintenance mode. 2. Donating the server to a foundation. 3. Open sourcing there server.

In all these scenarios Zoom gets better security which is a win for the world :)