HACKER Q&A
📣 Brajeshwar

Why Keybase?


Along with many others, I did the Keybase identification thingy - adding the key on my Hacker News profile. Do you still use Keybase, how, why — what’s different?

  https://keybase.io

  👤 SlightlyLeftPad Accepted Answer ✓
Now that it’s owned by Zoom, it’s a hard no for me.

Edit: https://news.ycombinator.com/item?id=28814210

👤 aspenmayer
The analog I’ve seen posted around online is

https://keyoxide.org/

Previously on HN a few times, here’s a post linking to the source code from 2021 with 135 points, 58 comments:

https://news.ycombinator.com/item?id=29132024

👤 sshine
I stopped using Keybase.

The idea was great, but half-done.

So I distribute my signature across multiple sites, and use Keybase as the central gathering point of these: The Keybase website will say that the person who runs this GitHub account has the same public key as the person who runs this Twitter account, and so on. So if any of your accounts get hacked, and the public key gets replaced, they'd have to hack all your accounts to replace the public key on all of them. Or just hack your Keybase account, or Keybase itself.

Keybase lacks the decentralized append-only approach that SKS keyservers have.

It provides a single point of failure: Who cares if I distributed my public key across multiple sites, when the single site that mentions where I put them is just an HTML page that anyone with access can edit?

(I should add that the SKS keyservers were poisoned: https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d695... so.)

👤 client4
I love keybase and it's brilliant filesystem. On laptops I symlink ssh keys and configs, dotfilels, etc. so that they're stored in Keybase but available when I'm logged in. If there's an issue a can revoke a device. I also use their Certbot for SSH groups.
👤 jruohonen
I used the in-house program for a while, but didn't like it. Then, there were also some spam, forgery, etc. issues. Furthermore, they removed the PGP encryption option for laypeople from the website, which was a mistake as it was a selling point to encourage laypeople.
👤 vr46
Still use it, still rate it, but PGP/GPG doesn’t play as significant a role in much of what I do anymore. We have Signal and 1Password if we need it. I had a little company with two/three others for a few years and we used Keybase chat exclusively instead of Slack or Discord, that was good.
👤 aweiher
I still use keybase encrypted git as a backend for my gopass password repository.

Not super happy with it as keybase git is super slow, but did not find any alternatives for encrypted git, which is not self-hosted.

Don't use the keyserver, chat or anything else. But the onboarding of new machines is really nice.

👤 aborsy
Keybase is a good idea. I used it, and was tracking its development.

The development seemed to have been slowed down since it was acquired by zoom. The iOS app has been updated recently, but it felt abandoned earlier.

👤 ryzvonusef
Is twitter verification working for you?