A Geek With Guns

Chronicling the depravities of the State.

Keybase Client

without comments

Keybase.io started off as a service people could use to prove their identity using Pretty Good Privacy (PGP). I use it to prove that I own various public accounts online as well as this domain. Back in February the Keybase team announced a chat client. I hadn’t gotten around to playing with it until very recently but I’ve been impressed enough by it that I feel the need to post about it.

Keybase’s chat service has a lot of similarities to Signal. Both services provided end-to-end encrypted communications, although in slightly different ways (Keybase, for example, doesn’t utilize forward secrecy except on “self-destructing” messages). However, one issue with Signal is that it relies on your phone number. If you want to chat on Signal with somebody you have to give them your phone number and they have to give you theirs. This reliance on phone numbers makes Signal undesirable in many cases (such as communicating with people you know online but not offline).

Keybase relies on your proven online identities. If you want to securely talk to me using Keybase you can search for me by using the URL for this website since I’ve proven my ownership of it on Keybase. Likewise, if you want to securely talk to somebody on Reddit or Github you can search for their user names on those sites in Keybase.

Another nice feature Keybase offers is a way to securely share files. Each user of the Keybase client gets 10GB of storage for free. Any data added to your private folder is encrypted in such a way that only you can access the files. If you want to share files amongst a few friends the files can be encrypted in a way that only you and those designated friends can access them.

On the other hand, if you’re into voice and video calls, you’re out of luck. Keybase, unlike Signal, currently supports neither and I have no idea if there are plans to implement them in the future. I feel that it’s also important to note that Keybase, due to how new it is, hasn’t undergone the same level of rigorous testing as Signal has so you probably don’t want to put the same level of trust in it yet.

Written by Christopher Burg

June 8th, 2017 at 11:00 am