Keybase.io invitation

Raymii · Jun 23, 2014

I have 2 Keybase.io invitations to give out. What is Keybase?:

Keybase will be a public directory of publicly auditable public keys. All paired, for convenience, with unique usernames. (https://keybase.io/)

It is quite awesome. Works with the gpg keys you already have and also lets you do browser encryption if you whish so. You can upload a private key, but since it is protected with a passphrase it should be secure.

Please post why you want a keybase invite. You should be active on there and at least validate your accounts, and sign / track some other people.

Cloudrck · Jun 23, 2014

Raymii said:
You can upload a private key, but since it is protected with a passphrase it should be secure.

Private Key and Online should not be in the same sentence. I don't know how anyone can think uploading their private key online is safe. I'm not sure I quite understand the benefit of this service. How does it work differently than me verifying signatures on my own? The site doesn't go into much detail on comparing itself to what people have been using for ages. Just curious.

Aldryic C'boas · Jun 23, 2014

Cloudrck said:
Private Key and Online should not be in the same sentence.

I've gotta second that one. My keys stay on my person, at all time - I don't even leave copies on my home workstation. I seriously can't imagine why someone would willingly upload theirs to a medium they have no control over...

willie · Jun 23, 2014

This sounds crazy even without the uploaded private keys. The keybase web site itself also screams privacy invasion, e.g. through the transclusion of googleapis. Even the idea of a public key directory (PGP had keyservers as you might remember) was somewhat obnoxious and didn't catch on all that well.

Cloudrck · Jun 23, 2014

Aldryic C said:
I've gotta second that one. My keys stay on my person, at all time - I don't even leave copies on my home workstation. I seriously can't imagine why someone would willingly upload theirs to a medium they have no control over...

From reading the site, it seems to be trying to make security "easier", for people who aren't savvy on PGP. Which would mean uploading a private key online seems safe from such a persons point of view. I can only see this going down a bad route. But I'll keep an eye on this project.

Raymii · Jun 23, 2014

Cloudrck said:
Private Key and Online should not be in the same sentence. I don't know how anyone can think uploading their private key online is safe. I'm not sure I quite understand the benefit of this service. How does it work differently than me verifying signatures on my own? The site doesn't go into much detail on comparing itself to what people have been using for ages. Just curious.

You don't have to upload a private key. That is indeed less secure, the only thing that protects it then is the passphrase. Plus it allows for offline attacks by our friends at the three letter agencies. But still, if we want more people to use encryption, it should be easy to use.

Anybody want an invite?

eddynetweb · Jun 26, 2014

I already have an account. It seems a tad-bit fishy to me, as to why someone would upload there "private" keys online, even with a passphrase. I'm not sure though...

wlanboy · Jun 29, 2014

This is a no-go service.

Can't believe that people store their private keys on a public service.

k0nsl · Jun 29, 2014

@wlanboy: Yup, quite incredible.

switsys · Jun 29, 2014

wlanboy said:
This is a no-go service.

Can't believe that people store their private keys on a public service.

I'm not surprised. A lot of people lacks brains

Keybase.io invitation

Raymii

New Member

Cloudrck

Member

Aldryic C'boas

The Pony

willie

Active Member

Cloudrck

Member

Raymii

New Member

eddynetweb

New Member

wlanboy

Content Contributer

k0nsl

Bad Goy

switsys

Active Member