Keybase: don't.

17 Mar 2022

I used to use keybase to be my ultimate key and account coallation place but then I kept losing passwords and shit and now I have two accounts that both are in some ways associated with my identity in one way or another which are now forever lost to time (don't trust those keys either, the trusted key for me is ON MY WEBSITE/CAPSULE).

I think everyone should learn how to use GnuPG or their own platform's PGP platform instead of relying on online, Service-as-a-Software-substitute platforms like Keybase as not only would it allow everyone to be more confortable with the command line but also realise that key sharing is an inherently sacred process.

If you trust any old Joe's account as being legitimate it opens you up to attacks where character similarities can fool you into trusting someone else as Joe! Key signing is also a sacred action. If you sign other's keys any time you want with no reasoning or trust, not only will you potentially hurt your contacts by having them trust people who aren't trustworthy but also may result in your key being untrusted!

PGP has many more nuances than what Keybase and similar online services allow you to show and I hate it that Keybase also does that stupid "let's turn everything into a social network" bullshit by having you "follow" people instead of importing and trusting their keys.

If you wanna sign or encrypt stuff, it's easier and more secure to do it locally and not upload your keys or generate them elsewhere (Keybase generates keys!!) because then you can trust the process because you ARE the process!

So do yourself a favour, and stop using Keybase.

Related Links

Keybase's documentation for their "Lockdown Mode" which is for users who "want extra protection for their account", note that it says "sensitive cloud-hosted data".

All content on this website is licensed CC BY-ND 4.0 unless otherwise stated. Copyright © threeoh6000 2021-2023
Powered by ewfm.