client
client copied to clipboard
keybase
KeyBase is DEAD
I’m calling on the Contributors to confess this, and allow people to move on- since the acquisition by Zoom this GitHub has literally been quieter by ever before by a HUGE margin… the two and a half people left working on KeyBase seem to do nothing as is.
@bytefend have there been any vulnerabilities found in the Keybase client recently that need patching? Otherwise I'm not sure how there could be a security issue from lack of patches. @DogsAndTwelveKittens what are you expecting the contributors to confess? Do you feel like they're hiding anything from you or lying to you?
I have multiple 0days for keybase @Rudi9719
These should be reported immediately to the Zoom Bug Bounty page then. https://hackerone.com/zoom or follow the instructions on the Keybase bug bounty page. https://hackerone.com/Keybase (didn't notice that before)
I agree with OP, to me it sounds almost dead, looking at this which basically makes Keybase uninstallable on newer Debian/Ubuntu flavors makes me think it's close to being unmaintained. Basically Keybase "how-to install" documentation for Ubuntu/Debian flavor doesn't work and seems nobody cares. After a quick look at 1st page of issues seems like nobody is actively involved in the project anymore. A look at the commit page I see few devs who are active, so maybe it's just an issue that it's they're simply not enough devs and too many issues? I would love to contribute but not sure who to talk to, especially after being bought by Zoom.
EDIT: just found this:
2020-05-07: Keybase app/site no longer maintained, Keybase team acquired by Zoom and working on Zoom security instead https://keybase.io/blog/keybase-joins-zoom
From the blog post it sounded like they planned to continue working on KeyBase... if that's the case it's a damn shame as that would mean that KeyBase was literally just acquired for the technology and engineering
It is dead indeed; time to move on. Would you advice for any alternative tooling?
Would you advice for any alternative tooling?
It's a bit less polished / requires more technical understanding to use, but Keyoxide is great, and as it's decentralised it doesn't rely on any single party who could shut it down.
The Matrix protocol has gotten better and better over the last few years.
The new "Spaces" spec is versatile enough that there have been pie-in-the-sky discussions on how this could be used to create a virtual filesystem synced between devices using fuse etc.
The only aspect missing from Matrix that keybase has is the social network proofs + public attestation to other people's keys... and the committing to the blockchain part to prevent rollbacks of the sigchain.
These parts are actually quite useful from a security standpoint, which is why I hope keybase opens their server source if they ever shutdown.
But from an enduser perspective, Matrix clients like Element are day-by-day covering almost all the use cases.
And you can self-host the homeserver to boot.
(not to mention Matrix has 1:1 video/voice calls and multi-party video/voice calls via jitsi (multiparty calls directly in the Matrix protocol are being worked on righ now, it's in Alpha))
I wonder if zoom is willing to sell off the keybase service and a few of the lead engineers so that some other company could actually do something with keybase?
Doubtful. I think they're trying to kill it through neglect, rather than just shutting everything down.
Nail in the coffin?
You have to go to keybase download page on their website and re-download and re-install the keybase client.
The TLS certificate error prevents the auto-updater from downloading the new client.