Keybase ♥'s Mastodon, and how to get your site on Keybase Published 1683 days ago (Tue May 14 2019) And it's available in both our mobile and desktop apps. Unlike online wallets, its security is stronger than a password. We are live with a full-featured Stellar wallet in Keybase. Published 1583 days ago (Thu Aug 22 2019) Published 1479 days ago (Wed Dec 04 2019)īuilding ChatOps tooling on Keybase and releasing an open source way of managing SSH access on top of Keybase Just a quick blog post, updating some changes around that. Published 1422 days ago (Thu Jan 30 2020)Īs Keybase has grown, the spam has grown with it, non-linearly. Published 1421 days ago (Fri Jan 31 2020) Published 1324 days ago (Thu May 07 2020) The dozens of other users experiencing similar problems must be mistaken, too, about what they wanted their keys to do.Zoom has acquired Keybase, and we're joining forces. The capital-followers at HN have killed the link to this page, because the perpetrator said there’s nothing to see here. He used all caps, so you know he means it. The guy who got paid a bunch of money to force these ads onto your profile said it’s not a backdoor. This is a common, accepted usage in cryptography circles: when a tool that is used for signing or encryption/decryption creates a signature or decrypts a message for anyone other than the user, especially without the knowledge or consent of that user, it has hijacked use of the user’s keys and is no longer serving that user, but a remote attacker. Keybase themselves have used the term ‘backdoor’ to refer to an encryption program signing additional, unwanted keys against a user’s wishes. There seems to be some semantic bickering around whether or not an encryption tool silently making signatures in violation of a user’s wishes (and in service of the financial aims of the maker of that tool) qualifies as a “backdoor”. I have filed this as a bug, although I doubt it will be addressed sufficiently, as this is intentional behavior on the part of Keybase, who have hopefully been well-paid by Stellar for entirely undermining their tool’s trust. I don’t have an alternative for you, but if selling out your users and violating their trust and consent (and, by extension, fraudulently claiming that published cryptocurrency addresses represent payment addresses for your users) is the best you can think of, then perhaps you should give up and stop existing as a concern. Keybase, I understand that you have no good revenue model. There is no option to remove this payment address from my Keybase profile, turning my Keybase profile page into an ad for a shitcoin, using my name, face, and identity as an implicit endorsement for Stellar. Note: DO NOT send payments to this address! I don’t have the keys for this address, don’t control this address, and don’t want any XLM shitcoins even if I did–despite what Keybase’s client has claimed with my private keys. But in this instance, Keybase’s software decided to sign, for a user, without their knowledge or consent, an attestation saying that username*keybase.io is a legitimate stellar payment address for the user-even if the user has never heard of it. Of course, the user controls their keys using Keybase’s software, which, under normal circumstances, means the user controls their keys. This is done without any user interaction or consent, violating the fundamental principle of Keybase’s product until now: the user controls their keys. Keybase updated their iOS client to sign an attestation, as a user, that a given stellar address belongs to them, even if it does not. It seems that Stellar, the extremely well-funded and well-marketed cryptocurrency, has struck a deal with Keybase to “airdrop” (give away) their tokens to keybase users in an effort to drive adoption. Keybase’s iOS client has received a backdoor.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |