I use Keybase as a daily driver and I really love the platform, but almost every other chat client I use when switching from Keybase feels butter smooth in comparison. These tools look like a great addition, and the Stellar integration is something I think has a lot of potential if it ends up being able to manage other wallets as well.
I just really wish more love would go into the UX of the application. I have duplicate undeletable conversations with contacts, duplicate folders in KBFS that I cannot delete or access which cause I/O errors in tools that do full system scans. I keep running into errors in the UI with obscure error codes that I keep reporting to no avail. There are currently 3,292~ open issues on Github at the time of writing so it's difficult to track what the team is focusing on.
Everything feels just a little too janky.
Still, I don't believe there is any other decent alternative to Keybase that offers the same identity based mechanism for communication, and Keybase absolutely nails that. I can message half the users on HN with very little friction. People can encrypt and send me documents without registering with a single page view. A bit of polish and I think Keybase could shine, but right now It's hard to suggest as a Slack alternative.
Keybase is a little like "Linux on the desktop". I love it, I use it. With my help, even my dad can use it. The underlying architecture is righteous, it's open-source, and I want it to be good enough so that everybody can use it... but it's just not. Too many basic things that "normal people" want to do just don't work well enough.
Keybase's desktop and mobile apps sometimes hang while decrypting old messages, and until you force quit, the messages won't load.
The Mac app gets into this mode where it can't be hidden, and just insists on staying on the screen.
It doesn't work at all, for any reasonable value of work, on the iPad (it shows a tiny little phone-sized window that fills about 25% of the screen, and doesn't support rotate so it's rotated 90 degrees if you try to type into it with the keyboard).
Etc.
OTOH, the underlying platform seems well-designed and that's obviously where most of the effort is going — it's been a steady march of new and valuable features. They only added the chat feature itself 3 years ago. Keybase git, Stellar wallet, Keybase SSH, the awesome new bot architecture...
While I too wish the apps were smooth and polished, Keybase might be right to focus on the platform first. Making a good app using cross-platform UI toolkits is hard.
Those toolkits are evolving fast, too. It's not inconceivable that in another 3 years, the apps they have today will have been completely replaced by new ones based on a next-generation UI library that runs on top of Tauri[1] or whatever the new hotness is in 2023, and maybe those will be smoother and more polished due to general advances in cross-platform app cores and UI libraries, and if that happens we might end up being glad that the Keybase people spent their energy on building out this reliable crypto platform instead of trying to fix Electron's window layering bugs or whatever.
But yeah, in 2020, I agree the Keybase app's aren't even close to being polished enough to replace Slack for most people. (And Slack itself is pretty awful!)
Polish and a better sense that their long term business model makes the most sense for the sort of infrastructural platform they want to be. Cryptography infrastructure seems like something that should be delegated to something much more like a 501(c)3 than a for-profit corporation.
For a slightly different perspective (1:1 chat instead of Slack replacement) I've had a better experience with Keybase than Signal or Telegram for end-to-end-encrypted 1:1 conversation.
Telegram's "Secret" (e2ee) chats are device-specific, which pretty much disqualifies it for regular use.
For Signal, I've consistently found that if I'm logged into three devices (e.g. two laptops and a phone), my phone will buzz and a notification will appear but then immediately disappear. If you don't notice the vibration, you'll miss the message until the next time you open the app.
Agreed. And some accessibility related work would also help, for now, i doubt i would have any chance convincing any of my visually impaired friends to use the keybase apps.
Keybase still lacks essential features like being able to mute specific group chats. On Android it's all or nothing: I can either get a notification every time someone spams a chat, or I can turn notifications off and not even know when someone directly messages me.
As an example of the magic referred to in the post, here's some encrypted text that could be read by `pg` here on HackerNews: https://pastebin.com/raw/bxRaymaB . As explained in the article, the unlocking step trusts HackerNews at one step in the process.
P.S. I'm the blog post author. BEGIN KEYBASE SALTPACK SIGNED MESSAGE. kXR7VktZdyH7rvq v5weRa0zk7RUjCs bLeGBWHRNe047t1 63n5tVSjvbZwtwt nQVqdDHEZIR4kgD PpRDesKecb1Y4U2 jcnOUuLfKvsiGZY PP7SbO79zoRFEuv e8gXRm44Brjfdym iwy2mGXI9VW5PDf WMxwJdTflgruGMK SUkEhjqwUOEc8KR AC6aF8iJadgq3bz oGMLpY750H1Deus EGPgtQQVIeh05mx HY7K3oFOn3SjeS3 cL1duil9YgmZi1y zKu3bfFSbjelgzc 5UMZ42xTJJs0gT. END KEYBASE SALTPACK SIGNED MESSAGE.
To be honest, as neat as it sounds, I could very easily see this being banned from a lot of platforms. Its disruptive to any community to have some parts of the messaging being inaccessible on that platform. Keybase own terms and services requires their users to use their services in accordance with the law, so that puts growing number of countries where these messages will be impossible to ever access.
And from an archive standpoint, in 20 years, no one is going to appreciate walls of text encrypted on a system that may no longer exist.
I'm not saying that I don't approve of the tools, or the concept, but I think the implementation and this envisioned usage are off.
I don't think I would have launched this without an accompanying browser plugin that could handle the decryption and verification in place, but even that only solves have the problem.
Looks like I’m alone in my sentiments; Keybase is my favorite messaging app. #1 reason is that it has the best cross platform behavior I’m seen (but I need a RISC-V version). However every feature addition fills me with angst that it’ll add more unwanted bloat.
Ability to use it as an SSO authority. You could grant certain access to new employees, who have already proven their identity in Keybase. Imagine having your own identity that can be given roles by multiple organizations.
Ability for Bitwarden to use Keybase as its store.
A way to store your homedir in Keybase's filesystem.
A way to use Keybase as a development space. Imagine Alice gets a job at Corporation X. She's given the "programmer" role. That automatically makes Docker images, Jenkins access, Artifactory access, Git repos, other relevant software, all through KBFS. You could even use KBFS as the store for Jenkins and Artifactory. As Keybase already has PGP/GPG support built in, signing commits in Git would also work smoothly.
(I really like Keybase, I just hope it can continue to grow, fix bugs, and add features)
> When she someday establishes keys, and cryptographically proves her Twitter account, the Keybase servers will ping my apps and ask for me to make available the decryption key to her. My app will check the signed statement from myself, check her tweet, make sure the proof is valid, and then send the decryption keys to her, encrypted for her device keys.
> Keybase is not a trusted man-in-the-middle here, and no one else has keys. The only weak link here is Twitter: my assertion is like this, in English: “once someone who owns the @billieeilish Twitter account publicly proves a Keybase connection, I'll unlock it.” If Twitter gives that account to someone else or takes control of it, I'll be trusting Twitter's answer. @billieeilish is not yet a human. She's a Twitter account.
That seems decent at first pass. Keybase could maliciously not notify about her joining keybase, but everything after that seems like it follows a cryptographic path.
Is your concern that their code is improperly implemented (which seems the concern cited for triplesec)? I'm not seeing the abuse risk. Any pointers?
I just really wish more love would go into the UX of the application. I have duplicate undeletable conversations with contacts, duplicate folders in KBFS that I cannot delete or access which cause I/O errors in tools that do full system scans. I keep running into errors in the UI with obscure error codes that I keep reporting to no avail. There are currently 3,292~ open issues on Github at the time of writing so it's difficult to track what the team is focusing on.
Everything feels just a little too janky.
Still, I don't believe there is any other decent alternative to Keybase that offers the same identity based mechanism for communication, and Keybase absolutely nails that. I can message half the users on HN with very little friction. People can encrypt and send me documents without registering with a single page view. A bit of polish and I think Keybase could shine, but right now It's hard to suggest as a Slack alternative.