Ability to hide followers and following.

[5h4d0ww0lf]

The whole concept of that is that you show who you trust and who trust you. (You can follow locally if you want)

[hosseamin]

Then how about showing them to those who we trust?

[5h4d0ww0lf]

@hosseamin On your profile there is category followed and following so anybody can see who you follow and who follows you.

[hosseamin]

@5h4d0ww0lf I meant, How about implementing a feature so public cannot see these lists but those who I'm following can see?

[5h4d0ww0lf]

@hosseamin Why? What purpose will it have? When you follow someone the only purpose is saying I trust you and if you are unsure use keybase follow -l %user% for local following so your pc knows you trust them but it isnt public.

[dabura667]

This issue is a repeat. Some really good arguements on how / why to implement it were raised.

• I have a keybase
• 500 Nazis on Keybase with swastikas follow me.
• My profile page is covered in Nazi symbols

I should be able to hide their icons from showing on my page.

The client can verify all their signatures, no one asking to break the sigchain or anything.

Just merely asking for the ability to remove the icons/usernames of followers from my profile. You can still see it in the terminal if you reeeeeeally want.

[dabura667]

A rebuttal to that was “wellll this is just a social construct of ‘ooh I’m sooo scaaaawed people will think I’m associated with other people that appear prominently on my profile under the word “follower””

To which the reply was:

Uhhhh, wasn’t the whole point of Keybase to enfuse SOCIAL media with public key cryptography? Saying the fear is invalid because no one will make social assumptions on social media is....... not a good argument.

I am for it.

But like I said. It’s a duplicate.

[chicagobuss]

If following/followers can't be made private, recruiters will start using this sytstem to systematically find people who likely work together.

I totally understand people wanting to make their follower/following information private - it's a very valid request IMO.

[time-less-ness]

"Follow" has a connotation in the real world as well as on Keybase. I should be able to quickly/easily categorise my "followers" into at least three categories:

• This follower is someone I know (+like, +trust, etc)
• This follower is a random I don't know (or don't trust?)
• This follower is a harasser that I wish I didn't know (I have at least one of these myself)

That aside, making the social graph public has some problems as well, although it is central to Keybase functioning. So perhaps when I want to "follow" someone, we should both be able to temporarily expose our follower/follows list to ensure we are who we think we are, but when browsing publicly, only graph edges that we want exposed would be exposed?

[chicagobuss]

But like I said. It’s a duplicate.

@dabura667 - can you link this to the duplicate?

[Visgean]

Any progress? I don't want my social graph publicly exposed.

[Visgean]

@heronhaye

[heronhaye]

See https://keybase.io/docs/server_security/following. Follower information is public info by design, so even if you were to hide it on your profile, it's still available in the public Merkle tree. If you like, on desktop, you can run keybase follow --local someuser to follow someone privately.

[dabura667]

@heronhaye

even if you were to hide it on your profile, it's still available in the public Merkle tree.

I think everyone is fine with this. We just don't want 100 bot users with Nazi icons and boobs as their icon filling up our "Followers" page and making everyone else think we're sexist Nazis.

No one is asking "Please modify the merkle tree path to allow for removal of hashes based on the quadratic formula of the hypotenus"

They are saying "get the boobs and nazis off my followers list." and the simplest way to do that is "allow me to hide my followers"

Why does hiding a UI element (not touching the backend, a user can still run the CLI command to see the list of all followers of any user) decrease the security of Keybase?

It doesn't. No argument against it.

[dabura667]

Here's a good way to phrase it:

1. Keybase's INTENDED use of following/followers is to make a statement "I trust these people, and hey look at all these people who trust me!"
2. The actual usage in the wild by bots and spammers is to trick 3rd parties looking at YOUR page (not the bot's) into thinking that YOU are saying "Look, all these Nazis trust me, swastikas as faaar as the eye can see. Since I am not doing anything to block / remove them, you should know that I am also a Nazi sympathist"

They can trick people into this, because unlike your hopes and dreams,,, 99% OF ONLOOKERS DON'T UNDERSTAND EVERY TINY FEATURE AND DETAIL OF HOW KEYBASE WORKS.

If they go on Twitter and see that X is followed by nazis, and is doing nothing (Twitter blocking removes followers) they will assume you are also a Nazi.

If they go on Keybase, they won't push their glasses up on their nose and say "oh yes, of course the followers section is actually just a commit hash to the merkle tree on the sigchain with the discombobulator and the high frequency capacitor-mabob"...... they will think the exact same thing as Twitter.

"oh hey, this guy is a Nazi too. Steer clear, ok."

Maybe a big compromise would be to add a big ugly warning directly above the followers and following pages saying "HEY, THIS IS NOT A SOCIAL MEDIA PLATFORM, AND FOLLOWING JUST MEANS THAT THEY DIGITALLY SIGNED A KEY OF THE FOLOWEE. ONLY USE FOR THE PURPOSE OF IDENTITY VERIFICATION AND DON'T READ INTO IT SOCIAL CONTEXTS."

But to be honest, even that warning would get ignored the second you said "digital signature".

And if you're just going to target devs, then nuke the UI. Make everything CLI only.

Closing your eyes and sticking your fingers in your ears does not mean there is no problem.

There are other ways of fixing it, sure. But just saying "followers must be public because security" when no one is saying to make the merkle tree private, they are saying remove them from the UI so that low-skilled recruiters who can't even create a pivot table can't just click on my keybase profile and immediately know all my coworkers.

If they can work the CLI and get the follower names that way, good for them, but at least by allowing us to remove them from the UI it will help lower the problem.

Sorry for getting heated, but repeating the same thing over and over is not resolving any problems.

At the very least we'd like recognition that the problem exists. Because it does.

[time-less-ness]

It sounds like there are two user stories desired:

• Prevent non-technical users from seeing who follows me easily, because they want to figure out my social graph. Require them to at least get a non-default client that will expose the social graph before they can see it, if I've marked myself as a privacy-concious person, or who hates recruiters.
• Prevent randos who don't understand Keybase at all from thinking people who follow me represent my political views.

The former is "solved" by allowing someone to check a "don't show my followers" box somewhere, and the default client respects this.

The latter might actually be solveable: expose an evil bit, if you were, on the graph edge between myself and the person following me. If the evil bit is set, that person by default doesn't show up in my followers, or maybe shows up in a special section called: "People who follow this person, but this person really doesn't like the follower." (Perhaps 4 states? 0-->Undef, 1-->Close acquaintance, 2-->Acquaintance, 3-->Don't-Know-This-Follower, 4-->Actively-Dislike-This-Follower)

The hard part is figuring out the implications of that. As soon as the second feature is implemented, you'll get the next feature request of: "I'm getting followed by 300x bots and spammers a day, how can I filter them out without spending 5 minutes a day flagging them as evil?"

[DYevseyev]

I have just realized that this is a major flaw of keybase. Please can we get the ability to hide followers and following from public view. Wish we could fork to a code that had this in mind so that it is not recorded for all time.

[heronhaye]

Also, if you block a user on their profile (... -> Block), they won't show up in your followers list.

[Jay1]

I think this is a major disregard, socially, even for trivialities. Let's be real most of us don't want to become Keybase famous and publish we're following XYZ girl and ABC dude... Let's make a setting option to hide/unhide followers, that way we can decide granularly if we want to deal with the social aspect.

[chindraba-work]

I think I understand some of the issues people are expressing here. The list of whom I'm following does not seem to be the problem. And, if it is, the --local option for following seems to solve it. The problem is that a user with a seemingly unlimited of trashy followers will be presumed to "agree" with what ever that trash is. A lesser, though repeated issue is that recruiters might be using the follow/following information to establish a useful social graph for other purposes, such as finding people who work together, or might have other similar interests.

Addressing the latter first, I don't believe that anything Keybase does could stop, or even slow, the progress of such recruiters or others creating a social graph for their own purposes. The Keybase profile includes attestations for other sites, including social sites, and building the graphs from there is probably easier than using the Keybase profile information anyway. My conclusion would be that this reason for changing how the following/followers is displayed is not strong enough to warrant its implementation. In addition, to establish a useful social graph one would have too look for bi-directional connections. Me following someone who is not following me is possibly indicative of something about me while meaning nothing about them, and certainly is not part of a social graph as there's no interaction between the me and the other user. The same, in reverse, applies to followers of me; it might say something about the other user while meaning nothing about me (expect perhaps that I haven't deemed them worth following back) and does not form part of a "social" graph.

Let's make a setting option to hide/unhide followers, that way we can decide granularly if we want to deal with the social aspect.

The case of someone who is following a user, where the user does not wish to be associated with the one following them is already handled. One of the options when blocking a user is to "Hide from my followers." If someone is concerned with the impression made by the list of users (or their avatars) who are following them, they can proactively assume any granularity they wish. Of course, there is also the option to report the blocked user to admin, which may or may not have any value at this point in the future of an app with an uncertain future.

---

As a side note, following someone does not say "I trust" them. It says "I don't" trust them and want my client to verify them every time we connect with them. "Following" is also different than on many other platforms (as I understand it). Setting some one to followed status does not result in me receiving a notice of every post they make, I'm not hanging on every word they type, as if they where somehow an influencer in my life. I won't know anything they post, unless I'm in a team where they are, or have a private chat with them already. The choice of "follow" as the verb was unfortunate, due to it's connotations from other platforms. Still, I'm at a loss for a better word/concept for it, and it seems the Keybase team was as well, as it was changed from "track" to "follow" at some point.

[alexiri]

Having the option of hiding the following/followers lists from the Keybase public site would at least also stop search engines from indexing it. Otherwise, a Google Images search for a user would display as well the swastika-filled profile pictures of the followers with absolutely no context with their name under the image.

[chindraba-work]

meh

[alexiri]

@chindraba-work maybe you don't care, but others might. Why not give them the choice? There's absolutely no reason why profile pics of followers should be published like that in a way that someone with no knowledge of Keybase would associate with you.