search

keybase / client

Keybase Go Library, Client, Service, OS X, iOS, Android, Electron
BSD 3-Clause "New" or "Revised" License
8.91k stars 1.23k forks source link

Require opt-in for Stellar reverse account lookup #19721

Open balboah opened 5 years ago

balboah commented 5 years ago

When I use my default Keybase Stellar wallet to pay in any store outside of Keybase that accepts Stellar, my account id will be logged. This is no big deal, it's how Stellar works.

But this also allows the store or anyone on the internet to identify my Keybase username with all the proofs that this brings, even if they didn't know my Keybase username from the start. Imagine the profiling and tracking you could do in the real world for advertisements etc.

The Keybase federation server makes this possible by allowing reverse account lookups. I think this should only be enabled for an account if you actively opt in for it.

irina-med commented 5 years ago

{ "body": { "key": { "eldest_kid": "010173edc62eab85aed90d8f95e4c9fd8fa46d2967b6f96bc39d3c93fc38ebf01ffe0a", "fingerprint": "56fa4890ed875d0c387b3d30d03408f4478f2aa3", "host": "keybase.io", "key_id": "d03408f4478f2aa3", "kid": "010173edc62eab85aed90d8f95e4c9fd8fa46d2967b6f96bc39d3c93fc38ebf01ffe0a", "uid": "0edffcb92a3a4892ac478c30983c6a19", "username": "irinamedova" }, "service": { "name": "reddit", "username": "irinamedova" }, "type": "web_service_binding", "version": 1 }, "ctime": 1568639834, "expire_in": 157680000, "prev": "686be7d7d941a5902b5fca361b200ea41da46c526b4a5a1a6719fb51f4098835", "seqno": 9, "tag": "signature" }

irina-med commented 5 years ago

-----BEGIN PGP MESSAGE----- Version: Keybase OpenPGP v2.1.3 Comment: https://keybase.io/crypto

yMISAnicrZJbSBRRHMbXNMuFwFAjQisn1JfVZubMddkHNYIsCyrrQVe3M3PO0Umb XXdHV1ErumMPml1AsKIgCbSLEIklkrcsjCwwFCKstAetByPojnbG7C166ryc2+/7 zvf/cwZWRDqcEW/6LpIr3xKrIoZ7z1c4Cg+dzq9hND+qZtw1TClemHAZwiHLV2og xs2wHMvJACNd4jHUFBFipLJIIaqIBV0ldAUFCfGqJGsSUSVNByoCugqIDhSsEZYj BLOQcTHEMItxMBA0TIvaihLVKSqLkSKLiKWwrAEEWMQCgVWIIMgK4SEEVFjiD9kK Gk6DIZxh+OkZ3fgW4v2F/8+5K37bYUSIrqk8BHZuHur0RR2wqgJ0CXKqDYZw0IQH MKUNWiVdIX8lZOpcDL2oNHRs93YRCGKEDOufIqs6YJ+GseZb1Ps0w0S0i1RWiYMh w28ybo6SumXYBpwoKRKggQQXg6sCRhD7DJsQZUlh6XAxgSCupJYU07CMZKQKHBRV ltdEokMgcRrPshgKHKKt0UVe0gQoQg5KMqcSTeSIQMtVgMjYFZWbfsat0piwmFqG jGITWhVBzNT1PfBGOSKcjuilS+zf5XDGxP75c5FTyx0N96oLz/TeOgsGR/u/F5hf HVJTx1PgrG0Wro7vTll5+Yu3Lb3MSrufd8r5abbodk9/942hR3nE9S515s65kj2J J6MTorN2vXybm5TpWZU/ezgulDz2s8vaODA3mqb7W8P71uQ0T3pihIc3r5X1pLbV k51z/OsTj59cb7eKhg3Y5dkS9bzAbIqfiPu4d2t78njHDj27ZmzmVX9tSu/nZUmD z8C2cu/xwaPjOXenw3UHnZkot3Nke7Nn2hP+8D58JPaSc2p/Cu5tmM+C5Qnxxyqy MxsaR6IvTICsocSM1LEf5SUvBlo2z3u7G0lrYsvc5IbmTela59p1q6c7e9YPddf/ Agq1RRY= =Z3ZU -----END PGP MESSAGE-----