KeyBase is DEAD

[ghost]

I’m calling on the Contributors to confess this, and allow people to move on- since the acquisition by Zoom this GitHub has literally been quieter by ever before by a HUGE margin… the two and a half people left working on KeyBase seem to do nothing as is.

[Rudi9719]

@bytefend have there been any vulnerabilities found in the Keybase client recently that need patching? Otherwise I'm not sure how there could be a security issue from lack of patches. @DogsAndTwelveKittens what are you expecting the contributors to confess? Do you feel like they're hiding anything from you or lying to you?

[Rudi9719]

I have multiple 0days for keybase @Rudi9719

These should be reported immediately to the Zoom Bug Bounty page then. https://hackerone.com/zoom or follow the instructions on the Keybase bug bounty page. https://hackerone.com/Keybase (didn't notice that before)

[kiwimato]

I agree with OP, to me it sounds almost dead, looking at this which basically makes Keybase uninstallable on newer Debian/Ubuntu flavors makes me think it's close to being unmaintained. Basically Keybase "how-to install" documentation for Ubuntu/Debian flavor doesn't work and seems nobody cares. After a quick look at 1st page of issues seems like nobody is actively involved in the project anymore. A look at the commit page I see few devs who are active, so maybe it's just an issue that it's they're simply not enough devs and too many issues? I would love to contribute but not sure who to talk to, especially after being bought by Zoom.

EDIT: just found this:

2020-05-07: Keybase app/site no longer maintained, Keybase team acquired by Zoom and working on Zoom security instead https://keybase.io/blog/keybase-joins-zoom

[kiobu]

Time to start using keys.pub I guess.

[BNolet]

From the blog post it sounded like they planned to continue working on KeyBase... if that's the case it's a damn shame as that would mean that KeyBase was literally just acquired for the technology and engineering

[Rudi9719]

New Release

[orgcontrib]

A year earlier:

• https://github.com/keybase/client/issues/24303

[piotr-yuxuan]

It is dead indeed; time to move on. Would you advice for any alternative tooling?

[caesar]

Would you advice for any alternative tooling?

It's a bit less polished / requires more technical understanding to use, but Keyoxide is great, and as it's decentralised it doesn't rely on any single party who could shut it down.

[junderw]

The Matrix protocol has gotten better and better over the last few years.

The new "Spaces" spec is versatile enough that there have been pie-in-the-sky discussions on how this could be used to create a virtual filesystem synced between devices using fuse etc.

The only aspect missing from Matrix that keybase has is the social network proofs + public attestation to other people's keys... and the committing to the blockchain part to prevent rollbacks of the sigchain.

These parts are actually quite useful from a security standpoint, which is why I hope keybase opens their server source if they ever shutdown.

But from an enduser perspective, Matrix clients like Element are day-by-day covering almost all the use cases.

And you can self-host the homeserver to boot.

(not to mention Matrix has 1:1 video/voice calls and multi-party video/voice calls via jitsi (multiparty calls directly in the Matrix protocol are being worked on righ now, it's in Alpha))

[junderw]

I wonder if zoom is willing to sell off the keybase service and a few of the lead engineers so that some other company could actually do something with keybase?

[virtadpt]

Doubtful. I think they're trying to kill it through neglect, rather than just shutting everything down.

[Southclaws]

Nail in the coffin?

[junderw]

Nail in the coffin?

You have to go to keybase download page on their website and re-download and re-install the keybase client.

The TLS certificate error prevents the auto-updater from downloading the new client.