cjb
commented
7 years ago Hi! No, we haven't released the server side of the filesystem publicly.
Open k0nsl opened 7 years ago
cjb
commented
7 years ago Hi! No, we haven't released the server side of the filesystem publicly.
rawtaz
commented
7 years ago So much for being open source then ;)
For reference; It states on the Keybase Teams page https://keybase.io/blog/introducing-keybase-teams that "Our project is open source", in this context suggesting that both client and server is open source.
I too was looking for the server part (for self-hosting instead of relying on an external service), but couldn't find anything about it on the website. I understand now that it's only the client and some other tools that are open source.
Fair enough!
PS: I'm also not seeing a "Contact us" link on the main website.
kefahi
commented
6 years ago I would strongly advise that you live to the Open Source promise you made and release the server-side code as open source as well.
protobits
commented
6 years ago I too would like to know if this is on the plans or will be your business model based on providing a service using your closed source implementation. It is also interesting to know if keybase could eventually be decentralized or not.
RusAlex
commented
6 years ago GDPR firing up this month. Keybase seems like a great solution, but need self-hosted servers. would be great.
keybase-travis
commented
6 years ago It still isn’t on our roadmap
On Mon, Aug 20, 2018 at 3:20 PM Thomas Brasser notifications@github.com wrote:
Any updates on this?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/keybase/client/issues/6374#issuecomment-414432131, or mute the thread https://github.com/notifications/unsubscribe-auth/AOXH3wrvPwUqd85o_lUTy2fqs-mUXaQ2ks5uSwwXgaJpZM4MqiEC .
sau226
commented
6 years ago @keybase-travis @cjb Please put this on your roadmap or reclarify the open source statement. Even if some non critical patches are left out and some proprietary parts that are not required to run a successful copy are removed the community will be greatful if you do release this either as open source or source available
TheUserCreated
commented
5 years ago Perhaps an open source version stripped of anything in the server software that you wish to keep for keybase, ala chrome vs chromium. @keybase-travis @cjb. I apologise for commenting on an old issue, but I feel this is important.
menturion
commented
5 years ago Same here and +1 for the suggestion of @TheUserCreated.
An open source version of the server part with a subset of functionality could be a good approach to meet all aspects.
maxtaco
commented
5 years ago A small point here: NCC in their audit didn't wind up using any of our server code, though we made it available to them. They did all of their research using a proxy.
We unfortunately spend a lot of time fighting spammers and scammers, and we'd have to make sure not to release any of this "secret sauce" because it would make our lives so much harder.
daveloyall
commented
5 years ago spammers and scammers
How do you know that, if you can't read our messages? ;)
All of my favorite decentralized mediums are full of spam: usenet, email, and IRC. As a grownup, I understand that I can't have a freeman's communication network without spam. That's what clientside /ignore and killfiles are for.
daveloyall
commented
5 years ago Max, I appreciate the free service y'all are providing to me, and I appreciate your special effort to make the crypto very legit. But, the responses on this thread come off as disingenuous.
I think I speak for almost all of us when I say that the truth is that you don't want to release the various "secret sauces" because it would make your lives so much poorer.
I think I speak for merely a modest majority of us when I say that's not cool, man. To put a point on it: I am aware that some of us think it's OK for you to make a thing and profit from it, but I'm not one of them.
Wouldn't your team like to be known forever for creating the "email" of filesystems? Something so ubiquitous that it doesn't have a brand name anymore? You can't do that and sell your users just as soon as you get an offer with a B in it.
maxtaco
commented
5 years ago Just to answer the question about how we know: it's a combination of people complaining to us, and public things like signing up with public scammy usernames (e.g., lumensgiveaway2).
a3nm
commented
5 years ago Would it be possible to release the server source without the secret abuse filtering part then? (Essentailly like @sau226 was proposing above.)
ghost
commented
5 years ago @daveloyall
I think I speak for almost all of us when I say that the truth is that you don't want to release the various "secret sauces" because it would make your lives so much poorer.
...wow. You have some gall. As you said yourself, they are providing a free service. As you are not and likely never will be a customer of theirs, they do not owe you anything.
If they wished, they could lock the client today as well and it would be in their full legal right to do so. Granted old versions would still be available as open source, but any new version of the client starting today could be closed source and non-free if they so choose. If they wish to charge for the server, so what? If they choose to operate as a business instead of a charity or nonprofit, that is their choice same as yours.
I think I speak for merely a modest majority of us when I say that's not cool, man.
You do not speak for the majority of us. Perhaps you speak for other users that are equally uninformed of the ways of the open source community.
To put a point on it: I am aware that some of us think it's OK for you to make a thing and profit from it, but I'm not one of them.
It is not a matter of what anyone thinks. It is their decision if they want to operate as a business. Your thoughts only come in to play in regards to you deciding to be a customer, should they decide to run as a business.
Wouldn't your team like to be known forever for creating the "email" of filesystems? Something so ubiquitous that it doesn't have a brand name anymore? You can't do that and sell your users just as soon as you get an offer with a B in it.
Oh no? I think several companies are doing this already. Remember a decade ago YouTube did not have monetization. YouTube is the "email" of video streaming, and while they still have free offering, they certainly do charge for some services:
https://www.youtube.com/premium
charging for Keybase server would be no different. Finally if you do not like the current situation; you are welcome to release your own server, but we all know that is not going to happen.
Cheers
junderw
commented
5 years ago The amount of entitlement... lol
How about you spend 8 hours a day and make a great library that Keybase will really want to use in their backend, and make your library use GPLv3. Then they will have to open source.
Go for it. I'll star you on github.
ibsusu
commented
5 years ago spammers and scammers
How do you know that, if you can't read our messages? ;)
All of my favorite decentralized mediums are full of spam: usenet, email, and IRC. As a grownup, I understand that I can't have a freeman's communication network without spam. That's what clientside
/ignoreand killfiles are for.
Can't have a freeman's communication network without spam? lul wut? This is what I hate about adults, you guys give up. Hold my beer.
daveloyall
commented
5 years ago @ibsusu
Can't have a freeman's communication network without spam? lul wut?
We're getting tautological here... It's not a free network if I'm not free to send spam. :) Likewise, it wouldn't be a free network if you were compelled to receive it. Thus, the network must have both /send and /ignore.
@cup
YouTube is the "email" of video streaming
No, it isn't. Nobody owns email, not even the IETF. You do know that email is more like CB radio than it is like your cellphone company's data plan, right?
Everyone, This thread is about a request for the keybase server-side components to be released under a Free Software license.
I'm using the github web interface to see the emoji reactions to everybody's posts here and I see that we're split. My comment, pointed though it was, was praised by some.
My comment was pointed because I really really like Keybase! Among all the contenders, commercial, free, open, closed, distributed, federated, and centralized, keybase is quite possibly the nicest foundation currently available on which the communications network of my dreams might be built.
If you love something, set it free. Let it become bigger than you. That is what this ticket is asking for.
crazy-eddie
commented
5 years ago I came here looking for an answer to whether this was an interesting self-hosted solution. This thread convinced me not only there is no such thing here or ever will be, but that you entrust your security to obscurity...and that's not enough for me.
You don't have to care...but so you know...I was looking into your project and am walking on over that away.
junderw
commented
5 years ago Free Software is all about clients.
Free Software Foundation themselves acknowledge that server-side source is not needed as long as the client side is free and you can verify it doesn't send anything you choose not to send, to that server.
Anyone trying to play the "but mah Free Software" card are mistaken.
The software is free.
Just because a lot of cool projects also open source and federate servers doesn't mean that is now required for the 4 freedoms of software.
Anyone bringing those arguments here, admit that you just want it because you want it, don't try to bring in the Free Software ideology into this.
Keybase client software ticks all 4 boxes. Keybase server doesn't run on my machine and I don't send it anything valuable unencrypted.
Luraktinus
commented
5 years ago It's a bummer that I can't host it myself
fire-pig
commented
5 years ago Love keybase! Thanks for creating such great software. And thanks for making the client open source! I hope that you're able to find a business model that allows you to continue to make a healthy business while also fully open sourcing the code (both server and client).
iCodeSometime
commented
5 years ago I'm a pretty big proponent of free software, but I've got to agree with this comment. They don't have any obligation to disclose the software they run on their computers. If we really want our own back end for the protocol, we should make it ourselves.
sunjam
commented
5 years ago That is a good point, but it is also possible that the client software will switch to closed source.
strugee
commented
5 years ago That is a good point, but it is also possible that the client software will switch to closed source.
So? Literally any other open source/free software project could do the same, including free server software, or free client software that talks to a free server. We have a well-known defense mechanism for this situation; it's called forking.
lionirdeadman
commented
5 years ago @strugee Well, yes but if we only have the client part, it's much much harder but I'm sure you know that, ya pump ;)
ghost
commented
5 years ago Yeah, nothing I have to say is new, but...
Claiming to be open source and then excluding the server side ... not cool. I can't trust Keybase if they won't show me that they aren't snooping on my "E2E encrypted" messages...
:<
strugee
commented
5 years ago I can't trust Keybase if they won't show me that they aren't snooping on my "E2E encrypted" messages...
This makes absolutely no sense. Are you sure you understand exactly what end-to-end encryption is and what benefits it brings? The client is open so you can verify the encryption yourself. (Unless you're talking about metadata; I don't know how Keybase handles that but in any case that's not what you said.)
ghost
commented
5 years ago 
gdinnocenzo
commented
4 years ago I am also interested in the server side software. Keybase, as is, looks interesting but I can't have my communication depend on a third-party controlled server.
jchook
commented
4 years ago The amount of entitlement... lol
How about you spend 8 hours a day and make a great library that Keybase will really want to use in their backend, and make your library use GPLv3. Then they will have to open source.
Go for it. I'll star you on github.
Not like they got $10M dollars and could easily prioritize this.
dgellow
commented
4 years ago Now is the time to do it.
teohhanhui
commented
4 years ago https://keybase.io/blog/keybase-joins-zoom
Keybase has been acquired by Zoom. Do you trust Zoom? I know I don't.
Open-sourcing the server code would allow Keybase to live on regardless of who owns the business.
ghost
commented
4 years ago I already shared a few niche communities that Zoom has acquired Keybase. Thirty-nine people (and counting) jumped ship, including me. I'm looking forward to an alternative as we usually use Keybase daily, but this move is an absolute deal-breaker. The only other option is open-sourcing the server.
iCodeSometime
commented
4 years ago I like keybase, but there is zero chance I continue using this as it currently stands.
YeehawItsJake
commented
4 years ago I used Keybase for a while, I loved the idea of everything being encrypted and secure. I could talk with my team, other friends, and host all my files right there. But having Zoom buy them? Big no-no. I dont trust zoom at all, especially with how poorly they handled security these past few months. Ill be moving my files and deleting my account. It was fun while it lasted though, right?
iCodeSometime
commented
4 years ago I propose the name freebase for the upcoming free software alternative.
NiklasBr
commented
4 years ago I propose the name freebase for the upcoming free software alternative.
Be careful, it's already in use ;)
NiklasBr
commented
4 years ago Sigh. Sorry. I always forget that winkey smileys are not enough to convey that the attached message is mostly about having fun and that the message should not be taken so seriously.
Mikaela
commented
4 years ago https://github.com/keybase/client/issues/24105 seems to now be a more popular duplicate issue.
fenixnet-net
commented
4 years ago I liked keybase. Past-tense. Zoom is mendacious on a good day. If it were possible to have a trust value less than zero, that'd be mine. I'm ditching keybase permanently as a result of this acquisition.
I'll consider using it if a FULL audit of ALL code used to run it is available. Open-sourcing only a client is not an open-source project. Open API maybe, but to call that an open-source project is disingenuous rules lawyering. My security concerns are not going to be addressed by that kind of nonsense.
k0nsl
commented
4 years ago I liked keybase. Past-tense. Zoom is mendacious on a good day. If it were possible to have a trust value less than zero, that'd be mine. I'm ditching keybase permanently as a result of this acquisition.
I'll consider using it if a FULL audit of ALL code used to run it is available. Open-sourcing only a client is not an open-source project. Open API maybe, but to call that an open-source project is disingenuous rules lawyering. My security concerns are not going to be addressed by that kind of nonsense.
I am with you completely on this one and unfortunately it appears that I will also be ditching Keybase due to reasons already stated by others — particularly @fenixnet-net — in this issue created by myself some three years ago.
This is rather sad. I liked project and have invited quite a large number of people to Keybase, thinking this was a rather good way to share files and to communicate seemingly private. But now I am unsure about everything until such a time comes when there is a full audit of every bit of code used in Keybase.
That is all for now.
chindraba-ga
commented
4 years ago Sorry to see you all leave over the Zoom issue. My initial reactions were quite similar. My thinking has changed, however, in that the client, which has been audited, relies on the server for communications, but is unable to see the communications, and has no access to the keys the crypto is based on. Dropping Keybase, as a client tool, because the server is not open sourced and audited it the same as dropping Tor Browser because your ISP uses non-open source servers. The security of TOR doesn't depend on the security of your ISP, which is unable to see any of the content which passes through their servers.
Knee-jerk reactions can be handy when there isn't time to evaluate the situation. On the other hand, when there is time to evaluate a situation, and consider the risks and facts, knee-jerk reactions can be less secure than sober evaluations.
I'm not going to try and convince anyone to stay, or to leave. Each user makes their own choices based on their own evaluations.
jchook
commented
4 years ago We have open alternatives for most everything Keybase provided. Just to name a few:
Chat:
Trust:
Files:
General end-to-end encryption
wiktor-k
commented
4 years ago Trust section is missing https://keyoxide.org/ that looks like a direct competitor to social proofs provided by Keybase: https://keyoxide.org/9f0048ac0b23301e1f77e994909f6bd6f80f485d
aolieman
neruthes
Hi,
I like the idea of this chat (especially the encrypted filesharing feature). I'm just wondering if the server portion is available somewhere for public consumption? I would like to run my own self-hosted server, that is why I am asking.
Thanks in advance.