Mastodon and Keybase

(keybase.io)

406 points | by malgorithms 3 days ago

14 comments

  • zach43 3 days ago

    Just wanted to say that i moved from twitter to mastodon sometime late last year amd couldn't be happier with it. Keybase integration is interesting to me, but not realky useful since i don't want to tie mastodon with my real life identity.

    the Fediverse as a whole has a very different 'feel' to it compared to Twitter. Twitter feels significantly more commercialized amd stressful...mastodon / pleroma feel a lot more relaxed and pleasant in comparison.

    Maybe i just accidentally joined nicer communities, but i see a lot of small-scale chitchat and genuineness on mastodon than i rarely see on twitter.

    I've also had zero issues with the platform from a technical perspective...overall i think Mastodon, etc have done decentralization "right", and have a lot of potential for growth in the future

    • dwighttk 3 days ago

      I opened a Mastodon account and me and one other person I know who opened an account toot at each other every 6 months or so... I guess there is another person I know who opened one but never toots...

      I try to pretend it doesn't matter to me, but calling individual posts "toots" really does keep me from talking about the service with other people.

      • metildaa 3 days ago

        There are lots of interesting people on Mastodon, I would recommend searching by hashtag and joining an instance that matches your interests (eg: sdf.org, sergal.org (furries), cybre.space, etc).

        Many instances block Mastodon.social and other massive instances, and different instances will have different views of the network (based on who the users of the instance follow and how long toots are retained).

        • baroffoos 3 days ago

          I do wish mastodon had the concept of groups so I could join all the groups I'm interested in rather than having to sign up for an account on each one.

          • metildaa 3 days ago

            Generally you just follow people, making accounts on each instance would be rather silly.

          • dwighttk 1 day ago

            eh, I don't really even use Twitter to talk with randos online... I get enough of that here. But I can see that people do use Twitter and Mastodon that way...

          • Not_anchovie 3 days ago

            If "toots" is the one word that keeps it from getting ruined by mainstream adoption, then so be it. The cycle always seems to be:

            1) Look at this great thing a few geniuses developed

            2) The intellectuals and forward looking people early adopt

            3) It slowly turns from being cool trendy and useful, into a Walmart-like all things to all people behemoth of gross negligence.

            4) Some heavy abuses are uncovered, and using it is no longer valuable to anyone.

            • ryu2k2 3 days ago

              just call them "posts" or "microposts" if you don't like "toot"

              • dwighttk 3 days ago

                mostly off topic:

                Most of my friends are on Instagram and think I’m funny for being on twitter anyway. They have a business twitter account that they only use at conferences and socialize on IG.

                I tried setting up a new ig account (deleted my first when they sold to Facebook) and couldn’t get past the input phone number portion of the signup.

                Anyway trying to convert people from twitter to mastodon is sorta hard. If I couldn’t get them to go from to IG to twitter there’s very little chance I’m going to get them to go from ig to mastodon.

                • rtkwe 3 days ago

                  > Anyway trying to convert people from twitter to mastodon is sorta hard.

                  That's because going from Twitter to Mastodon is a downgrade in pretty much every concrete way and only an upgrade in less concrete more esoteric terms.

                  From most people the main benefits I've seen cited are censorship resistance (how many people encounter significant censorship on twitter today?) and decentralization (which only really matters philosophically, to the user on the site the decentralization gets hidden).

                  On the downsides though there's plenty right on the surface for users: limited users (like all social networks if the people you want to interact with aren't there it's useless), mediocre default layout (the 3 column default doesn't make good use of space and give equal importance to everything cramping the main thing you want to see the toots) and discovery (the main way I've found people to follow on Mastodon? finding them on twitter where I already follow them and seeing they're on Mastodon too).

                  To a random user who doesn't really encounter censorship on twitter or care about decentralized/federated networks it's just a sub-par version of Twitter with a worse interface, a sparser social graph and longer handles.

                  • afiori 2 days ago

                    > (how many people encounter significant censorship on twitter today?)

                    The point is not that you user are being censored, but that twitter "lies" to you about social dynamics with their obvious (yet hidden) biases.

                    Twitter promotes the extremes and hides the middle. If this is not enough they also apply a consistent political agenda (by protecting their main cash cow of liberal journalist) and lie about it.

                    Perfect example is what happened with the Convington kids and journalist calling for doxxing.

            • jeena 3 days ago

              It would be cool to see everyone's Mastodon usernames/domains, I'm on my own self hosted instance where it's a bit more difficult to find other people.

              Mine is: https://toot.jeena.net/@jeena

              • lokedhs 3 days ago

                I switched to Mastodon about a year or so ago. I fully agree with the grandparent post in that the atmosphere is very different compared to the major social media platforms.

                As you allude to, discovery is harder since you don't have an algorithm pointing you in the direction of content you're likely to engage with (yes, engage with, and not necessarily enjoy) but once you have found the right people to follow, it's more rewarding because it's your community, not owned by a single corporate entity.

                Although I didn't use G+ much in the later days, its closure showed my how irresponsible it is to rely on proprietary platforms. I'm committed to never be active on a proprietary, closed social media platform again.

                My main account is here: https://functional.cafe/@loke

                • thinkloop 3 days ago

                  > I'm committed to never be active on a proprietary, closed social media platform again.

                  Including HN?

                  • lokedhs 3 days ago

                    That's a good point. Clearly I still use this platform, but I do see a difference between them.

                    I don't “post” on Hacker News. I do comment, but I don't think anyone who are interested in following whatever it is that I may have to say would come here to look up my posts.

                    Or, to put it in another way, if this place would introduce some social media features, such as the ability to follow people and post to followers, then it is highly unlikely that I would be interested in using those features.

                    • Diti 3 days ago

                      I don’t think OP meant “proprietary, closed” as “centralized”. If it’s about the code: https://github.com/arclanguage/anarki

                      • lokedhs 3 days ago

                        I referred to both, actually. It's about whether I own my own presence on the network.

                        Of course, I'm not hosting my own server, so I am in some way in the hands of its administrator, just like I was in the hands of Google when I used G+. However, I can talk to him directly, which is a huge benefit. Also, if he decides to shut down the server, I can still join a different instance and reconnect with all the people I was following on the old server.

                  • JoshTriplett 3 days ago

                    What has your experience been with self-hosting?

                    I'd love to self-host a Mastodon instance that two-way mirrors my Twitter account and acts as a Twitter client (letting me pseudo-follow folks from Twitter). But in any case, I'd want to ensure that no content from people I follow gets mirrored/hosted on my own instance; the only content actually hosted on my own instance should be the content I post.

                    • zach43 3 days ago

                      I've had a pretty good experience self-hosting with Pleroma. Its quite amazing that I can run a social media server with just a $5 VPS.

                      Not sure if there are bots / apps that can easily let you follow Twitter users on Mastodon, but I've definitely seen mastodon - twitter crossposter apps before.

                      • StavrosK 3 days ago

                        What do you mean? No content other than what your users generate will be hosted on your instance.

                        • bisby 3 days ago

                          There is a concept of a federated timeline, which does get synced to your local instance. If you follow someone on a remote instance, that instance feeds content into your instance so it can be loaded.

                          • StavrosK 3 days ago

                            It syncs the people you follow, right? So presumably the only additional content on your instance is content from the people you follow, which should generally be low-risk.

                            • metildaa 3 days ago

                              You can also block just media if an instance is known to host images that are illegal in your country or your users don't want to see (silencing is a better option for the latter tho).

                              • bisby 1 day ago

                                I believe once you follow someone, you become federated with their instance. and you potentially receive all content from that instance... I think?

                                there are also admin controls for managing moderation and federation.

                        • StavrosK 3 days ago
                          • djsumdog 3 days ago

                            I run my own instance too: @djsumdog@hitchhiker.social

                            I also made a guide for making your own Mastodon CSS:

                            https://penguindreams.org/blog/using-custom-css-with-mastodo...

                            • prophesi 3 days ago

                              Yeah, I self-hosted my own instance of Pleroma for a while, but eventually switched to a more popular instance with people who have similar interests as me (art + religion (specifically, rediscovering religion after rage-quitting Christianity @social.theliturgists.com)

                              • 3 days ago
                                [deleted]
                                • tracker1 3 days ago

                                  I literally haven't actually posted or done anything on it...

                                  https://mastodon.technology/@tracker1

                                  I've thought about putting one up for social.bbs.io or bbs.land

                                  • silvermast 3 days ago
                                    • caffeinewriter 3 days ago

                                      I'm https://takeoverthe.world/@caff :) Self-hosting Mastodon has been an adventure, for sure. However, relays have definitely helped with federation. :)

                                      • TeMPOraL 3 days ago
                                        • ragebol 3 days ago
                                          • seishan 3 days ago
                                            • yogthos 3 days ago
                                              • LukeHoersten 3 days ago
                                              • mirimir 3 days ago

                                                > Keybase integration is interesting to me, but not realky useful since i don't want to tie mastodon with my real life identity.

                                                Ummm. I mean, https://keybase.io/mirimir has nothing to do with my "real life identity".

                                                • skybrian 3 days ago

                                                  That's a good point but on the other hand, when you have no reason to connect accounts, connecting them in this way might not be good opsec.

                                                  I guess this could be useful to make switching mastodon servers smoother.

                                                  • metildaa 3 days ago

                                                    Mastodon and other fediverse software support pointing your old account to a new one. Keybase could be useful for confirming both are your accounts, but its hardly the only way.

                                                    • rStar 2 days ago

                                                      "might"

                                                  • labster 3 days ago

                                                    Okay, how do I sign up for Mastodon? I went to mastodon.com, and I got a page that the domain was for sale. Are they having funding problems?

                                                    Okay, I'm not that dumb, but some users are. And I really don't know how to get started. Not that I've ever been a big social media user, but I'm enough of a hipster to want to say I was on Mastodon before it was ruined.

                                                    • zach43 3 days ago

                                                      I know you're joking, but if you found your way on to a site called "Hacker News" at a URL like https://news.ycombinator.com , it it really going to be so much more complicated to understand that https://mastodon.social is the website of the Mastodon social network?

                                                      I'm honestly fine with the mastodon devs not having to spend 1000s of dollars to get the mastodon.com domain. Evidently that domain is so expensive that even the popular heavy metal band "Mastodon" haven't bought that domain (they seem to be at https://www.mastodonrocks.com/ )

                                                      BTW, if you're having difficultly finding an instance that caters to your interests, https://joinmastodon.org has a signup flow that shows mastodon instances based on interests. That might help.

                                                      • twblalock 3 days ago

                                                        > I know you're joking, but if you found your way on to a site called "Hacker News" at a URL like https://news.ycombinator.com , it it really going to be so much more complicated to understand that https://mastodon.social is the website of the Mastodon social network?

                                                        Yes it is, because when people thing of $something, they assume the website is $something.com.

                                                        If Mastodon plans to appeal to the general public then it will need to be easier to find.

                                                        • zach43 3 days ago

                                                          I'm personally not at all attached to the 'mastodon.social' domain (i'm self-hosting my own account on a different instance), but I am somewhat surprised at this perspective on TLDs.

                                                          Most users of the internet have been exposed to TLDs other than ".com". For example, wikipedia is at a .org TLD, US government sites are at .gov domains, university websites are at .edu domains. Most non-US users will frequently interact with their country's (and neighboring countries') ccTLDs, like .de, .uk, .in, ... I find it surprising to assume that users of social networks who have already understood abstract concepts like "like vs retweet" or "like vs share" would find it difficult to understand the difference between .com and .social.

                                                          Also in a sense, it is more accurate for Mastodon to be at a .social TLD instead of a .com since Mastodon is a Patreon-supported FOSS project, and isn't a commercial entity like twitter.com or facebook.com. But yeah, I know that .com doesn't really mean "commercial" anymore, and is more of a general-purpose TLD now.

                                                          Mastodon has a number of issues that could stifle broader adoption, but I can't convince myself that the TLD is really relevant here. Most users will just be linked to Mastodon from other sites, or find it from a web search. Once its in their web history, web browsers will just autocomplete the site name in the address bar. And isn't the domain squatting and exorbitant pricing on ".com" the main reasons why the new TLDs have been released anyway?

                                                          • zladuric 3 days ago

                                                            I would like to add a few things on top of the relatively technical reasons why this lack of .com doesn't matter.

                                                            I'd say most users won't type "mastodon.com" in their "browsers". They will type "mastodon" in their "internet" or, if technically savvy, into Google first. Second, from following the fediverse (not just mastodon, but also pixelfed, peertube etc), i have a feeling that they aren't into mainstream, general audience anyway. A lot of them are small focused instances and as such, won't even be attracting new people via Google, but by invites anyway. Many instances have closed registration anyway. So if you need to land anywhere it's likely not on mastodon.social, but something like ...(checks last five accounts to post directly on top of timeline): icosahedron.website, fostodon.org, mastodon.social, mastodon.technology (my instance) and hackers.town.

                                                            • labster 3 days ago

                                                              > Second, from following the fediverse (not just mastodon, but also pixelfed, peertube etc), i have a feeling that they aren't into mainstream, general audience anyway.

                                                              Ultimately this is kind of a problem, as we desperately need an general audience alternative to FB/Twitter that isn't about turning outrage into dollars. Right now I'm sure it's nice to hide from the Eternal September, but in the meantime Facebook is enabling ignorance, wasting everyone's lives on purpose, and proposing laws that only they can afford to comply with.

                                                              OP is about Keybase, which is trying to solve the problem of why the whole world isn't using GPG. I'm just pointing out that Mastodon has some public adoption issues still, despite the benefit that it can bring to the world.

                                                            • c0vfefe 3 days ago

                                                              twblalock wasn't arguing that TLD bias is rational, but that it's a real factor that somewhat hinders large-scale adoption. Sure, Grandma or Jane Preteen has seen ".org" or ".gov" a few times, and sure the ".social" is a logical fit, but will those facts materially influence their habit of defaulting to ".com"?

                                                              You make a good point about how many users will simply Google the name, which naturally opens the question about whether users will want to scroll past info on the band & prehistoric animal before finding the service.

                                                            • TeMPOraL 3 days ago

                                                              First step is explaining that Mastodon is like e-mail, not like Facebook. People know that to get an e-mail address, you don't go to to e-mail.com - you sign up to any e-mail provider to get an address you can use to talk with all other e-mail users. It's the same with Mastodon.

                                                              • ema 3 days ago

                                                                Mastodon will only have robustly succeeded in their mission when people don't think of it as joining Mastodon but as joining some particular social hub which happens to run Mastodon. Think of how people aren't joining academia but are joining Foo University.

                                                                • Kye 2 days ago

                                                                  As far as I know Mastodon has no particular mission. If it exists, not every instance shares it. And that's not even considering other stuff that works on ActivityPub.

                                                          • captainbland 3 days ago

                                                            > Keybase integration is interesting to me, but not realky useful since i don't want to tie mastodon with my real life identity.

                                                            Yeah, this is it for me. Also I don't want to tie my various online profiles together in general. Providing an open, strong, independently verifiable cryptographic link between my online profiles seems like something that a bad actor could exploit to harvest data about me far more easily and with a far higher degree of confidence than would be the case without it. It might even be hard to get rid of if integrating websites aren't careful about deleting your keys when you want them to, leading to a bunch of cryptographic litter linking your profiles even when you don't want that.

                                                          • Not_anchovie 3 days ago

                                                            I'm also willing to bet the personal attacks are kept to a bare minimum at Mastadon, where as with Twitter, you just have be idk...opposed to one popular political thing publicly to be regularly attacked and harassed.

                                                            • rtkwe 3 days ago

                                                              How much of that is just because there aren't as many people there though? Both in the lack of enough people to make a critical storm of people and just not enough people to form an audience for that kind of action. I doubt that would remain the same if Mastodon took off and became a huge thing.

                                                            • Kye 3 days ago

                                                              Mastodon is great. snouts.online is one of several furry instances. We boop snoots instead of boosting toots, but it talks to other instances just fine.

                                                              • aldoushuxley001 3 days ago

                                                                I understood atleast a couple of those words

                                                                • Kye 3 days ago

                                                                  Translation: every weird niche interest can have its own server for its community with its own rules, culture, and user experience while still communicating with other servers.

                                                                  • aldoushuxley001 3 days ago

                                                                    I mainly got hung up on these words: "We boop snoots instead of boosting toots". Are these mastadon-specific terms?

                                                                    • silvermast 3 days ago

                                                                      Toots are posts. Boosting is reposting so your followers can see it. Instance owners can change the terms to whatever cutesy terms they want, so this example has boost replaced with boop and toot replace with toot.

                                                                      Also this is a FINE example of why niche communities need unbiased online infrastructure. A casual google-searcher may judge them by whatever google's AI decides is representative of the group, and choose not to deal with them at all.

                                                                      • dbasedweeb 3 days ago

                                                                        I googled this, and was very very sorry that I did. Suffice it to say this terminology is specific to a subculture of people who dress up as animal mascots. Booping snoots apparently means touching the nose, I think? I also ran across something called “cub porn” and now I need a shower so hot it can melt glass.

                                                                        • arthur_pryor 3 days ago

                                                                          fwiw, after reading this post, i searched "boop snoots" (with quotes) on both duckduckgo and google, and came up with nothing disturbing in the first page of results for either search. nothing that even indicated a connection to furry subculture, far as i could tell.

                                                                          maybe other variations on that search come up with much more risque results?

                                                                          • dbasedweeb 3 days ago

                                                                            I didn’t just google “boop snoots;” I googled that, googled “furries” and went down the rabbit hole a bit.

                                                                            ...A decision I now heartily regret. The two major things I found is that some people are very weird, and some other people hate the weird ones disproportionately considering their prevalence and general demeanor.

                                                                            • arthur_pryor 3 days ago

                                                                              ah, yeah, well, sorry. maybe don't chase that rabbit like that next time?

                                                                              also i find the "rabbit hole" metaphor and a username beginning with "dbased" to be pretty "on the nose" in the context of this thread (sorry, i couldn't resist any of that, and i only realized i ended with a pun after typing it out).

                                                                              • egypturnash 3 days ago

                                                                                Welcome to the Internet!

                                                                            • Kye 3 days ago

                                                                              Cub porn is generally frowned upon among furries. Don't judge a group of tens (maybe hundreds) of thousands of people by a glance at a few dark corners.

                                                                              • adamsea 3 days ago

                                                                                Ummm if cub porn is what I think it is and it is frowned upon which it sounds like it is then imho I suggest not using a community-specific euphemism as the euphemism implicitly grants it a place and status within your community.

                                                                              • 3 days ago
                                                                                [deleted]
                                                                            • mgoia 3 days ago

                                                                              That is correct in theory. But in practice, other servers will block your server if the rules deviate from the mainstream rules, effectively isolating your server.

                                                                              • metildaa 3 days ago

                                                                                If your users post hate speech, child porn or run amok reply guying, then yes your likely to not federate with other instances.

                                                                                For other differing rules, instaces generally silence from the federated timeline. Eg: I can still follow Humblr.social and Sinblr users, but Federated timeline users won't have to drown in porn if the admin silences the server.

                                                                                • zaarn 3 days ago

                                                                                  Your server will be isolated from some other servers, but it's actually pretty hard to isolate your instance so that you're completely alone in the fediverse.

                                                                                  • Spivak 3 days ago

                                                                                    Well yeah, what's the point of having rules on an instance if you can just break them by moving to another but still participate?

                                                                                    • mgoia 3 days ago

                                                                                      Then the comment I replied to was wrong. There is no interconnected network of servers with different rules.

                                                                                      • 3 days ago
                                                                                        [deleted]
                                                                            • crunchiebones 3 days ago

                                                                              it's basically twitter when you're not following very many people and all the people you are following share your political views.

                                                                            • founderling 3 days ago

                                                                              This seems backward.

                                                                              They want ActivityPub servers to apply to a central service (keybase) to offer cross server identities.

                                                                              And they want users to trust that central service to decide who is who.

                                                                              It's always amazing, how strong the force of centralization is.

                                                                              Even when the whole value proposition of a technology is that it is decentralized, users will soon flock to centralized services built around it and end up in the mercy of a few organizations again.

                                                                              Reminds me of all the people who think they hold crypto currency while in reality they "hold" yeah-we-promise-we-owe-you-somethings by some exchange.

                                                                              Reminds me of how little resistance the Ethereum elite faced when they flushed "code is law" down the toilet and forced all users to switch to a fork with rewritten history.

                                                                              What makes this attempt of centralization even more tragic is that it does not bring anything to the table. If you want to run a service that let's people claim they are joedoe@host1 and joe_the_doe@host2, just let them publish two messages. "I am joedoe@host1" on joe_the_doe@host2 and "I am joe_the_doe@host2" on joedoe@host1. Neither the integration with the hosts nor the crypto spiel is needed.

                                                                              • rakoo 3 days ago

                                                                                There will never be a truly unique, open identification service, and that's what keybase is trying to do. Not necessarily by saying "this is who I am on keybase and will be my unique identity" but by saying "I am someone, known as X on github and Y on mastodon". The advantage of keybase is that

                                                                                - Any identity on any service can (now) be linked

                                                                                - There is only one protocol to do it and it is all done on the client side

                                                                                Why would Mastodon (or, really, ActivityPub) be The One service when there are other, working services worth using ?

                                                                                • founderling 3 days ago

                                                                                      Any identity on any service can (now) be linked
                                                                                  
                                                                                  No need to integrate Keybase or any service for this. You just can use any place on the web as a hub and post "I am news.ycombinator.com/user?id=rakoo, I am reddit.com/user/rakoo" there. And from the others you link back to the hub. Say github is your hub then you post "I am github.com/rakoo" on HN and Reddit. This would be user readable and machine readable. And any 3rd party service like Keybase could read it. No need for the social media sites to apply at Keybase and integrate it.
                                                                                  • rakoo 3 days ago

                                                                                    You _can_ do it but you would be the only one doing it, and as such it would provide little value because no one wants to do this manual dance and if you're such a minority then there will be no automated way to do it.

                                                                                    Keybase provides an (open!) protocol, along with (open source!) tools to do what you describe and then some (a lot of crypto stuff is needed, for instance). You can probably fork the keybase client and have your own hub at notkeybase.founderling.io if you want, so you can implement your very own idea if you so desire, and that would even be an interesting addition to the open web.

                                                                                    Also, you might have missed it but identity providers do not need to "apply" for keybase integration anymore: _any_ service can provide identity and link up with keybase without asking first (https://keybase.io/docs/proof_integration_guide). It doesn't even have to be a web service, so if they want any email provider can do it (although the whole linking thinking would be through http)

                                                                                    • coldacid 3 days ago

                                                                                      Technically you don't need to ask first, but you still need to tell Keybase directly that you support their proof integration protocol in order to be supported from their side of the connection. Not so much a "please let me in" but rather "I'm ready to rock".

                                                                                      • rakoo 3 days ago

                                                                                        Linking has to go both ways, it makes sense for the hub to vouch for it. Otherwise you have the same situation as the CAs without CTs: ie A can vouch for me, but I can't really vouch for this vouching, so another malicious B can vouch for a fake me.

                                                                                • BinaryIdiot 3 days ago

                                                                                  > It's always amazing, how strong the force of centralization is.

                                                                                  This is because Mastodon is a UX nightmare because of the way they decentralized it. With Twitter you go on and you @ your friends / etc and you're done. With Mastodon you have to figure out where they are and if they're not all in the same place it becomes a nightmare to try and manage.

                                                                                  I get it, decentralization can be great. But so far most of the implementations of decentralized social networks have been a UX nightmare for even the casual user.

                                                                                  • Leace 3 days ago

                                                                                    > With Twitter you go on and you @ your friends / etc and you're done. With Mastodon you have to figure out where they are and if they're not all in the same place it becomes a nightmare to try and manage.

                                                                                    Nope, that's actually not the problem with Mastodon UX. On Twitter you still have to ask if your friend is @Johnny or @John1256 or @JDoe or depend on visual cues (avatar).

                                                                                    The problem with Mastodon UX (and Fediverse in general) is the friction of "remote follow" buttons instead of one-click Follow (the same goes for reply/like etc.)

                                                                                    • coldacid 3 days ago

                                                                                      I find that remote follow is only an issue this way if you've gone directly to the other party's profile rather than following them from your own instance, or when your instance is being banned for some reason by the other party's instance. It could be smoother, but this is what we get for having to defend against XSS.

                                                                                      The bigger problem with Mastodon is the explicit support for censorship via defederating instances you don't like.

                                                                                    • willvarfar 3 days ago

                                                                                      People managed to share email addresses, which are name@domain.

                                                                                      • lifthrasiir 3 days ago

                                                                                        And the domain is predictable. There were (and still are) a two-part email form around the web, where the domain part is a drop-down list.

                                                                                        • dewey 3 days ago

                                                                                          That would not be much different from a drop down of Mastodon instances then?

                                                                                          For both it's a bad way of doing it because people with their own domain can't use it for email and the Mastodon one would be too long to select something.

                                                                                          • lifthrasiir 3 days ago

                                                                                            I meant that the comparison to the email is not adaquate because the number of common email domains had been steadily decreasing (and I hate it).

                                                                                    • mintplant 3 days ago

                                                                                      > And they want users to trust that central service to decide who is who.

                                                                                      Actually, no, the whole point of Keybase is that you don't have to trust the central server, and can verify all the proofs yourself. The CLI does this automatically.

                                                                                      • founderling 3 days ago

                                                                                        1: They claim the integration is needed because people are too dumb to copy&paste a string.

                                                                                        2: The whole user interface is set up so users believe in what they see in the web interfaces.

                                                                                        And you want to tell me with a straight face that users will do their own crypto foo instead and validate hashes?

                                                                                        Even if the users used that CLI, that does not help. As we saw with Ethereum. They simply pushed out new code that rewrote history.

                                                                                        • robryk 3 days ago

                                                                                          > And you want to tell me with a straight face that users will do their own crypto foo instead and validate hashes?

                                                                                          Your Keybase client (for whichever platform) will perform the verification for users you follow. There is no need for any manual action and the verification has to happen when you follow someone (by following someone you're attesting that your client performed the verification).

                                                                                          • codewiz 3 days ago

                                                                                            > As we saw with Ethereum. They simply pushed out new code that rewrote history.

                                                                                            Do some basic research. History was never rewritten and new code was never pushed on users. Users voted in favor of the DAO fork, then users voluntarily downloaded newer versions of their wallets in which the respective developers had implemented the agreed upon new rules that moved the stolen money to a recovery account.

                                                                                        • fiatjaf 2 days ago

                                                                                          There's no trust in Keybase, my friend. Everything is signed by users themselves and you can verify that. Keybase is only providing the infrastructure.

                                                                                          • Nursie 3 days ago

                                                                                            It's always amazing to me to hear assumptions that decentralisation is a feature in and of itself.

                                                                                            For most people it's an entirely secondary concern, not a concern at all or even an anti-feature.

                                                                                            Who do I appeal to, to take down that cyber-bullying material? How do I get my transaction reversed, as the victim of fraud? What do you mean I can't and the system was deliberately designed that way?

                                                                                            • speedplane 3 days ago

                                                                                              > It's always amazing to me to hear assumptions that decentralisation is a feature.

                                                                                              Decentralization is not a feature for the end-user, it's a feature to developers. It's probably impossible for a new social network to take on Twitter, Facebook, etc. directly. However, a decentralized social network allows startups to move far quickly and implement other features that the big social networks are lacking.

                                                                                              I suspect that whatever social network eventually pushes out the dominant players today, will use tools like these.

                                                                                              One good precedent for this is AOL. AOL was safer and more user-friendly than the world-wide-web, but the web's decentralized nature allowed competitors to spring up much more quickly. I suspect something similar will eventually happen to today's social networks.

                                                                                              • lokedhs 3 days ago

                                                                                                > Decentralization is not a feature for the end-user, it's a feature to developers.

                                                                                                On one hand you are right, it's a huge benefit to developers as they are able to create new services that leverage the strength of the existing network. Such as Peertube getting subscription and commenting features from other servers for free, and it “just works”. Imagine a youtube competitor wanting to leverage Twitter in the same way. Highly unlikely that it would be allowed, and even if it did, the integration would be Twitter-specific.

                                                                                                On the other hand, (at least some) end-users see decentralisation as a huge benefit, and at least in my case it gives me confidence that the whim of a single company can't ruin the experience for me, or even take away the platform altogether.

                                                                                                Most people may not consider this, but some people definitely do. And hopefully that number will increase over time.

                                                                                                • Nursie 3 days ago

                                                                                                  Whilst I appreciate your views, for many/most the idea that no party can affect or take down the content is a negative.

                                                                                                  "Nobody can censor us!"

                                                                                                  is absolutely, unfortunately equivalent to -

                                                                                                  "Nobody can take down race hatred, online harassment, child abuse images or other evil shit"

                                                                                                  And we've adequate evidence now to show that humans will use such platforms to post exactly that sort of stuff. For instance one of the bitcoin forks that allows larger data payloads had child abuse images uploaded to it, in an immutable, permanent way. Many/most people are not OK with that.

                                                                                                  I'm not yet seeing a way to balance these concerns.

                                                                                                  • speedplane 3 days ago

                                                                                                    > Whilst I appreciate your views, for many/most the idea that no party can affect or take down the content is a negative.

                                                                                                    Just b/c something is decentralized doesn't mean you can't take it down or hide it.

                                                                                                    • feanaro 3 days ago

                                                                                                      Exactly. Even a centralized filtering mechanism can be curated by the community. The important point is that each server gets to decide whether to use it. If a user considers their server is not doing a good enough job with this, they simply move to another server.

                                                                                                      • Nursie 3 days ago

                                                                                                        That's not a solution for illegal or harassing content.

                                                                                                    • Mirioron 3 days ago

                                                                                                      In the grand scheme of things censorship is the more dangerous thing though. People often don't care about censorship until it affects them, but once it does, they care a lot. There's a reason why the first amendment protects speech. It's the building block for an improving society.

                                                                                                      • Nursie 3 days ago

                                                                                                        As far as I'm aware, the first amendment doesn't protect the distribution of child abuse images, or allow harassment, etc.

                                                                                                        So we already have lines on 'speech'.

                                                                                                        I agree, censorship can be sinister, but I disagree that it's so sinister that we have to allow everything for fear of allowing nothing. Society already doesn't work that way.

                                                                                                        • feanaro 2 days ago

                                                                                                          > As far as I'm aware, the first amendment doesn't protect the distribution of child abuse images, or allow harassment, etc.

                                                                                                          Yes, but those are already illegal. That does not (or at the very least should not) mean politicians get to dictate what kind of technology is allowed. You cannot outlaw a technology (or require a backdoor) simply because it may not support deletion as a feature by virtue of being decentralized.

                                                                                                          • Nursie 2 days ago

                                                                                                            I'm not sure I'm arguing for a ban on decentralised tech as a whole, to go back to my first post on the topic - far from being a selling point, decentralisation is a negative feature for a lot of people. Centralisation provides points of control that are useful way beyond political suppression of speech, to allow (for instance) transaction reversal and material take down.

                                                                                                            The post I replied to was singing the praises of decentralisation, as if the idea that nobody can control what's said and done is a universal positive. I'm just putting across the counterpoint that it's not, there are circumstances where unilateral control could be (and is, by large sections of the population) seen as a good thing.

                                                                                                            > You cannot outlaw a technology (or require a backdoor) simply because it may not support deletion as a feature by virtue of being decentralized.

                                                                                                            I mean, you can. I'm not necessarily saying it's a good thing to do, but there's no real reason a government couldn't make exactly such a rule. Whether it could be enforceable in any way is a different matter.

                                                                                                            • feanaro 1 day ago

                                                                                                              Of course decentralized architectures are not without downsides, just like any engineering trade-off. I'm not so sure it is a strictly negative feature for a lot of people though -- they may just consider it an overall negative due to some conveniences they may have lost as part of the trade-off.

                                                                                                              And that's okay. It's important to bear in mind the things lost by not being decentralized also, though. I think this is presently not very prominent since a lot people started using the internet for a few large centralized services so they are not very familiar with the idea. Arguably, there was a period when people flocked to the internet because of the newfound decentralization.

                                                                                                              > I'm just putting across the counterpoint that it's not, there are circumstances where unilateral control could be (and is, by large sections of the population) seen as a good thing.

                                                                                                              It's seen as a good thing as long as the single point of control is doing things which are (mostly) aligned with the desires of these large sections of the population. This is a tautology. History teaches us that this is not at all given, though, so it's important not to rely on it strongly.

                                                                                                              > I mean, you can. I'm not necessarily saying it's a good thing to do, but there's no real reason a government couldn't make exactly such a rule. Whether it could be enforceable in any way is a different matter.

                                                                                                              Well, certainly. You can declare anything at all. I was proclaiming that from a position of practicality.

                                                                                                      • lokedhs 3 days ago

                                                                                                        I'm mostly ambivalent to the censorship debate. What I mean by that is that I can see valid points on both sides.

                                                                                                        Most Mastodon instances have pretty strict policies with regards to the speech that is allowed on them. Many instances block federation with other instances whose policies they don't agree with.

                                                                                                        Other instances allow pretty much everything (they are usually called “free speech zones”). The result is what you would expect, and they end up being mostly blocked.

                                                                                                        I'd argue that it works reasonably well for now (but it may of course change if the Fediverse grows further). Everybody is allowed to say what they want on the Fediverse, but others are not forced to listen to it.

                                                                                                        • feanaro 3 days ago

                                                                                                          > Whilst I appreciate your views, for many/most the idea that no party can affect or take down the content is a negative.

                                                                                                          Citation needed, please. This really sounds like your personal opinion presented as a general statement.

                                                                                                          • Nursie 3 days ago

                                                                                                            Look at the news. Look at the outcry over teen suicides and how facebook/twitter didn't do enough to protect them. Look at the laws around child abuse imagery and how much popular support they get.

                                                                                                            It's not just my opinion.

                                                                                                            • DanBC 3 days ago

                                                                                                              I agree. Here's the current Secretary of State for the Department of Health and Social Care in England: https://twitter.com/MattHancock/status/1089864139835670528

                                                                                                              He's the most tech-focussed minister we have. He's pushing tech pretty hard, so for him to be saying this should be a clear signal to the industry.

                                                                                                              See also the consultationn for the online harms white paper: https://www.gov.uk/government/consultations/online-harms-whi...

                                                                                                              It's really weird that this extremist position ("any removal of content is censorship, and censorship is always bad") is so prominent on HN whenusers of products have shown, every single time, they they don't want it.

                                                                                                              • feanaro 2 days ago

                                                                                                                > It's really weird that this extremist position ("any removal of content is censorship, and censorship is always bad") is so prominent on HN whenusers of products have shown, every single time, they they don't want it.

                                                                                                                Why are you trying to paint this as an extremist position? Perhaps we are misunderstanding each other. Any removal of content is not censorship and that position is clearly nonsense. E.g. a commercial entity can do what it wants with its own property, including removing content.

                                                                                                                What is universally negative is requiring all future technologies to have loopholes through which things can be deleted, thereby preventing some designs outright. I think this parent comment sums it up quite nicely why having such systems is something very reasonable and desirable:

                                                                                                                > On the other hand, (at least some) end-users see decentralisation as a huge benefit, and at least in my case it gives me confidence that the whim of a single company can't ruin the experience for me, or even take away the platform altogether.

                                                                                                                • Fnoord 3 days ago

                                                                                                                  If there is censorship possible, the government will use and potentially abuse it at some point.

                                                                                                                  I've seen darknets (or a P2P networks) which were hard to censor (Tor) but also where you could influence via supply and demand (Freenet, IPFS).

                                                                                                                • feanaro 2 days ago

                                                                                                                  I'm looking at the news but I'm not reaching the same conclusions.

                                                                                                                  Public opinion heavily depends on context and evolves continually. Of course people are going to get behind the idea of preventing teen suicides, particularly when it seems that the solution might be preventing a huge, corporate giant do as it pleases.

                                                                                                                  Given the context of government censorship, which is happening and is likely to increase and become a larger problem in the future, and myriads of smaller, independent entities, people might react differently.

                                                                                                                  In any case, I don't think it's a good nor strong enough argument to abandon decentralization and anti-censorship efforts.

                                                                                                                  • Nursie 2 days ago

                                                                                                                    I think these ought to be tempered with the knowledge of how such systems invariably end up being used for the transfer of child abuse imagery, and other abhorrent stuff.

                                                                                                                    I'm not saying you should abandon decentralisation efforts if that's your thing, I'm just saying don't expect the world to flock to (or praise) what you create. Censorship resistance is not seen as a universal good.

                                                                                                                    > Of course people are going to get behind the idea of preventing teen suicides, particularly when it seems that the solution might be preventing a huge, corporate giant do as it pleases.

                                                                                                                    The criticism is usually that not enough was done to police the harassment. Decentralised systems are likely to make that worse.

                                                                                                                    • feanaro 1 day ago

                                                                                                                      > I'm not saying you should abandon decentralisation efforts if that's your thing [...]

                                                                                                                      Isn't not being controlled by the whim of a single corporation/government everyone's thing? Or the ability to be your own free person whose actions are not thwarted by a petty desire or ulterior motive?

                                                                                                                      Of course, in times of relative stability, people are sometimes lulled into thinking this is not and cannot be compromised in any way.

                                                                                                                      > Censorship resistance is not seen as a universal good.

                                                                                                                      Of course, it's a deep and fundamental issue. There are bound to be proponents of both sides with a lot of people in between.

                                                                                                                      I argue that inability to destroy abhorrent stuff is likewise not universally viewed as the ultimate evil, though.

                                                                                                                      > The criticism is usually that not enough was done to police the harassment.

                                                                                                                      You elided the rest of my argument so I'll repeat it rephrased: I think the current design of the system, where there is a very public single point-of-"failure" that is very easy to hate (big corporation) makes this more prominent.

                                                                                                                      There is abhorrent stuff printed on paper all around the world, but you don't see people claiming that not enough was done to seek out and destroy every such piece of paper. It is apparently enough to people that such paper is not very prominent in day-to-day situations.

                                                                                                                      • Nursie 1 day ago

                                                                                                                        > Isn't not being controlled by the whim of a single corporation/government everyone's thing?

                                                                                                                        That's a very exaggerated and polarised way to look at the question of decentralised social media.

                                                                                                                        > I argue that inability to destroy abhorrent stuff is likewise not universally viewed as the ultimate evil, though.

                                                                                                                        Clearly, you're here making the argument.

                                                                                                    • mirimir 3 days ago

                                                                                                      This is great. But damn:

                                                                                                      > Are there sites you won't link to?

                                                                                                      > Like a Mastodon instance, we reserve the right to work with whichever partners we prefer. We specifically will avoid at least these sites:

                                                                                                      > sites which encourage or are known for illegal activity

                                                                                                      Just what is "illegal activity"? According to whose laws?

                                                                                                      Given that Keybase servers are in the US, I suppose that means US law. And frankly, that sucks.

                                                                                                      But please do clarify.

                                                                                                      • ocdtrekkie 3 days ago

                                                                                                        I wonder if the Mastodon community will pick up Keybase chat as the de facto chat option with this integration in place. Chat or private messaging has always been considered the weak link of the fediverse since it's easy for bad servers to mishandle "private" toots.

                                                                                                        • 0xb100db1ade 3 days ago

                                                                                                          I wish that Keybase could work with the Signal team on something.

                                                                                                          Signal has a lot of experience in UI [1] and security, and Keybase had the identity proofs. I'd love to see them work together rather than compete.

                                                                                                          [1] Signal UI used to be horrible but as of the past few months it's improved a ton! It's now my preferred SMS client.

                                                                                                          • giggles_giggles 3 days ago

                                                                                                            >Signal UI used to be horrible but as of the past few months it's improved a ton!

                                                                                                            That's funny, I've had the opposite experience. Once I got everyone I know to start using it and was completely locked-in, I started having all kinds of weird issues.

                                                                                                            My favorite is when my phone has been off awhile. After I turn it back on, I get a notification for every message I sent/received on another device while it was off. Usually takes about 30 minutes for it to fully sync, buzzing and/or producing popups for every message along the way. I have about a dozen equally frustrating issues I could, if I had the time, enumerate.

                                                                                                            And of course because it's free, there's no real support. Signal has been a huge disappointment for me. I'm preparing to move back to regular SMS, but now I have to untangle all of the users like my mother that I convinced to use Signal. Caveat emptor!

                                                                                                            • pault 3 days ago

                                                                                                              You'd rather opt in to global passive surveillance than deal with an inconvenient UX?

                                                                                                              • giggles_giggles 3 days ago

                                                                                                                It's not inconvenient, it's broken. The issue I described above is not the only misbehavior to which I'm frequently subjected. Another example: messages are delayed, often.

                                                                                                                Recently I failed to reply to an urgent text about a medical diagnosis from my fiance due to Signal failing to push the message to my phone. This is unacceptable behavior from a critical application.

                                                                                                                Do I get on a soapbox about how surveillance is terrible and miss being there for her by insisting on using Signal? No! I want her to be able to get in contact with me if there's an emergency, and that's the #1 priority.

                                                                                                                • arthur_pryor 3 days ago

                                                                                                                  (note: not trying to say the medical diagnosis scenario you describe is less important than your contribution to getting the world off SMS, just spitballing how we can work towards timely updates in our current world and wean off SMS)

                                                                                                                  in the situation you describe, or any urgent situation where speed of communication is paramount, what about bombardment through multiple channels? like, i'll often leave my phone out of my pocket, and not pay super close attention to it. and if it lights up with one text message, or one signal message, or whatever, i might not look at it. but if it's buzzing like crazy, or someone starts calling, i'd pick it up.

                                                                                                                  i guess what i'm saying is, "urgent" to me means signal/text/call/call someone that might be around the person/whatever, until the message gets through. if something is urgent, i would not send it solely by text. i've certainly had SMS messages get dropped or delayed many many times over the years.

                                                                                                                  can you really only use one messaging app at a time? signal is my primary messaging app, but i don't really find it bothersome to use whatsapp and regular SMS also. different people i communicate with prefer different channels, and often the same person will use different channels with me depending on the purpose (e.g., my dad mostly chats with me by SMS, and most of my immediate family's group chat is on SMS, but when my dad is texting with me about some sensitive personal financial info, it's over signal).

                                                                                                                  also, i hope that whatever the urgent issue was, it was resolved in an ok way. like i said, not trying to shortchange the urgency of a medical emergency or second guess your decision making or frustration at the time.

                                                                                                                  • pault 3 days ago

                                                                                                                    Yeesh, that is really terrible, I'm sorry to hear that. I understand your reasons, but in signal's defense it is a free service, which is pretty amazing considering the number of users they are able to support. I suppose reliability is a trade-off, but it would be nice if they offered a paid tier with better performance.

                                                                                                                    • deadbunny 3 days ago

                                                                                                                      You are aware that SMS is "best effort" as well? SMS is in no way guaranteed to be delivered in anything approaching an urget timeframe.

                                                                                                                    • 3 days ago
                                                                                                                      [deleted]
                                                                                                                  • dcbadacd 3 days ago

                                                                                                                    The phone number requirement is a killing feature for me, makes it useless. I wouldn't put it even close to the UX bar Keybase has for me.

                                                                                                                    • 0xb100db1ade 3 days ago

                                                                                                                      I do, to some extent agree.

                                                                                                                      I think the idea is that privacy != anonymity. Signal provides the former, but not the latter.

                                                                                                                      It's tough. I think that usernames could become messy, but I also think it'd be amazing to anonymously tip a news reporter via Signal, but at the same time the latter would not be as safe as Tor etc.

                                                                                                                    • ocdtrekkie 3 days ago

                                                                                                                      I would much rather have more competitors than fewer monolithic systems in this space, to be honest.

                                                                                                                    • phoe-krk 3 days ago

                                                                                                                      How is Keybase chat federated? Using a centralized service defeats the purpose of a decentralized Fediverse.

                                                                                                                      • ocdtrekkie 3 days ago

                                                                                                                        It's not, but decentralization isn't super effective for private channels of communication, particularly where neither end is running the software in question. (Most Mastodon users aren't site admins.)

                                                                                                                        But presumably if proving a Keybase user and a Mastodon user are the same is given, when a Mastodon user wants to contact another outside of Mastodon, Keybase Chat may be the new default choice.

                                                                                                                        • rickycook 3 days ago

                                                                                                                          i think that’s pretty incorrect tbh; xmpp/otr, and matrix handle federation and private chat/encryption just fine

                                                                                                                          id much prefer to see chat that’s just thinly wrapped in a pgp implementation that gets its keys from keybase (maybe just initial secrets transferred with pgp for handshake or something)

                                                                                                                          • phoe-krk 3 days ago

                                                                                                                            > but decentralization isn't super effective for private channels of communication

                                                                                                                            The two examples of that not being the case are OTR XMPP and PGP e-mail.

                                                                                                                            > particularly where neither end is running the software in question

                                                                                                                            You cannot have useful encrypted communication if your software does not support it.

                                                                                                                        • insomniacity 3 days ago

                                                                                                                          Yeah, interesting point - this could actually pick up chat functionality for a whole heap of sites that don't have it, but are prepared to do the Keybase integration work.

                                                                                                                          • jdormit 3 days ago

                                                                                                                            Why not Matrix? A federated chat protocol to go with a federated social media protocol.

                                                                                                                            • silvermast 3 days ago

                                                                                                                              Please no. Centralization is always abused (eventually). Email + mastodon + IRC = happy little hackers.

                                                                                                                              • eridius 3 days ago

                                                                                                                                Email is de-facto centralized at this point, with the overwhelming majority of email going through a small handful of giant providers. I don't remember the number anymore but some scary-high percentage of all email volume goes through Google servers.

                                                                                                                                • eitland 3 days ago

                                                                                                                                  1. There are still multiple options working options within the same ecosystem. And yes you can still self-host or pay to host[0]. Unlike on WhatsApp, Telegram or Signal where you have to choose one (or more) providers.

                                                                                                                                  2. I find it weird how busy we are as a community are: scaring each other away from the solutions we should use by pushing Joe Average in front of us (like the post in this thread about mastodon.com being up for sale).

                                                                                                                                  [0]: yes, there are problems. But FWIW mail disappeared before Gmail as well: I have memories of customers complaining about mail from "central USA" (or something) not arriving and after hassling our email provider and having them hassling their connections mail suddenly started to arrive. (And no I don't think it was acceptable then and I don't think it is acceptable now.)

                                                                                                                              • codetrotter 3 days ago

                                                                                                                                Do you mean for encryption or do you mean using their servers also?

                                                                                                                                • coldacid 3 days ago

                                                                                                                                  My bet would be both. After all, why handle all the dirty work of implementing real-time chat that works across multiple different sites when you can just plug in Keybase instead? After all, if you're using it for encryption you already require people to have a Keybase account to have their chats encrypted.

                                                                                                                                  • jeena 3 days ago

                                                                                                                                    Why would you install different Mastodon servers when you can go to twitter.com instead?

                                                                                                                                    • dcbadacd 3 days ago

                                                                                                                                      I don't :P It's too tedious to keep an eye on multiple communities and manage my single identity.

                                                                                                                                • coldacid 3 days ago

                                                                                                                                  If you include in "bad servers" ones that censor and ostracise instances that offer more freedom to their users, yes.

                                                                                                                                  • kstrauser 3 days ago

                                                                                                                                    You mean, ones that block spam farms and troll infestations? If so, that would leave a tiny little awful network. There's a reason that Mastodon is more pleasant than Twitter, and it's largely because its federation model penalizes both ban-happy and completely unmoderated peers.

                                                                                                                                • wut42 3 days ago

                                                                                                                                  This sucks -- not all Mastodon instances will be able to use this. It's subject to approval by keybase, ensuring only big instances can use this. A step backwards a proper decentralized network…

                                                                                                                                  • xgess 3 days ago

                                                                                                                                    Keybase team member here. We have more than 30 so far, and they range from some of the largest down to single-user instances.

                                                                                                                                    • mirimir 3 days ago

                                                                                                                                      OK, but what about "sex workers and such" that wut42 mentions in a subthread?

                                                                                                                                    • insomniacity 3 days ago

                                                                                                                                      I would imagine they're happy to support small instances if they have a legitimate userbase... why not ask them and report back?

                                                                                                                                      • wut42 3 days ago

                                                                                                                                        They already somewhat said that porn related instances will not be allowed. So sex workers and such won't be able to use this. Why bother asking them?

                                                                                                                                        I moved to the fediverse to NOT be controlled and regulated by corporations, because there's no need to. Adding such a feature in Mastodon is stupid. What's the next step? Integrated Twitter client?

                                                                                                                                        • stevenicr 3 days ago

                                                                                                                                          Keybase has said porn related names / IDs won't be allowed? I was going to suggest some people look at using it as an alternative ID system to use in various chat systems. However some of those appear to be sex chat focused, so if that could cause an issue for them I'd be better off not mentioning and looking for a keybase like ID alternative.

                                                                                                                                          • dcbadacd 3 days ago

                                                                                                                                            Yes please, make it possible to discuss external content more easily in Mastodon, please.

                                                                                                                                      • Leace 3 days ago

                                                                                                                                        From: https://keybase.io/docs/proof_integration_guide

                                                                                                                                        > To send us the config, you can send us the public URL for your config file or attach it directly in a Keybase chat message to @mlsteele or email miles@keyba.se. In our example the file is hosted at https://keybase.io/.well-known/example-proof-config.json.

                                                                                                                                        Will this always require manual step (sending config by e-mail) or is there some automation planned?

                                                                                                                                        • malgorithms 3 days ago

                                                                                                                                          Good q - this step will likely be automated soon. Still, there will always be one final step of our approving any integration, otherwise there would be 10,000 pr0n sites or ad sites. (We mention this in the FAQ.) But we can automate everything up to turning it on.

                                                                                                                                          For now, we want to talk to everyone working on integrations, so we can see what steps are working and what are confusing, what could be improved, etc. So we're talking to everyone doing an integration.

                                                                                                                                          • Leace 3 days ago

                                                                                                                                            > otherwise there would be 10,000 pr0n sites or ad sites.

                                                                                                                                            There's a middle ground: you can add integration so that it's available from CLI (`keybase prove ...`) but don't show it in GUI ("select integration") so it's not advertising that site.

                                                                                                                                            The proof integration guide looks neat by the way.

                                                                                                                                            • DuskStar 3 days ago

                                                                                                                                              CLI integration available to all without a human step, but requiring approval to show up in the UI when adding integrations? I'd like that solution

                                                                                                                                            • velcrovan 3 days ago

                                                                                                                                              I still don't get it. You have always been able to get a keybase proof for ANY website/domain without being approved first. Why do you need to whitelist mastodon instances? Why not just let people type in the domain name for their instance and get rolling?

                                                                                                                                              • fermuch 3 days ago

                                                                                                                                                But now they're showing every integration possible (as in, every mastodon instance they approve of) on their UI

                                                                                                                                                • velcrovan 3 days ago

                                                                                                                                                  Again…why? who cares? Why is picking from a pre-approved list better than just letting people type in their instance domain name and allowing every instance by default?

                                                                                                                                                  • Leace 2 days ago

                                                                                                                                                    Agreed. Not to mention Mastodon could've a linkback to Keybase with all data pre-filled (username + instance name). For example in Settings a link "Connect with Keybase".

                                                                                                                                            • eganist 3 days ago

                                                                                                                                              Assuming my understanding of this is right, I can't see Chris and team publishing an automated platform for proof integration until they find a solution against impersonating established platforms.

                                                                                                                                              Edit: Disregard, chris/malgorithms answered above.

                                                                                                                                            • gtt 3 days ago

                                                                                                                                              I never understood keybase as a useful product. What do you use keybase for?

                                                                                                                                              • Nadya 3 days ago

                                                                                                                                                Task: Send me a tweet on Twitter. Careful not to send it to any imposters.

                                                                                                                                                Challenge: Finding me on Twitter. For example, I am not @Nadya

                                                                                                                                                Extra Credit Challenge: Let's say I'm e-famous enough to have imposter accounts but not have a Twitter "verified" badge. Which Twitter account is the real me? And how do you know?

                                                                                                                                                Where Keybase comes in: On my HN profile itself you can find my signatures on Keybase. Keybase is not necessary for these signatures but becomes a convenient place to look. You also do not need to trust Keybase; although in practice many people will. Don't lie to me and tell me you'd verify the keys. :)

                                                                                                                                                Now you can go directly from my HN profile to my Twitter profile and tweet at me knowing that I am who I say I am. Or at least the individual posing as me has access to three of my accounts (HN, Keybase, and Twitter) and that you'd at least be talking to the same person.

                                                                                                                                                The social proof and web of trust bit is where Keybase falls down but that's an inherit flaw of the web of trust (key exchange parties aren't as popular as they used to be and people will sign/trust keys of people they've never met IRL). Ultimately you'll have to trust that the people who follow me on Keybase are certain beyond a reasonable doubt that I am who I say I am. From there, you can trust the social proofs.

                                                                                                                                                I personally use it so that people can find me on other services more easily and know that they are speaking to me.

                                                                                                                                                • eadmund 3 days ago

                                                                                                                                                  > On my HN profile itself you can find my signatures on Keybase.

                                                                                                                                                  … or your HN account could just link straight to your Twitter account. I don't get what Keybase adds here.

                                                                                                                                                  • Twisol 3 days ago

                                                                                                                                                    If you have an account on N different sites, and you want to let people identify you between each of those, linking directly requires (N-1) links per profile, or N*(N-1) links total. When you create a new profile elsewhere, you need to update your profile on each of the N original sites, plus add N links in your profile at the new site.

                                                                                                                                                    Or you could collect all of your identities into a Keybase profile, which all of your other profiles link to. That's a lot less to manage. Plus, proving your identity at some site (usually) has the byproduct of pointing back at your Keybase profile, so even if you come at this just from a "less work for me" angle, you're getting verifiability for free.

                                                                                                                                                    • WA 3 days ago

                                                                                                                                                      Or you could collect all of your identities in one other central place (say your website or HN) and link to the central place from all other profiles. Because that is exactly the scenario you just mentioned. Having direct links to all other profiles isn't solved by keybase. The only thing it provides is a central place for profile links – and there are obviously other ways to achieve this.

                                                                                                                                                      • bloopernova 3 days ago

                                                                                                                                                        Sure, but if you look at how Keybase is verifying the information and how it is presenting that trust to external users, I feel that the value they are providing has increased greatly over a static page listing social network IDs.

                                                                                                                                                        Take a look at https://keybase.io/anthonyclarka2/sigchain

                                                                                                                                                        You can see a whole bunch of extra crypto is being used to verify the information.

                                                                                                                                                    • eridius 3 days ago

                                                                                                                                                      If someone hacks your HN account they could redirect the Twitter link elsewhere. If the only 2 accounts you have are HN and Twitter then Keybase doesn't solve that problem, but if you have more accounts elsewhere that are well-known, those extra accounts then prove that the HN<->Twitter connection is valid.

                                                                                                                                                      • chrisdirkis 3 days ago

                                                                                                                                                        If everything links to everything, that's an n^2 problem (and hard to coordinate actors to do). If everything just links to one service, that's n or 2n at most.

                                                                                                                                                        Also, I can write the name of any twitter account in my HN profile. I can only link _my_ twitter account to a keybase account I own.

                                                                                                                                                        • Spivak 3 days ago

                                                                                                                                                          Right, but if your Twitter account links to your HN account then you've proven ownership both ways. If you don't want the n^2 problem then just have a list of all your accounts on one site and link there. Say, for example, your Mastadon account.

                                                                                                                                                          • Nadya 3 days ago

                                                                                                                                                            I solved that problem that way too: https://nadyanay.me/identities.html

                                                                                                                                                            It comes with some issues, namely that I suck at keeping it up to date and that not all identities I would like to list there have a way for me to provide proof beyond my word alone. For most use cases and attack vectors I consider this sufficient enough. Now this is outside most peoples' threat models, but Keybase also provides some mitigation against some other scenarios.

                                                                                                                                                            1) If nadyanay.me becomes compromised the imposter could update /identities.html with a new and fake list and I would need to update my link everywhere it is used or I would be pointing people to the imposter list. I have more faith in both (a) Keybase is less likely to be compromised and (b) in the event Keybase has become compromised someone will notice. Nobody would notice if my personal site was compromised, as even my closest friends don't regularly browse my website. It could honestly take weeks or even months to discover the file had been changed.

                                                                                                                                                            2) A person who compromises my account(s) must also have access to my private key in order to sign messages in my name. This is important because even if any of my accounts is compromised they're still unable to prove they are me if asked. This is something I actively practice with a few online friends of mine. We pretty regularly lend large sums of (virtual) game cash to one another worth in the range of $10,000-$15,000 USD if RWT'd. The last thing either of us would want is an imposter asking to borrow some money in-game from them and selling it off and so anytime we ask to borrow some in-game cash we ask to see a signed message. I admit that's the primary reason behind most of my signed messages...

                                                                                                                                                            3) Any attempts at creating a new key will allow users to see that my key has been revoked and replaced. Users who had signed my old key would need to re-verify with me that my new key is valid. Social engineering and people's casual use cases means the imposter would just claim to be me and most people would believe them. Few would bother verifying but it at least provides an additional opportunity for the imposter to be outed.

                                                                                                                                                      • Kye 3 days ago

                                                                                                                                                        The obvious question is: "Isn't that what a domain is for?"

                                                                                                                                                        And the answer is a lot of the New Famous don't have domains to list canonical social media profiles on. They exist solely on silos like YouTube, Twitter, Facebook, and Instagram with no way to connect to their fanbase without it.

                                                                                                                                                        • Spivak 3 days ago

                                                                                                                                                          Or just picking one of the accounts as the master and linking the others there.

                                                                                                                                                      • Gaelan 3 days ago

                                                                                                                                                        I think their goal is to do everything (or a large subset of things) Slack/Google Drive/GitHub can do, but with end-to-end encryption and easy discovery (look someone up no matter where on the internet you know them from).

                                                                                                                                                        • otachack 3 days ago

                                                                                                                                                          The remote git repo feature is nice. But from what I understand, the primary use is to serve as proof of identity. They have other products like a chat app for individual or team use, file storage, PGP operations, and more. All e2e encrypted.

                                                                                                                                                          • TypingStuff 3 days ago

                                                                                                                                                            OP demonstrates how your Keybase network can offer E2E messaging on Mastadon, bootstrapped via Keybase.

                                                                                                                                                            I see Keybase as a secure address book, on top which secure applications can be built.

                                                                                                                                                            • fiatjaf 2 days ago

                                                                                                                                                              Do you have a PGP key? No, because it's a hassle. With Keybase it isn't anymore. You can sign stuff and encrypt stuff without telling people to install obscure software anymore.

                                                                                                                                                              • justrudd 3 days ago

                                                                                                                                                                I trust them* more than slack. So I use it to send credentials for to fellow developers as well as files that I want to share with specific individuals.

                                                                                                                                                                *Maybe I shouldn't trust them more than Slack? But I know from experience with pen testers that a password in Slack causes all kinds of problems.

                                                                                                                                                                • yarrel 3 days ago

                                                                                                                                                                  It was meant to be a better PGP web-of-trust replacement.

                                                                                                                                                                  • daosyn 3 days ago

                                                                                                                                                                    i know a friend who just uses it to store and retrieve their private key for gpg

                                                                                                                                                                  • bloopernova 3 days ago

                                                                                                                                                                    Keybase is certainly interesting. Is it possible to link up to your stackoverflow identity yet?

                                                                                                                                                                    How are people using Keybase right now? I added several of my accounts but I'm especially interested in the GPG encryption/signing.

                                                                                                                                                                    • dcbadacd 3 days ago

                                                                                                                                                                      StackOverflow integration sounds really cool. Wish they added Discourse support as well - hard to prove I'm me on all of these Discourse instances.

                                                                                                                                                                  • waferedpie 2 days ago

                                                                                                                                                                    Can someone explain Mastodon to me? Because I’m not really sure I “get” it.

                                                                                                                                                                    As I understand it, I need to register for Mastodon at some server ``foo``, and with this one single registration I can also access other servers ``bar`` and ``baz`` and read what their members post, but I’m not able to post on those servers myself, only on my original ``foo`` server.

                                                                                                                                                                    So what happens when ``foo`` goes under for whatever reason? Or what if the admins at ``foo`` decided to ban me from their server for whatever reason? Am I just shit out of luck now?

                                                                                                                                                                    And what if my friends decide to join Mastodon some time later, but they all agree to join ``bar`` leaving me the odd person out? I think I’ve read somewhere that it’s not possible to relocate my ‘home server’?

                                                                                                                                                                    • fiatjaf 2 days ago

                                                                                                                                                                      Yes, you are right.

                                                                                                                                                                      The entire ActivityPub concept is flawed, but not because you would be left alone in your server, it's the opposite: since you're interacting with your friends, your friends' server would then fetch all posts from your server and vice-versa, it will be as if there was just one server, but maintenance costs are now duplicated and the discovery process is not great also.

                                                                                                                                                                      These problems are less problematic the smaller the servers are, which makes me think the best structure would be one in which each user is its own server and just syncs to temporary syncing hubs when possible -- or maybe sync directly to other online peers they know.

                                                                                                                                                                      Oh, wait, that's what https://www.scuttlebutt.nz/ does!

                                                                                                                                                                      (Disclaimer: I don't use Scuttlebutt nor Mastodon nor anything like that, and I really thought about Scuttlebutt in the middle of my comment, not before.)

                                                                                                                                                                    • AgentME 3 days ago

                                                                                                                                                                      Bug report: I just connected my Mastodon.social and Keybase profiles. On my Keybase profile, the "post" link next to my Mastodon.social profile link doesn't go directly to the proof post, but instead just links to my profile again.

                                                                                                                                                                      • s09dfhks 2 days ago

                                                                                                                                                                        I'm not entirely sold on keybase.

                                                                                                                                                                        Why would I want my online presence 100% identifiable and traceable back to me?

                                                                                                                                                                        What is the appeal of this service exactly?

                                                                                                                                                                        • forgotmypw3 3 days ago

                                                                                                                                                                          I'm working on a web-based system that uses PGP key as identity.

                                                                                                                                                                          How do I integrate with Keybase?

                                                                                                                                                                          • charliebrownau 3 days ago

                                                                                                                                                                            I recommend people check out

                                                                                                                                                                            gab instead of twitter

                                                                                                                                                                            and diaspora instead of google plus

                                                                                                                                                                            Yet its been proven again and again and again that once the diversity circle takes effect the LEFT as a whole refuses to support diversity of viewpoint and will censor non left people on all platforms left admins exist on

                                                                                                                                                                            Even Diaspora has a massive infection of SJW , Diversity and "woke" people that are pro censorship

                                                                                                                                                                            • charliebrownau 3 days ago

                                                                                                                                                                              Masterdon is filled with pods with Global Socialist LEFT admins and the always offended

                                                                                                                                                                              Dont expect to get free speech on most or almost all the servers on masterdon