I'm interested to see that Keybase is actually still maintained. After the Zoom Acqui-hire, they seemed to have moved on (last entry on their blog https://keybase.io/blog is May 21 2020) but there's activity on the GH repos, although nothing like the pace it used to develop (https://github.com/keybase/client/graphs/contributors).
No you don’t need a JSON prettifier that has full powers and can read data from web pages on any domain. You don’t need a thing to help you to compose English prose better (or maybe you do but don’t use the extension).
The browser is the modern operating system, and we have made it trivial to allow users to pwn themselves with two clicks.
This is kind of like advocating to only use vendor-provided software on your actual operating system because any third party software might be insecure (ignoring the fact that the OS itself may be as well). Some people might be able to do that but the overwhelming majority of people would not find that tenable, so suggesting that one just not is neither productive nor realistic.
The "JSON prettifier" example is exactly what compromised my browser once, long ago. I only found out because I noticed the "this extension is no longer available on the Chrome store" mention on the chrome://extensions page or something of the sort.
It was silently ex-filtering list of all URLs I visited against a unique identifier.
Seems like a bit of a stretch. You really shouldn't be putting anything extremely sensitive into a browser anyway, and Keybase calls it out themselves. Yes, it's missing from the extension page, but that's really the only "mistake" they've made.
So why does Keybase inject the textbox there? Injecting an input for a secure chat app into an insecure location is going to make people who trust keybase misunderstand the security profile of that input.
Zoom’s acquisition of Keybase could only mean bad things for Keybase.
It means Keybase loses internal developer attention (since Zoom ostensibly bought it for the tech talent) and/or Zoom plans to somehow boost its own services through existing KB users (privacy loss, but also unlikely given the relatively small userbase).
KB did also have some attraction because of its Stellar integration, but Stellar has not been managed well enough to attract enough developer attention (a different topic).
It’s too bad Wire became so corporate. KB and Wire were arguably the most secure messenger systems, and now we’re stuck with Signal.
[+] [-] raesene9|4 years ago|reply
[+] [-] joecool1029|4 years ago|reply
[+] [-] TedDoesntTalk|4 years ago|reply
[+] [-] anonypla|4 years ago|reply
It's such a good maintained alternative to keybase
[+] [-] philsnow|4 years ago|reply
No you don’t need a JSON prettifier that has full powers and can read data from web pages on any domain. You don’t need a thing to help you to compose English prose better (or maybe you do but don’t use the extension).
The browser is the modern operating system, and we have made it trivial to allow users to pwn themselves with two clicks.
[+] [-] least|4 years ago|reply
> The browser is the modern operating system...
This is kind of like advocating to only use vendor-provided software on your actual operating system because any third party software might be insecure (ignoring the fact that the OS itself may be as well). Some people might be able to do that but the overwhelming majority of people would not find that tenable, so suggesting that one just not is neither productive nor realistic.
[+] [-] johnebgd|4 years ago|reply
The browser should offer the user controls on what data plugins can remit from the computer.
[+] [-] captn3m0|4 years ago|reply
It was silently ex-filtering list of all URLs I visited against a unique identifier.
[+] [-] dcsommer|4 years ago|reply
[+] [-] matheusmoreira|4 years ago|reply
[+] [-] alisonkisk|4 years ago|reply
[+] [-] wobblyasp|4 years ago|reply
[+] [-] akerl_|4 years ago|reply
[+] [-] blunte|4 years ago|reply
It means Keybase loses internal developer attention (since Zoom ostensibly bought it for the tech talent) and/or Zoom plans to somehow boost its own services through existing KB users (privacy loss, but also unlikely given the relatively small userbase).
KB did also have some attraction because of its Stellar integration, but Stellar has not been managed well enough to attract enough developer attention (a different topic).
It’s too bad Wire became so corporate. KB and Wire were arguably the most secure messenger systems, and now we’re stuck with Signal.
[+] [-] tragictrash|4 years ago|reply
[+] [-] watusername|4 years ago|reply
[+] [-] atatatat|4 years ago|reply
[+] [-] TedDoesntTalk|4 years ago|reply
“Written 4 years ago”