-- Leo's gemini proxy

-- Connecting to figbert.com:1965...

-- Connected

-- Sending request

-- Meta line: 20 text/gemini;lang=en-US

How to Replace Keybase in 3 Easy Steps


Ever since Keybase was acquired by Zoom, a company with a very bad history with security/privacy, people wanted an alternative. There have been a few different alternatives proposed: this is (the best) mine.


First, a catalog of very bad links from Keybase's new owners:


An 0day in the macOS client!

Saying they use e2e when they don't!

Using installing tricks from your local malware dealers!

Protonmail has arrived to shit on them too!

Shutting down people who talk about Tianamen Square!

Not encrypting free calls so they can snitch to the cops!

Rolling their own crypto!

Remember the installer from earlier? Now it has ACE!

Monitoring all the apps you have open!


What is Keybase?


Before we talk about replacing Keybase, we should have a good idea of what Keybase actually is. It's main features are as follows (ordered as on the website):


Keybase


E2EE chats and messaging (people and teams).

Cryptographic identity verification from around the net.

KBFS (Public signed file hosting, private E2EE file storage w/ sharing, Static site hosting??)

Git repositories? Crypto? An alternative to PGP called saltpack?


Previous Attempts to Replace Keybase


I'm not the first person to try this, obviously. Some brave folks have tried to build Keybase alternatives, such as keys.pub and the brand-new Keyoxide. I've tried both, but found that though they both are good in their own right, they are not the solutions that I am looking for.


keys.pub

Keyoxide


OK Time for the Steps


Step #1: Chat/Messaging


There are a few great pre-existing options for encrypted messaging: Signal, ProtonMail if you want to go full email, Telegram, and WhatsApp. However, they all have their problems (though I use the first two on a daily basis). Signal requires a phone number, and is more of an iMessage/text replacement than a Slack-style chat app. Protonmail is literally not chat – it's email. Telegram is (debatably) not secure. If you use WhatsApp for security you might be crazy – I only use it because it's *the way* to communicate with people in the Middle East and Africa.


Instead, I would recommend you use Matrix. Matrix is an "open network for secure, decentralized communication," and it's the perfect replacement for Keybase's chat. It utilizes E2E encrypted messaging, and can be self-hosted as well.


Matrix


In addition to a Matrix server, you also need a client. For this, I recommend Element – though Nio, once stable, will almost surely be my go-to. Element is a beautiful Matrix client with a bunch of awesome features, including Slack-like integrations, and apps for pretty much every major platform (Linux, MacOS, Windows, iOS, Android, and a web client). Plus it looks a lot like Discord.


Element

Nio


Step #2: Identity verification


Replacing Keybase's original function is probably the most difficult part of this tutorial: cryptographically verified identity proofs is a great and innovative idea. I would swap this out with an IndieWeb profile – one part of the larger microformats HTML structure. There are some pretty great tutorials out there, so I won't go into too much detail about exactly how to do that. However, it's important to note that though some tutorials recommend hiding your h-card with the display: none; property: don't do that. It's a documented anti-pattern. I just merged my about and contact pages onto my homepage, and added the microformats classes to my existing markup.


The IndieWeb homepage

microformats homepage

An Indieweb profile tutorial by Kev Quirk

Another Indieweb tutorial by Brian Wisti

Invisible metadata antipattern



Step #3: File Storage


Replacing KBFS is easy to do, but hard to get right. Swapping to Google Drive is probably the move that most people would make, but that abandons the entire security/encryption aspect of Keybase. There's also Dropbox, but that has the same problems as above. ProtonDrive has potential, but it's not production ready. Enter Syncthing. Nikita Tonsky wrote one of my favorite posts of all time about Syncthing – go read it. One reason Syncthing is so great is that it's not the same thing as KBFS or any of the other "Drive" solutions. Instead of being a file hosting system, it's a "continuous file synchronization program" - aka p2p. You have no data limits other than your storage and no third-party to worry about. Plus, sharing folders is also incredibly easy. Just read the article.


Syncthing

Nikita Tonsky amazing article


Bonus Step #4: Video Calling


It would be a shame to talk about text chat, or really any form of communication, in this new pandemic age without talking about video chat. After all, the whole reason I'm writing this article is because the new videocalling giant Zoom. So, how have I replaced Zoom and how does that relate to replacing Keybase? Well, Matrix happens to have a fantastic Jitsi Meet integration. Plus, the folks over at Jitsi are working on E2E encryption for their calls. I've integrated Jitsi Meet into my self-hosted instance of Matrix, and now all my videocalls are just that – mine!


Summary


Swapped chat to Matrix and Riot.

Swapped identity verification to Indieweb.

Swapped file storage/sync to Syncthing.

Added videocalling to chat program via Jitsi.


Conclusion


Keybase is a great service, and the people who work there should be really proud of what they've built. However, given Zoom's aquisition of the company, the stability and security of the product have been called into question. So, ever one to hop on a hype train, I jumped ship.


-- Response ended

-- Page fetched on Fri May 17 11:03:32 2024