I really like Keybase. I don't even use it much but if I had the choice of paying a few dollars per month or having it be shut down, I'd pay for sure.
Maybe it's because development slowed down to a crawl but it has such an "old internet" feel to it. Like I'm using Kazaa or something.
Edit: To clarify, I understand that Keybase is not shutting down. I'm just saying hypothetically if it shuts down, which isn't unlikely in the next few years.
For commenters who can’t be bothered to RTFA, and is somewhat confused because the Keybase name is used for a couple of not terribly related (on the surface) products: keybase.io the popular identity hosting service isn’t going anywhere, what is being shut down is an unpopular file hosting service:
> Although the service was a great showcase for the kinds of cool things that could be built with Keybase, the usage of this product never took off.
> what is being shut down is an unpopular file hosting service
Maybe unclear wording here, but to clarify: KBFS (Keybase FileSystem) is not being shut down, only Keybase.pub is, which is a service which exposes selected files from KBFS on the web.
The file hosting (KBFSF) will still be a part of Keybase and remain working as-is.
From what I understand, Keybase will continue to exist and KBFS will even still keep the files. They just won't be publicly hosting those files as websites anymore.
To further clarify, Keybase Sites based hosting should still work as far as I understand. I don't use keybase.pub and I'm a hardcore Keybase user, so I imagine most don't. You can still get hosting through Keybase Sites.
I like it too, but I stopped using it because of the user interface. I should check it again, but the text was so tiny and the dark mode so dark that more than one group I was in gave up and moved back to doing everything in Signal groups despite Keybase's technical superiority for many purposes. It's a great tool that was just tiring to use, an issue which has been PGP's Achilles heel since the outset.
All of these complaints in the comments... Not realizing the diplomacy probably involved in keybase.pub being the only real hit Keybase takes in this round of layoffs. I would take this as a glimmer of hope that the folk at Zoom still appreciate Keybase for the same reason they bought it.
Isn't Keybase pretty much a dead man walking now? Their android app hasn't been updated in 8 months (shortly after the acquisition) even though it had some showstopping bugs like crashes/hangs when typing indicators are enabled
A friend of mine called in a pretty serious bug[0] post-Zoom acquisition and they jumped right on it, so they at least have clearance to handle security issues.
Last week I installed an app that had its last update 6 years ago. Does exactly what it should, no complaints.
8 months is not a problem, at least if the software isn't super complex and has a ton of bugs (both recently introduced and there since forever) and missing critical features (such as end to end encryption verification, the whole reason they exist). I'm sure it's a coincidence that no updates came out anymore after Zoom took over the team.
Anyway, without sarcasm, I don't use Keybase anymore but age isn't really the metric by which I define a dead app walking...
My concern with Keybase isn't solely that updates have slowed down, it's that the app has been broken on Android 13 since it came out.
Based on their github issues and PRs, it looks like all they have to do to fix it is upgrade their version of react. The fact that they haven't done that yet is what tells me the app is dead.
No. Zoom bought the company during the pandemic -- after a period of being criticized for their security practices -- to beef up their security engineering team. (I worked with several Keybase members when they worked at OkCupid, and later worked on projects with Keybase.)
It's inspiring to hear about teams who follow each other from project to project. That is what software development is about: collaborating with others to build cool stuff.
It seems like it was actually the acquisition by Zoom that seems to have sent Keybase down this slow death march. It was obvious that the acquisition was in order to acquire the team to improve Zoom's own security posture, and they had no interest in the Keybase product itself.
Since then, activity on the open source keybase repos has been minimal and they have not made any major product changes.^1,2 Basically just keeping the lights on. I give big props to the few folks at Zoom that are still pushing commits. Keybase is/was awesome.
Keybase's life cycle basically turned me completely cynical for how tech startups work. It was a really cool idea, but they had zero plans from the start for sustainability. They were clearly just shooting for an acquisition to pay off the VC and founders, leaving the tech to die in the curb. Makes me sad. I recognize it's a common pattern since forever, but this was the first one I felt personally let down by.
I feel HN as a double speak for startups. Lots of cheer for open source and free stuff, lots of hate for anything subscription-based, lots of noise for high salaries and then picachu surprise when stuff like this happens. If anything I am completely cynical on HN users and not much on startups getting bought...
There is a segment of the hacker community that believes that the correct and noble purpose of a startup isn't to build a stable company or find product-market fit, but rather to confuse VCs into temporarily paying some people to create the niche project they wanted to create anyway, but didn't have any way to keep the lights on while building; where the correct and noble end-goal of such a project is to avoid acquisition, use up all its runway paying the employee salaries, and, upon shutdown, open-source the IP (and hook the employees up with their next startup doing the same thing.) That "shutdown and release FOSS" step is seen by this segment as not only the intended outcome of the startup, but the entire purpose/mission of creating the startup in the first place. With any messaging to the contrary existing solely to make VCs complacent, rather than because the founders actually believe it.
That sounds _way_ better than making a handful of very wealthy people a little more wealthy, while leaving employees and customers in the cold after the acquisition. I wish that segment of the hacker community were larger...
Actually lots of people asked to pay for the service and wanted them to accept money. Nobody is against subscription if it comes to things like remote resources.
I mean, they basically said as much when they bought it. They didn't buy it for the product, they bought it for all the folks who bring a wealth of cryptography knowledge. This was also around the time that Zoom had a LOT of bad PR around privacy and spying on users, IIRC.
That said, Zoom is the reason the lights are still on, even if not a lot of work is being done on the product. Keybase never really had a solid marketable product to begin with, so I honestly don't see it going down another way. They seemed to be entirely set up to get acquired at some point, regardless who or what their plans were.
well they had raised $10 million and burned through almost all of it so I'm not sure you can describe the acquisition that effectively saved their company as "sending them down a death march"
however, it's clear you're right - Zoom doesn't prioritize the product.
Oh yeah no arguments from me there, they were definitely burning through cash without a clear vision about where they were going to start making money. But had they not been acquired I am 100% positive they could have raised boatloads of more money in that crazy market from late 2020-early 2022.
I still use Keybase and KBFS daily. It sounds like those services are around to stay -- but I hope if Zoom ever decides they don't want to keep running them anymore they spin it off to a non-profit to keep it running.
I would make plans to migrate to an alternative service sooner rather than later. Zoom is shedding employees and clearly in a cost cutting mode. It's only a matter of time before someone does the math and realizes shutting down a few of these services will save some more money.
What alternative would you suggest? I really like Keybase and can't seem to find anything that covers the same functionality - been keeping an eye out since Zoom bought them.
Yeah it sucks there isn't anything 100% like it. For just simple file syncing with end to end encryption I like syncthing. For encrypted data in a git repo there are more DIY options like using sops or similar tools.
I use the free Resilio Sync tier to keep a shared fold in sync between several servers. It's worked incredibly well for the last decade, no issues at all.
You configure a secret token and all servers which know the token automatically sync via BitTorrent. You don't need to manage lists of server IDs like with syncthing, it's completely peer-to-peer.
It's just the keybase.pub web hosting service per se that's shutting down.
> "No Keybase Filesystem (KBFS) data will be removed from any user public folders. All data will remain safe and viewable by others running Keybase. Other features of Keybase including Chat, KBFS, Teams, Git, Wallet and others will continue to run normally as well."
Keyoxide's developer has gotten some grants to really beef it up. One of the things Keybase really shines at is documentation, it makes a lot of GPG things pretty stress-free to deal with, and Keyoxide has room to improve on the user experience, polish, and documentation side.
But since Keyoxide doesn't depend on a central authority to manage proofs, it is definitively going to be the future in this space. Nobody can really kill it.
Keybase been on life-support since 2020, when Zoom acquired them and moved the entire team over to work on Zoom instead. If you haven't already, put a reminder for the near future to migrate away from Keybase, at one point it will disappear.
I agree with that. Since the Zoom acquisition, developments on Keybase started to fall down, no quality and major updates. Zoom acquired Keybase not for the Keybase as product but only to get the talents of the E2EE and Security Engineers behind Keybase to work with Zoom.
I'll mark this 'keybase.pub being shutdown' as the second downfall of Keybase. Yes, others will say that "its only keybase.pub" but it's the start. Keybase will slowly disappear.
Are there any open source alternatives with quality UX and documentation?
I think I'd be happier if Keybase and Zoom would publicly commit to a direction for Keybase. I don't know what the acquisition details were for the OKCupid alumni but this dance of slow and no updates makes Keybase a risk when it comes to it's prospective usefulness in the future.
I am glad it's just keybase.pub that's affected atm.
KBFS was awesome for a small startup I worked at where we just needed some quick and dirty shared filesystems for development document sharing, quick scripts etc. Our onboarding for new folks used to be as simple as install your favorite distro, install keybase, run the onboarding script at $kbfsMountPoint and go get some coffee.
Clearly, you don't understand what Keybase is if you're suggesting that GitHub or IPFS is good alternatives :)
As far as I know, there isn't anything that covers the same amount of features with the same security as Keybase, particularly the whole webring/authenticated accounts/chain that it's based on.
Similar situation here. I really like the fact that I can push any repo out into to the cloud without having to trust it, then access it anywhere and don't have to manage the hosting.
Kind of wish Signal built this into their product.
Keybase (the chat app) was hot for a while. However, everyone I know switched to Signal the day after Zoom acquired it. It's basically a ghost town now. ;(
Web of trust is one of the biggest omissions on Signal in my opinion, right after the having of a public key in the first place (technically they do, much as moxie hates on pgp for having a long-term stable key, but they obfuscate it so that you can't use it without getting a lengthy explanation and comparing two of your contacts' fingerprints).
I'd love if our new employee could just verify me or one other colleague and mark that I'm/we're trusted for one layer of verifications also. Now, they have to open up our directory and compare everyone manually before being able to safely make use of the big circle group chats.
Wire is even worse: you get to verify individual devices instead of users. Doesn't require a phone (or a number, but I mean a phone here), though.
And that's pretty much it for feature-complete-ish chat applications. Not that unreliable/buggy (Element) or incomplete (Threema) software has this either. It's basically down to PGP but those clients (GnuPG, Thunderbird) are so horrible that almost nobody uses it there, even if PGP use in general is comparatively high in Germany.
Where now we trust the server for 99% of chats, a web of trust might let an order of magnitude more Signal users have a local root of trust. At least when considering the key distribution attack vector; there are more, such as update distribution, but we'll get there one attack at a time. Except when we take steps backwards by not implementing what predecessors already had...
This is the only time a startup company meaningfully gave me anything that was worth something long term. (Money.) I still appreciate it. I sold the crypto when it was worth like $700 or so.
If I could pay to subscribe to Keybase, I could probably subscribe to it for several years before it cost me more than I made from using it. :D
Hey I didn’t mind. During the latest bull run I looked into my wallet and realized I had $800 of stellar lumens on it. Transferred it out and got some additional money from it.
I looked and didn't bother .. I think it was at about ~$900. I'm not into crypto at all so don't have the infrastructure to sell it or whatever. Now it's worth... 127.47!
I am, honestly, really upset at this. I understand there was no guarantee that it would be up for any length of time, but it was a really convenient solution to a problem we had. I guess we have to find a different place for our passwords database that can be accessed over unauthenticated HTTP, but still very easily updated/accessed from any of our computers (without requiring manual uploads/transfers like with FTP).
Yes, and the web hosting is why we used them. It's not just the file sync. It's the file sync and being able to access the file from any browser on any computer just by typing in a short, memorable URL.
No, because what we need isn't just a static file host.
If we wanted one, we'd use logandark.net. We use that server to host many static files. It's just not easy to upload them; it requires logging into a control panel, navigating to the directory, and manually uploading the file. And we're not particularly interested in provisioning a set of shell scripts or cron jobs or whatever to make it easier, because that's not an easily reproducible setup.
> I guess we have to find a different place for our passwords database that can be accessed over unauthenticated HTTP
That's a strange sentence. Passwords shouldn't go over plain text (e.g. HTTP) and shouldn't be world-readable without authentication. If the database itself is encrypted then you could put it on any web server, even ye olde ftp, as a replacement for this service.
The purpose is to be able to download the encrypted database onto things like mobile devices that can't do anything like connect to FTP servers. Having a virtual filesystem is convenient because we don't need to do constant shuffling and transferring when updating our database from a computer.
"just put it on a normal web server" ignores the rest of the convenience that keybase.pub provided. It provided a virtual file system that can be accessed over plain HTTP. Sure, SSHFS exists but it's terrible and not fault-tolerant at all. Keybase did it way better.
I don't know your audience of expected users (e.g. just family, friends or customers, etc.)...But have you considered something like nextcloud? As @JimDabell noted, you get WebDav "for free" by using nextcloud....But of course there are other options to sync files.
The reason we liked keybase.pub is because we could just type in https://logandark.keybase.pub/passwords.kdbx to download the database to any of our devices that don't have the fully fledged virtual filesystem. I can't tell if Nextcloud offers any memorable URL like that.
I would say that nextcloud offers what you seek...Since nextcloud would live under a domain name (or subdomain name) that you control, hence ideally such a domain name would be memorable to you, i would say the scenario you noted is possible.
Here's the brochure/"marketing-y" link to the nextcloud info around sharing, such as via links: https://nextcloud.com/sharing/
Note: Instead of sharing the file via memorable links, if possible, having each user download the nextcloud client and sync the file that way is more ideal/better/faster...of course, that approach may not align with your use-case. I hope the above helps! Good luck!
> It provided a virtual file system that can be accessed over plain HTTP.
It sounds like you want WebDAV? It’s an extension to HTTP and you can mount it as a folder in most desktop environments without any additional software.
Oh, interesting, Windows supports it natively and we actually have a server (logandark.net) with WebDAV support. We may look into this actually, thank you!
Indeed, that is it~ we use argon2id with some decent parameters. We may even up the parameters significantly when we switch to our desktop with an overclocked 12400F as a daily driver.
What a waste. There's a real need for identified users on the Internet - a service that other companies can subscribe to verify all sorts of users actions.
I thought this would be it but they never seemed to see themselves as fulfilling that role, despite from the outside it looked like that was their big opportunity.
Check out https://www.hello.coop/ – super early, but they're building this, with an unusual governance structure designed to keep control in the hands of users.
Maybe it's because development slowed down to a crawl but it has such an "old internet" feel to it. Like I'm using Kazaa or something.
Edit: To clarify, I understand that Keybase is not shutting down. I'm just saying hypothetically if it shuts down, which isn't unlikely in the next few years.