commit a767e3380f2b1518876bc19bf454a62746300a24
parent 0c979a821df6022ae382ca81788781747ca84848
Author: FIGBERT <figbert@figbert.com>
Date: Mon, 12 Apr 2021 20:24:00 -0700
Update "How 2 Replace Keybase in Three Easy Steps"
Diffstat:
1 file changed, 93 insertions(+), 35 deletions(-)
diff --git a/content/posts/how-to-replace-keybase-in-three-easy-steps/index.md b/content/posts/how-to-replace-keybase-in-three-easy-steps/index.md
@@ -2,66 +2,120 @@
title = "How to Replace Keybase in 3 Easy Steps"
description = "Ever since Keybase was acquired by Zoom, a company with a very bad history with security/privacy, people wanted an alternative. There have been a few different alternatives proposed: this is mine."
date = 2020-07-03
+updated = 2021-04-12
+++
-Ever since [Keybase was acquired by Zoom][keybase-joins-zoom], a [company][zoom-security-one] [with][zoom-security-two] [a][zoom-security-three] [very][zoom-security-four]
-[bad][zoom-security-five] [history][zoom-security-six] [with][zoom-security-seven] [security][zoom-security-eight]/[privacy][zoom-security-nine],
-[people wanted an alternative][zoom-security-ten]. There have been a few different alternatives proposed: this is ~~the best~~ mine.
+Ever since [Keybase was acquired by Zoom][keybase-joins-zoom], a
+[company][zoom-security-one] [with][zoom-security-two]
+[a][zoom-security-three] [very][zoom-security-four]
+[bad][zoom-security-five] [history][zoom-security-six]
+[with][zoom-security-seven]
+[security][zoom-security-eight]/[privacy][zoom-security-nine],
+[people wanted an alternative][zoom-security-ten]. There have been a
+few different alternatives proposed: this is ~~the best~~ mine.
<!-- more -->
## What is Keybase?
-Before we talk about replacing [Keybase][keybase], we should have a good idea of what Keybase actually is. It's main features are as follows (ordered as on the website):
+Before we talk about replacing [Keybase][keybase], we should have a
+good idea of what Keybase actually is. It's main features are as
+follows (ordered as on the website):
+
* E2EE chats and messaging (people and teams).
* Cryptographic identity verification from around the net.
-* [KBFS][kbfs] (Public signed file hosting, private E2EE file storage w/ sharing, [Static site hosting??][kbfs-static])
+* [KBFS][kbfs] (Public signed file hosting, private E2EE file storage
+w/ sharing, [Static site hosting??][kbfs-static])
* Git repositories? Crypto? [An alternative to PGP?][saltpack]
## Previous Attempts to Replace Keybase
-I'm not the first person to try this, obviously. Some brave folks have tried to build Keybase alternatives, such as [keys.pub][keys.pub] and the brand-new [Keyoxide][keyoxide].
-I've tried both, but found that though they both are good in their own right, they are not the solutions that I am looking for.
+I'm not the first person to try this, obviously. Some brave folks have
+tried to build Keybase alternatives, such as [keys.pub][keys.pub] and
+the brand-new [Keyoxide][keyoxide]. I've tried both, but found that
+though they both are good in their own right, they are not the
+solutions that I am looking for.
## OK Time for the Steps
### Step #1: Chat/Messaging
-There are a few great pre-existing options for encrypted messaging: [Signal][signal], [ProtonMail][protonmail] if you want to go full email, [Telegram][telegram], and
-[WhatsApp][whatsapp]. However, they all have their problems (though I use the first two on a daily basis). Signal requires a phone number, and is more of an iMessage/text
-replacement than a Slack-style chat app. Protonmail is literally not chat – it's email. Telegram is [not][telegram-security-one] [secure][telegram-security-two]. If you use
-WhatsApp for security you might be crazy – I only use it because it's *the way* to communicate with people in the Middle East and Africa.
-
-Instead, I would recommend you use [**Matrix**][matrix]. Matrix is an "open network for secure, decentralized communication," and it's the perfect replacement for Keybase's chat
-~~and I would argue most other chat apps too~~. It utilizes E2E encrypted messaging, and can be self-hosted as well ~~or if you're cheap like me just get your friend to host~~.
-
-In addition to a Matrix server, you also need a client. For this, I recommend [**Riot**][riot]. Riot is a beautiful Matrix client with a bunch of awesome features, including
-Slack-like integrations, and apps for pretty much every major platform (Linux, MacOS, Windows, iOS, Android, and a web client). ~~Plus it looks a lot like Discord.~~
+There are a few great pre-existing options for encrypted messaging:
+[Signal][signal], [ProtonMail][protonmail] if you want to go full
+email, [Telegram][telegram], and [WhatsApp][whatsapp]. However, they
+all have their problems (though I use the first two on a daily basis).
+Signal requires a phone number, and is more of an iMessage/text
+replacement than a Slack-style chat app. Protonmail is literally not
+chat – it's email. Telegram is (debatably) [not][telegram-security-one]
+[secure][telegram-security-two]. If you use WhatsApp for security you
+might be crazy – I only use it because it's *the way* to communicate
+with people in the Middle East and Africa.
+
+Instead, I would recommend you use [**Matrix**][matrix]. Matrix is an
+"open network for secure, decentralized communication," and it's the
+perfect replacement for Keybase's chat ~~and I would argue most other
+chat apps too~~. It utilizes E2E encrypted messaging, and can be
+self-hosted as well ~~or if you're cheap like me just get your friend
+to host~~.
+
+In addition to a Matrix server, you also need a client. For this, I
+recommend [**Element**][element] – though [Nio][nio], once stable,
+will almost surely be my go-to. Element is a beautiful Matrix client
+with a bunch of awesome features, including Slack-like integrations,
+and apps for pretty much every major platform (Linux, MacOS, Windows,
+iOS, Android, and a web client). ~~Plus it looks a lot like Discord.~~
### Step #2: Identity verification
-Replacing Keybase's [original function][keybase-archive] is probably the most difficult part of this tutorial: cryptographically verified identity proofs is a great and
-innovative idea. I would swap this out with an [**IndieWeb**][indieweb] profile – one [part][h-card] of the larger [microformats][microformats] HTML structure. There are some
-pretty great tutorials out there (I would recommend [this one][kev-article] by the fantastic [Kev Quirk][kev] and [this one][brian-article] by [Brian Wisti][brian]), so I won't
-go into too much detail about exactly how to do that. However, it's important to note that though Kev recommends hiding your h-card with the `display: none;` property: [don't do
-that][invisible-metadata]. I just merged my about and contact pages onto my homepage, and added the microformats classes to my existing markup.
+Replacing Keybase's [original function][keybase-archive] is probably
+the most difficult part of this tutorial: cryptographically verified
+identity proofs is a great and innovative idea. I would swap this out
+with an [**IndieWeb**][indieweb] profile – one [part][h-card] of the
+larger [microformats][microformats] HTML structure. There are some
+pretty great tutorials out there (I would recommend [this
+one][kev-article] by the fantastic [Kev Quirk][kev] and [this
+one][brian-article] by [Brian Wisti][brian]), so I won't go into too
+much detail about exactly how to do that. However, it's important to
+note that though Kev recommends hiding your h-card with the
+`display: none;` property: [don't do that][invisible-metadata]. I just
+merged my about and contact pages onto my homepage, and added the
+microformats classes to my existing markup.
{{ image(sources=["h-card.png"], fallback_path="h-card.png", fallback_alt="My Indieweb h-card") }}
### Step #3: File Storage
-Replacing KBFS is easy to do, but hard to get right. Swapping to [Google Drive][drive] is probably the move that most people would make, but that abandons the entire
-security/encryption aspect of Keybase. There's also [Dropbox][dropbox], but that has the same problems as above. [ProtonDrive][proton-drive] has potential, but it's not out yet.
-Enter [**Syncthing**][syncthing]. [Nikita Tonsky][sync-article] wrote one of my favorite posts of all time about Syncthing – go read it. One reason Syncthing is so great is that
-it's not the same thing as KBFS or any of the other "Drive" solutions. Instead of being a file hosting system, it's a "continuous file synchronization program." You have no data
-limits other than your storage and no third-party to worry about. Plus, sharing folders is also incredibly easy. Just read the article.
+Replacing KBFS is easy to do, but hard to get right. Swapping to
+[Google Drive][drive] is probably the move that most people would
+make, but that abandons the entire security/encryption aspect of
+Keybase. There's also [Dropbox][dropbox], but that has the same
+problems as above. [ProtonDrive][proton-drive] has potential, but it's
+not out yet.
+
+**EDIT:** ProtonDrive is now in beta for paying subscribers, but I am
+shifting away from the Proton ecosystem for other reasons and do not
+recommend it. More in a future blog post.
+
+Enter [**Syncthing**][syncthing]. [Nikita Tonsky][sync-article] wrote
+one of my favorite posts of all time about Syncthing – go read it. One
+reason Syncthing is so great is that it's not the same thing as KBFS
+or any of the other "Drive" solutions. Instead of being a file hosting
+system, it's a "continuous file synchronization program" – aka p2p.
+You have no data limits other than your storage and no third-party to
+worry about. Plus, sharing folders is also incredibly easy. Just read
+the article.
### Bonus Step #4: Video Calling
-It would be a shame to talk about text chat, or really any form of communication, in this new pandemic age without talking about video chat. After all, the whole reason I'm
-writing this article is because the new videocalling giant [Zoom][zoom]. So, how have I replaced Zoom and how does that relate to replacing Keybase? Well, Matrix happens to have
-a fantastic [Jitsi Meet][jitsi] [integration][jitsi-in-matrix]. Plus, the folks over at Jitsi are [working on E2E encryption for their calls][jitsi-e2e]. I've integrated Jitsi
-Meet into my self-hosted instance of Matrix, and now all my videocalls are just that – mine!
+It would be a shame to talk about text chat, or really any form of
+communication, in this new pandemic age without talking about video
+chat. After all, the whole reason I'm writing this article is because
+the new videocalling giant [Zoom][zoom]. So, how have I replaced Zoom
+and how does that relate to replacing Keybase? Well, Matrix happens to
+have a fantastic [Jitsi Meet][jitsi] [integration][jitsi-in-matrix].
+Plus, the folks over at Jitsi are [working on E2E encryption for their
+calls][jitsi-e2e]. I've integrated Jitsi Meet into my self-hosted
+instance of Matrix, and now all my videocalls are just that – mine!
## Summary
@@ -72,9 +126,12 @@ Meet into my self-hosted instance of Matrix, and now all my videocalls are just
## Conclusion
-Keybase is a great service, and the people who work there should be really proud of what they've built. However, given Zoom's aquisition of the company, the stability and
-security of the product have been called into question. So, ever one to hop on a hype train, I jumped ship. I'm really happy with my solution, and I'd love to hear your thoughts
-as well ~~as soon as I set up webcomments~~.
+Keybase is a great service, and the people who work there should be
+really proud of what they've built. However, given Zoom's aquisition
+of the company, the stability and security of the product have been
+called into question. So, ever one to hop on a hype train, I jumped
+ship. I'm really happy with my solution, and I'd love to hear your
+thoughts as well.
[keybase-joins-zoom]: https://keybase.io/blog/keybase-joins-zoom
[zoom-security-one]: https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5
@@ -100,7 +157,8 @@ as well ~~as soon as I set up webcomments~~.
[telegram-security-one]: https://news.ycombinator.com/item?id=6936539
[telegram-security-two]: https://translate.google.com/translate?hl=en&sl=ru&u=http://habrahabr.ru/post/206900/
[matrix]: https://matrix.org/
-[riot]: https://about.riot.im/
+[element]: https://element.io/
+[nio]: https://nio.chat/
[keybase-archive]: https://web.archive.org/web/20140322062148/https://keybase.io/
[indieweb]: https://indieweb.org/
[h-card]: http://microformats.org/wiki/h-card
