figbert.com-website

[ACTIVE] the website and home of figbert on the clearnet
git clone git://git.figbert.com/figbert.com-website.git
Log | Files | Refs | README | LICENSE

index.md (8744B)


      1 +++
      2 title = "How to Replace Keybase in 3 Easy Steps"
      3 date = 2020-07-03
      4 updated = 2021-04-12
      5 +++
      6 
      7 Ever since [Keybase was acquired by Zoom][keybase-joins-zoom], a
      8 [company][zoom-security-one] [with][zoom-security-two]
      9 [a][zoom-security-three] [very][zoom-security-four]
     10 [bad][zoom-security-five] [history][zoom-security-six]
     11 [with][zoom-security-seven]
     12 [security][zoom-security-eight]/[privacy][zoom-security-nine],
     13 [people wanted an alternative][zoom-security-ten]. There have been a
     14 few different alternatives proposed: this is ~~the best~~ mine.
     15 
     16 <!-- more -->
     17 
     18 ## What is Keybase?
     19 
     20 Before we talk about replacing [Keybase][keybase], we should have a
     21 good idea of what Keybase actually is. It's main features are as
     22 follows (ordered as on the website):
     23 
     24 * E2EE chats and messaging (people and teams).
     25 * Cryptographic identity verification from around the net.
     26 * [KBFS][kbfs] (Public signed file hosting, private E2EE file storage
     27 w/ sharing, [Static site hosting??][kbfs-static])
     28 * Git repositories? Crypto? [An alternative to PGP?][saltpack]
     29 
     30 ## Previous Attempts to Replace Keybase
     31 
     32 I'm not the first person to try this, obviously. Some brave folks have
     33 tried to build Keybase alternatives, such as [keys.pub][keys.pub] and
     34 the brand-new [Keyoxide][keyoxide]. I've tried both, but found that
     35 though they both are good in their own right, they are not the
     36 solutions that I am looking for.
     37 
     38 ## OK Time for the Steps
     39 
     40 ### Step #1: Chat/Messaging
     41 
     42 There are a few great pre-existing options for encrypted messaging:
     43 [Signal][signal], [ProtonMail][protonmail] if you want to go full
     44 email, [Telegram][telegram], and [WhatsApp][whatsapp]. However, they
     45 all have their problems (though I use the first two on a daily basis).
     46 Signal requires a phone number, and is more of an iMessage/text
     47 replacement than a Slack-style chat app. Protonmail is literally not
     48 chat – it's email. Telegram is (debatably) [not][telegram-security-one]
     49 [secure][telegram-security-two]. If you use WhatsApp for security you
     50 might be crazy – I only use it because it's *the way* to communicate
     51 with people in the Middle East and Africa.
     52 
     53 Instead, I would recommend you use [**Matrix**][matrix]. Matrix is an
     54 "open network for secure, decentralized communication," and it's the
     55 perfect replacement for Keybase's chat ~~and I would argue most other
     56 chat apps too~~. It utilizes E2E encrypted messaging, and can be
     57 self-hosted as well ~~or if you're cheap like me just get your friend
     58 to host~~.
     59 
     60 In addition to a Matrix server, you also need a client. For this, I
     61 recommend [**Element**][element] – though [Nio][nio], once stable,
     62 will almost surely be my go-to. Element is a beautiful Matrix client
     63 with a bunch of awesome features, including Slack-like integrations,
     64 and apps for pretty much every major platform (Linux, MacOS, Windows,
     65 iOS, Android, and a web client). ~~Plus it looks a lot like Discord.~~
     66 
     67 ### Step #2: Identity verification
     68 
     69 Replacing Keybase's [original function][keybase-archive] is probably
     70 the most difficult part of this tutorial: cryptographically verified
     71 identity proofs is a great and innovative idea. I would swap this out
     72 with an [**IndieWeb**][indieweb] profile – one [part][h-card] of the
     73 larger [microformats][microformats] HTML structure. There are some
     74 pretty great tutorials out there (I would recommend [this
     75 one][kev-article] by the fantastic [Kev Quirk][kev] and [this
     76 one][brian-article] by [Brian Wisti][brian]), so I won't go into too
     77 much detail about exactly how to do that. However, it's important to
     78 note that though Kev recommends hiding your h-card with the
     79 `display: none;` property: [don't do that][invisible-metadata]. I just
     80 merged my about and contact pages onto my homepage, and added the
     81 microformats classes to my existing markup.
     82 
     83 {{ image(sources=["h-card.png"], fallback_path="h-card.png", fallback_alt="My Indieweb h-card") }}
     84 
     85 ### Step #3: File Storage
     86 
     87 Replacing KBFS is easy to do, but hard to get right. Swapping to
     88 [Google Drive][drive] is probably the move that most people would
     89 make, but that abandons the entire security/encryption aspect of
     90 Keybase. There's also [Dropbox][dropbox], but that has the same
     91 problems as above. [ProtonDrive][proton-drive] has potential, but it's
     92 not out yet.
     93 
     94 **EDIT:** ProtonDrive is now in beta for paying subscribers, but I am
     95 shifting away from the Proton ecosystem for other reasons and do not
     96 recommend it. More in a future blog post.
     97 
     98 Enter [**Syncthing**][syncthing]. [Nikita Tonsky][sync-article] wrote
     99 one of my favorite posts of all time about Syncthing – go read it. One
    100 reason Syncthing is so great is that it's not the same thing as KBFS
    101 or any of the other "Drive" solutions. Instead of being a file hosting
    102 system, it's a "continuous file synchronization program" – aka p2p.
    103 You have no data limits other than your storage and no third-party to
    104 worry about. Plus, sharing folders is also incredibly easy. Just read
    105 the article.
    106 
    107 ### Bonus Step #4: Video Calling
    108 
    109 It would be a shame to talk about text chat, or really any form of
    110 communication, in this new pandemic age without talking about video
    111 chat. After all, the whole reason I'm writing this article is because
    112 the new videocalling giant [Zoom][zoom]. So, how have I replaced Zoom
    113 and how does that relate to replacing Keybase? Well, Matrix happens to
    114 have a fantastic [Jitsi Meet][jitsi] [integration][jitsi-in-matrix].
    115 Plus, the folks over at Jitsi are [working on E2E encryption for their
    116 calls][jitsi-e2e]. I've integrated Jitsi Meet into my self-hosted
    117 instance of Matrix, and now all my videocalls are just that – mine!
    118 
    119 ## Summary
    120 
    121 * Swapped chat to Matrix and Riot.
    122 * Swapped identity verification to Indieweb.
    123 * Swapped file storage/sync to Syncthing.
    124 * Added videocalling to chat program via Jitsi.
    125 
    126 ## Conclusion
    127 
    128 Keybase is a great service, and the people who work there should be
    129 really proud of what they've built. However, given Zoom's aquisition
    130 of the company, the stability and security of the product have been
    131 called into question. So, ever one to hop on a hype train, I jumped
    132 ship. I'm really happy with my solution, and I'd love to hear your
    133 thoughts as well.
    134 
    135 [keybase-joins-zoom]: https://keybase.io/blog/keybase-joins-zoom
    136 [zoom-security-one]: https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5
    137 [zoom-security-two]: https://theintercept.com/2020/03/31/zoom-meeting-encryption/
    138 [zoom-security-three]: https://twitter.com/c1truz_/status/1244737672930824193
    139 [zoom-security-four]: https://protonmail.com/blog/zoom-privacy-issues/
    140 [zoom-security-five]: https://www.axios.com/zoom-closes-chinese-user-account-tiananmen-square-f218fed1-69af-4bdd-aac4-7eaf67f34084.html
    141 [zoom-security-six]: https://twitter.com/nicoagrant/status/1268020841054269440
    142 [zoom-security-seven]: https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/
    143 [zoom-security-eight]: https://twitter.com/DanAmodio/status/1245329512889487361
    144 [zoom-security-nine]: https://twitter.com/Ouren/status/1241398181205889024
    145 [zoom-security-ten]: https://news.ycombinator.com/item?id=23103386
    146 [keybase]: https://keybase.io/
    147 [kbfs]: https://book.keybase.io/docs/files
    148 [kbfs-static]: https://book.keybase.io/docs/files#keybase-pub
    149 [saltpack]: https://saltpack.org/
    150 [keys.pub]: https://keys.pub/
    151 [keyoxide]: https://keyoxide.org/
    152 [signal]: https://signal.org/
    153 [protonmail]: https://beta.protonmail.com/
    154 [telegram]: https://telegram.org/
    155 [whatsapp]: https://www.whatsapp.com/
    156 [telegram-security-one]: https://news.ycombinator.com/item?id=6936539
    157 [telegram-security-two]: https://translate.google.com/translate?hl=en&sl=ru&u=http://habrahabr.ru/post/206900/
    158 [matrix]: https://matrix.org/
    159 [element]: https://element.io/
    160 [nio]: https://nio.chat/
    161 [keybase-archive]: https://web.archive.org/web/20140322062148/https://keybase.io/
    162 [indieweb]: https://indieweb.org/
    163 [h-card]: http://microformats.org/wiki/h-card
    164 [microformats]: http://microformats.org/
    165 [kev-article]: https://kevq.uk/how-to-create-an-indieweb-profile/
    166 [kev]: https://kevq.uk/
    167 [brian-article]: https://randomgeekery.org/post/2020/04/indieweb-h-cards/
    168 [brian]: https://randomgeekery.org/
    169 [invisible-metadata]: https://indieweb.org/antipatterns#invisible_metadata
    170 [drive]: https://www.google.com/drive/
    171 [dropbox]: https://www.dropbox.com/
    172 [proton-drive]: https://twitter.com/ProtonMail/status/1278389663078768641
    173 [syncthing]: https://syncthing.net/
    174 [sync-article]: https://tonsky.me/blog/syncthing/
    175 [zoom]: https://zoom.us/
    176 [jitsi]: https://jitsi.org/
    177 [jitsi-in-matrix]: https://matrix.org/blog/2020/04/06/running-your-own-secure-communication-service-with-matrix-and-jitsi
    178 [jitsi-e2e]: https://jitsi.org/blog/e2ee/