index.md (8744B)
1 +++ 2 title = "How to Replace Keybase in 3 Easy Steps" 3 date = 2020-07-03 4 updated = 2021-04-12 5 +++ 6 7 Ever since [Keybase was acquired by Zoom][keybase-joins-zoom], a 8 [company][zoom-security-one] [with][zoom-security-two] 9 [a][zoom-security-three] [very][zoom-security-four] 10 [bad][zoom-security-five] [history][zoom-security-six] 11 [with][zoom-security-seven] 12 [security][zoom-security-eight]/[privacy][zoom-security-nine], 13 [people wanted an alternative][zoom-security-ten]. There have been a 14 few different alternatives proposed: this is ~~the best~~ mine. 15 16 <!-- more --> 17 18 ## What is Keybase? 19 20 Before we talk about replacing [Keybase][keybase], we should have a 21 good idea of what Keybase actually is. It's main features are as 22 follows (ordered as on the website): 23 24 * E2EE chats and messaging (people and teams). 25 * Cryptographic identity verification from around the net. 26 * [KBFS][kbfs] (Public signed file hosting, private E2EE file storage 27 w/ sharing, [Static site hosting??][kbfs-static]) 28 * Git repositories? Crypto? [An alternative to PGP?][saltpack] 29 30 ## Previous Attempts to Replace Keybase 31 32 I'm not the first person to try this, obviously. Some brave folks have 33 tried to build Keybase alternatives, such as [keys.pub][keys.pub] and 34 the brand-new [Keyoxide][keyoxide]. I've tried both, but found that 35 though they both are good in their own right, they are not the 36 solutions that I am looking for. 37 38 ## OK Time for the Steps 39 40 ### Step #1: Chat/Messaging 41 42 There are a few great pre-existing options for encrypted messaging: 43 [Signal][signal], [ProtonMail][protonmail] if you want to go full 44 email, [Telegram][telegram], and [WhatsApp][whatsapp]. However, they 45 all have their problems (though I use the first two on a daily basis). 46 Signal requires a phone number, and is more of an iMessage/text 47 replacement than a Slack-style chat app. Protonmail is literally not 48 chat – it's email. Telegram is (debatably) [not][telegram-security-one] 49 [secure][telegram-security-two]. If you use WhatsApp for security you 50 might be crazy – I only use it because it's *the way* to communicate 51 with people in the Middle East and Africa. 52 53 Instead, I would recommend you use [**Matrix**][matrix]. Matrix is an 54 "open network for secure, decentralized communication," and it's the 55 perfect replacement for Keybase's chat ~~and I would argue most other 56 chat apps too~~. It utilizes E2E encrypted messaging, and can be 57 self-hosted as well ~~or if you're cheap like me just get your friend 58 to host~~. 59 60 In addition to a Matrix server, you also need a client. For this, I 61 recommend [**Element**][element] – though [Nio][nio], once stable, 62 will almost surely be my go-to. Element is a beautiful Matrix client 63 with a bunch of awesome features, including Slack-like integrations, 64 and apps for pretty much every major platform (Linux, MacOS, Windows, 65 iOS, Android, and a web client). ~~Plus it looks a lot like Discord.~~ 66 67 ### Step #2: Identity verification 68 69 Replacing Keybase's [original function][keybase-archive] is probably 70 the most difficult part of this tutorial: cryptographically verified 71 identity proofs is a great and innovative idea. I would swap this out 72 with an [**IndieWeb**][indieweb] profile – one [part][h-card] of the 73 larger [microformats][microformats] HTML structure. There are some 74 pretty great tutorials out there (I would recommend [this 75 one][kev-article] by the fantastic [Kev Quirk][kev] and [this 76 one][brian-article] by [Brian Wisti][brian]), so I won't go into too 77 much detail about exactly how to do that. However, it's important to 78 note that though Kev recommends hiding your h-card with the 79 `display: none;` property: [don't do that][invisible-metadata]. I just 80 merged my about and contact pages onto my homepage, and added the 81 microformats classes to my existing markup. 82 83 {{ image(sources=["h-card.png"], fallback_path="h-card.png", fallback_alt="My Indieweb h-card") }} 84 85 ### Step #3: File Storage 86 87 Replacing KBFS is easy to do, but hard to get right. Swapping to 88 [Google Drive][drive] is probably the move that most people would 89 make, but that abandons the entire security/encryption aspect of 90 Keybase. There's also [Dropbox][dropbox], but that has the same 91 problems as above. [ProtonDrive][proton-drive] has potential, but it's 92 not out yet. 93 94 **EDIT:** ProtonDrive is now in beta for paying subscribers, but I am 95 shifting away from the Proton ecosystem for other reasons and do not 96 recommend it. More in a future blog post. 97 98 Enter [**Syncthing**][syncthing]. [Nikita Tonsky][sync-article] wrote 99 one of my favorite posts of all time about Syncthing – go read it. One 100 reason Syncthing is so great is that it's not the same thing as KBFS 101 or any of the other "Drive" solutions. Instead of being a file hosting 102 system, it's a "continuous file synchronization program" – aka p2p. 103 You have no data limits other than your storage and no third-party to 104 worry about. Plus, sharing folders is also incredibly easy. Just read 105 the article. 106 107 ### Bonus Step #4: Video Calling 108 109 It would be a shame to talk about text chat, or really any form of 110 communication, in this new pandemic age without talking about video 111 chat. After all, the whole reason I'm writing this article is because 112 the new videocalling giant [Zoom][zoom]. So, how have I replaced Zoom 113 and how does that relate to replacing Keybase? Well, Matrix happens to 114 have a fantastic [Jitsi Meet][jitsi] [integration][jitsi-in-matrix]. 115 Plus, the folks over at Jitsi are [working on E2E encryption for their 116 calls][jitsi-e2e]. I've integrated Jitsi Meet into my self-hosted 117 instance of Matrix, and now all my videocalls are just that – mine! 118 119 ## Summary 120 121 * Swapped chat to Matrix and Riot. 122 * Swapped identity verification to Indieweb. 123 * Swapped file storage/sync to Syncthing. 124 * Added videocalling to chat program via Jitsi. 125 126 ## Conclusion 127 128 Keybase is a great service, and the people who work there should be 129 really proud of what they've built. However, given Zoom's aquisition 130 of the company, the stability and security of the product have been 131 called into question. So, ever one to hop on a hype train, I jumped 132 ship. I'm really happy with my solution, and I'd love to hear your 133 thoughts as well. 134 135 [keybase-joins-zoom]: https://keybase.io/blog/keybase-joins-zoom 136 [zoom-security-one]: https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5 137 [zoom-security-two]: https://theintercept.com/2020/03/31/zoom-meeting-encryption/ 138 [zoom-security-three]: https://twitter.com/c1truz_/status/1244737672930824193 139 [zoom-security-four]: https://protonmail.com/blog/zoom-privacy-issues/ 140 [zoom-security-five]: https://www.axios.com/zoom-closes-chinese-user-account-tiananmen-square-f218fed1-69af-4bdd-aac4-7eaf67f34084.html 141 [zoom-security-six]: https://twitter.com/nicoagrant/status/1268020841054269440 142 [zoom-security-seven]: https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/ 143 [zoom-security-eight]: https://twitter.com/DanAmodio/status/1245329512889487361 144 [zoom-security-nine]: https://twitter.com/Ouren/status/1241398181205889024 145 [zoom-security-ten]: https://news.ycombinator.com/item?id=23103386 146 [keybase]: https://keybase.io/ 147 [kbfs]: https://book.keybase.io/docs/files 148 [kbfs-static]: https://book.keybase.io/docs/files#keybase-pub 149 [saltpack]: https://saltpack.org/ 150 [keys.pub]: https://keys.pub/ 151 [keyoxide]: https://keyoxide.org/ 152 [signal]: https://signal.org/ 153 [protonmail]: https://beta.protonmail.com/ 154 [telegram]: https://telegram.org/ 155 [whatsapp]: https://www.whatsapp.com/ 156 [telegram-security-one]: https://news.ycombinator.com/item?id=6936539 157 [telegram-security-two]: https://translate.google.com/translate?hl=en&sl=ru&u=http://habrahabr.ru/post/206900/ 158 [matrix]: https://matrix.org/ 159 [element]: https://element.io/ 160 [nio]: https://nio.chat/ 161 [keybase-archive]: https://web.archive.org/web/20140322062148/https://keybase.io/ 162 [indieweb]: https://indieweb.org/ 163 [h-card]: http://microformats.org/wiki/h-card 164 [microformats]: http://microformats.org/ 165 [kev-article]: https://kevq.uk/how-to-create-an-indieweb-profile/ 166 [kev]: https://kevq.uk/ 167 [brian-article]: https://randomgeekery.org/post/2020/04/indieweb-h-cards/ 168 [brian]: https://randomgeekery.org/ 169 [invisible-metadata]: https://indieweb.org/antipatterns#invisible_metadata 170 [drive]: https://www.google.com/drive/ 171 [dropbox]: https://www.dropbox.com/ 172 [proton-drive]: https://twitter.com/ProtonMail/status/1278389663078768641 173 [syncthing]: https://syncthing.net/ 174 [sync-article]: https://tonsky.me/blog/syncthing/ 175 [zoom]: https://zoom.us/ 176 [jitsi]: https://jitsi.org/ 177 [jitsi-in-matrix]: https://matrix.org/blog/2020/04/06/running-your-own-secure-communication-service-with-matrix-and-jitsi 178 [jitsi-e2e]: https://jitsi.org/blog/e2ee/