What I think that they get very right is tying keys to social identity, as these networks function much better as a web of trust than the original PGP version. But I don't know why I can't shake the feeling that this is not a trustworthy service.

One really nice aspect of keybase is that it can be used at a number of different levels that suit one's own flavor of paranoia. You can use it as a key repository, just grabbing people’s keys and using your own PGP/GnuPG apparatus for signing. Or you can use their (much more pleasant) CLI and see their social identity tracking data. Or you can use their web UI just for client-side encryption/verification (also without uploading your key anywhere). Finally, the bold can upload their keys and use the web UI for the whole shebang, including decrypting/signing.

I think paranoia is warranted in this day and age, and I think one of the best outlets for paranoia is for people to try and educate themselves about privacy technology. Keybase is a great opportunity for that, since all of the most sensitive operations happen client-side via open source software.

Someone could serve a Javascript encrypter-decrypter app from IPFS so it would be certainly the same whenever you accessed it with the same URL.

Love the service.

I've invited few friends (from the IT industry) and nobody ever joined. I guess there aren't so much paranoid/gpg-aware people.

So I have 10 invites to give. Let me know.

This comment demonstrates everything that is disappointing about GPG. Went to a Defcon London meetup recently and there was only about 10 people in the room who actively used it (out of over 100)

Same for me, invited some selected friends who I thought could use it, but even those who signed up, never really finish setting up.

On the other hand did find some interesting new contacts there.

Have 4 invites if people still need!

Could I have one, please? Thanks in advance

Sure, have 1 left, what's your email?

Sorry for the delay, it's jokogr@gmail.com

Thanks again!

sent!

I wouldn't mind taking an invite of your hands, if you like. :) My email is hugo@barrera.io.

Hey I'd really like an invite!

[hello (at) arthurcolle.com] if you have any more :)

I'd love to give it a go if you have invites left.

sw@stevewillows.com

Sent!

thanks for this! I really appreciate it.

I'd love an invite, if you've still got them.

Could you share an email or a way to find it?

I also have some invites. Let me know if you want one!

I know I'm late to the party, but I'd love a keybase.io invite if you still have any. My email is in my profile.

I'd like one :) stroganov.a@gmail.com

I would like one please!

Sent.

Any chance I can get one? david@daviddworken.com

Sent.

Got it! Thank you very much.

I would love love love one. markeroon@gmail.com

Same with me.

I'd like one please :).

We need a way to find your email address, then we can send you an invite...

I have invites as well.

Thank you!

Sent.

You rule. Thank you.

could I get one ? fr@nklyn.ca

I just sent you an invite.

I have four^Wtwo invites available, if anyone's interested. Message me via email. FIFO and all that.

Edit: invites are gone. Try emailing the project leaders for some.

They're also very prompt and responding to fixing bugs. E.g. https://shkspr.mobi/blog/2014/12/disclosed-minor-bug-in-keyb...

Excellent service which makes determining keys much easier.

Oh cool - thanks for linking to that. I actually think the Github discussion that followed on Express was a good example of how people can actually collaborate well on software. In this case it just led to resolving a misunderstanding on my part: https://github.com/strongloop/express/issues/2464

At the bottom you can see I tipped some BTC. I recommend everyone should have a little balance of cryptocurrency to throw out thank yous to project managers who take the time to explain usage. It's worth a lot to you, so you should give some back.

I have 8 invites, let me know if you want one (see my profile). I would be extra happy if you could send me a lobste.rs invite :).

Edit: it turns out that my wife also has 8, so I'll forward once mine are gone.

Edit 2: my lobste.rs wish is fulfilled, thanks! We still have some invites left.

Ooh, also have invites if anyone wants them. Hadn't heard of lobste.rs, but seems cool if I could get an invite there in return, as well :)

If you have anymore left, I would appreciate one: rahool @ tuto.io . Thank you!

I have 10 and will also trade for a lobste.rs invite :)

(keybase proof and link to my social stuff in my profile)

I've got a few invites, and would love to trade one for a lobste.rs invite as well! :)

shoot me an email.

also: invites available for keybase; mail in bio.

I have lobsters - check your inbox. :D

Ditto.

I've got 8 invites available. If you have a lobste.rs invite, I'd appreciate one but I'm happy to give the invites away besides.

https://keybase.io/bbrown

I'm set on the lobste.rs front, but I got some more invitations. Three left now.

I'd love a keybase.io invite if still have any spare - email in profile.

If you have any invites left I'd love to have one. [email in about]

I have, but can't see your email in your about, am I missing something?

I'm out, sorry!

tnx anyway :-)

Appreciate an invite if you still have one available. Thanks!

You're the last one I've got but I don't know how to get in touch. I checked your domain's whois but I don't know if dns@bb is valid.

May I get one?

Sent to your email.

6 first-come, first served invitations.

I love the idea of Keybase and wish more people were using it. While it's not a replacement for keysigning parties, it's a nice probabilistic model for casual security.

If you run out of invites for HN folks, email me. (I'm https://keybase.io/chris).

We're working pretty hard on Keybase. For the last year it was just 2 of us (me and https://keybase.io/max) , but some amazing people just joined the cause and we're building a much better service. Our Go client, for example, is almost on feature parity with the old Node reference client, and we've started working on a nice OSX GUI.

A lot has been written about PGP and its shortcomings, and we agree with pretty much all the points: client integration problems, usability, the WoT just sucking, key management, revocations. So far at Keybase we've attacking one of the most important problems with PKI in general, not just PGP: getting the right key for someone. But it's really only one piece.

I don't want to (yet!) give away too much of what we hope to launch later this year, but there's nothing about Keybase that's specific to PGP. Or chat - which people seem to get hung up on. We think we're in a very good position to release open source software that makes people's lives more secure and more convenient. Everything from financial transactions, chats, and releasing public software should be easy with a PKI. It's just not working yet.

If I may use this as a way to publicly suggest some features that I would love to see:

- Client should support looking at my existing trust.db. I already have a number of signatures I collected pre-keybase, and I have verified a bunch of identities. I'd like to use these, and in fact be able to tell keybase.io that I have more than just social web proof that these are who they say they are.

- Ability to use email addresses instead of just keybase names when referring to users.

- Autocomplete when typing handles/emails on the client's command line. Using the Node client currently without this feature.

- When I tried to encrypt a file using keybase recently, it gave me an obscure error (#100) instead of telling me that I was logged out.

- encrypt should not silently create a new file by default. It should not overwrite an existing file either. Do `keybase encrypt joe@example.com foo.txt` twice, and have foo.txt.acs overwritten the second time. Instead by default it should output to stdout, and let you specify a file as an optional argument.

- Lastly, and this is way outside the scope of what keybase currently does, I'd love a built-in tool for exchanging encrypted files. Currently, I use chunk.io + curl + gpg to do this:

    function send-encrypted() {
       gpg -o - -aer "$2" "$1" | curl -T - http://chunk.io
    }

I am not suggesting that you guys host any type of file sharing tool, but perhaps integration with a service like chunk.io or similar would be nice. Otherwise, the process of sharing a secret (say a file with API keys, etc.) with a co-worker is to encrypt the file, then email it, which is annoying.

Thanks so much for the great work you are doing!

Thanks for the great work!

I think keybase.io will be an important part of solving public key cryptography usability, given that more of my friends are on keybase.io than there were ever on the PGP keyservers.

Is your Go client released yet? I would love to try the cli but wasn't stoked about needing to compile node on my laptop just to try the cli.

I would love an invite. Please help

I'd like to give it a spin, if you haven't run out yet. Contact info on my profile.

EDIT: Received and accepted. Thanks!

I'd also love an invite if you have an extra one. I'm joshcincinnati at gmail dot com. Thanks!

I just invited you.

Just got it---thanks so much!

I'd love an invite, if any remain. Email address should be in my "about".

I've invited you.

My thoughts are that with the implementation of data retention laws in Australia the ultra paranoid arena of PGP is becoming of greater relevance to the average citizen and so a simple, easily implemented, non-centralised, publicly identifiable crypto for everyday comms may become not only viable, but sought after - http://blog.lrdesign.com/2014/03/thoughts-on-keybase-io/

I will invite people to lobste.rs. Because of their rules (you misbehave, I have to bear the consequences) I will not just invite anyone, but only people I can find on the net and can be reasonable sure are not assholes.

So write me a mail with some information about yourself (have a look at my profile for the address) and if you don't look like a total dick I'll send you an invite.

I do have three keybase.io invites as well.

What is your email? I'm not seeing it on your profile.

Sorry, looks like it isn't public. contact@lostpackets.de

How can a web service encrypt your plaintext unless they have your private key?

Edit: ah you up an encrypted private key. I guess it gets decrypted live in your browser, without touching their network, if you trust keybase.io's JS. Whether you do indeed trust keybase IO's JS (it's OSS, yaay, is your browser running exactly what's on GitHub though?) is another matter.

You don't have to give them your private key -- it's just for convenience, if you happen to trust Keybase.

You don't have to run it in the browser, either; you can just install the command-line tool via NPM and know exactly what code you're running.

Previous discussions about keybase.io: https://hn.algolia.com/?query=keybase&sort=byPopularity&pref...

I have 6 invites to give out. Keybase proof and contact can be found in my profile.

I'd really appreciate an invite =) collin.raddatz@gmail.com

I just sent out my last invite to you. Have fun with it.

Thanks a lot!

Invites are all gone, sorry!

This is from 2014 and should be marked as such.

I have 8 invites to give out for those that want it!

Been on Keybase for a while and love it. Used it with a few coworkers.

I'm interested in chat client capacity implemented on top of something like keybase.io. Anyone?

I remember reading somewhere that PGP is not suited for realtime web chats. Can't explain precisely why or cite sources, though.

It's because asymmetric cryptography is very inefficient, so most protocols just use asymmetric public/private keys to send a symmetric key (AES, etc) to the recipient, so further communications can happen over the much more efficient symmetric keys.

That and PGP, AFAIK, also doesn't really do perfect forward secrecy. If you get the private key, you can decrypt all stored messages.

That said, you provide the answer: use PGP's asymmetric encryption to establish a session key, then use that to communicate.

That's actually how PGP works too - it generates a random symmetric key, encrypts the message with it, then encrypts that key with the recipient's public key and both message and encrypted symmetric key are sent.

http://en.m.wikipedia.org/wiki/Pretty_Good_Privacy#/media/Fi...

Have some invites as well, shoot me an email if you want some.

Late to the story, but I have 8 invites if anyone wants them.

I'd be really grateful for one if you still have any up for grabs. My email address is in my profile. Thanks in advance

I have couple of invites. Let me know if I can help someone.

I'd love one: eligundry@gmail.com

I've just invited you.

Another one with 8 invites. Send me a mail if you want one.

Just tweeted to you. Interested!

I have a few invites, again asking for a lobste.rs invite.

I have some invites, if someone's interested.

6 invites here. Email in profile.

8 invites available!

I wouldn't mind an invite if someone has one to spare. Email is my username at gmail.

Sent!

Got it, thanks!

9 invites available

If these are still available, could I get one? ETA: Disregard this post.