Someone recommending the closure of #Keybase accounts and rotating keys, passwords, and anything else that KB has touched.
I probably have not been as vocal about it, but ever since I personally discovered (very early on in KB's existence) that following their default instructions uploaded your #privkey to their server, I have recommended avoiding them, cancelling any keys used with them, closing any existing KB accounts. I still feel that way ... and tying up with #Zoom is unlikely to improve my opinion of them.
Not sure that buying Keybase, a company that originally uploaded people's #GPG #privkey by default, is going to add any understanding of security at all. I've avoided them since I discovered they were uploading private keys by default (though I've heard they later changed that) because that indicated they did not know what they were doing.
I am glad that Zoom seems serious about fixing their issues. I just don't think this is advancing toward that goal. Now, instead of one business with severe security issues, they have two businesses which might have such issues.
@pla Here's a link to one such discussion about #keybase. There have been others (usually linked by the hashtag, so if you find an old enough instance, the tag will lead you to some of the discussions).
It looks like the #keybase folks (villified for uploading people's private #gpg keys) are back*. This time, with some sort of mobile application.
* I wasn't even aware they were gone. It doesn't seem so long ago that I saw someone promoting this great new way to get everyone to encrypt their e-mail messages.
@morph @bob It used to be the default. If you followed their instructions, they uploaded your #privkey to #keybase servers. While that may have changed, having the option at all is unacceptably dangerous to noobs.
@yukiame @bob I'm not sure what "services" they offer, but uploading #privkey is not matched in worth by any service they could offer. Keybase (or rogue employees, or crackers, or gov't agencies in any major country) could unencrypt any communications sent to their users or send messages that pretend to be sent their users. It is so dangerous *especially to noobs* that it is unconcionable for #keybase to do this.
Is #keybase that trustworthy now? Back when I had an account, following their default instructions uploaded your privkey to their servers. (Once I knew, I closed the account.)