Trying to update my keybase.io account and failing. I think I'll just abandon it, because I don't think it adds any value over and above existing keyservers.
@yukiame Plus if I try resetting and starting over it asks me to upload my private key, which is a bit concerning. Well, a lot concerning actually. Even if the private key is client side encrypted with a passphrase that gives whoever owns the server a full time opportunity to try to crack it.
@yukiame That's even worse for noobs, because it means that they're likely to use an easy to crack passphrase.

@bob no coz the noobs are smart this days and use an Passwort manager

@yukiame So folks upload their private keys (hey, what universe am I in now?), then there's an inevitable data leak, then suddenly letter agencies have the keys and have cracked the passphrases.

Profit!

@bob keybase is trusted - they are not here to crack your passphrase - the 3 letters would have to crack your Twitter your Reddit your etc and they can't do that - now switch on your brain and yuse the pro option and use your key only locally

@yukiame Even if keybase is trusted there's the inevitable data leak in future and then letter agencies crack all the passphrases (especially the weak noob ones).

I don't think I can endorse that and I'm curious/suspicious about the whole idea of asking anyone - noob or expert - to upload a private key, so I'm retiring any support for keybase.io within !Freedombone.
@bob @yukiame When I joined, the default instructions uploaded the privkey along with the pubkey. That's a bad thing to do. I've been anti-keybase ever since.

@lnxw48a1 @bob no its the only option for noobs to be able to use the services on keybase at all - otherwise they would be excluded

@yukiame @bob I'm not sure what "services" they offer, but uploading #privkey is not matched in worth by any service they could offer. Keybase (or rogue employees, or crackers, or gov't agencies in any major country) could unencrypt any communications sent to their users or send messages that pretend to be sent their users. It is so dangerous *especially to noobs* that it is unconcionable for #keybase to do this.
Follow

@lnxw48a1 @bob they why are you there ? why don't you start your keybase and explain total noobs how to deal with private key and passphrases on their machine - i will not hold my breath

@yukiame I'm no longer "there" because of this. I don't want to lead noobs into danger because I appear to endorse something such as this.

As for explaining #GPG to noobs, I have done so in the past and I occasionally still do so.

CC: @bob
@lnxw48a1 @yukiame Exactly. I think this is leading people who are new to GPG into a place where they might be easily compromised later on.
Sign in to participate in the conversation
No Agenda Social

Home to Producers and Fans of the
No Agenda Show Podcast If you have an issue please DM @adam@noagendasocial.com