Google's constant messanger churn tires regular users that just want to communicate instead of taking part in Google's internal political/promotion experiments.

The commercial internet never did. Don't forget about Torrents and lib gen rus. They're part of the internet too.

> The fact that e.g. Netflix offers different movies for every country is something that honestly does not make any sense yet everyone accepts it.

People "accept" it because it's convenient and they are not aware that there are other options. How would you suggest people reject it?

Practically every time you use asymmetric keys what they really encrypt with them is a symmetric key that encrypts the underlying data. Thus symmetric key cryptography is everywhere, just not directly exposed.

Looks and sounds weird though!

[0]: https://blog.chef.io/introducing-developer-certificate-of-or...

I guess S440 never heard about the Streisand effect....

One unanswered question: should the mailing list software rewrite Return-Path? (to detect bounces) wouldn't that trip DKIM alignment?

You could additionally seal the TPM key to specific PCR values so that only booting your kernel would allow using that TPM key.

> kernel, but potentially not root, could be able to change the tpm keys on an x86 system?

Depends on what do you mean by "change". They can't extract private bits but they can remove and add new ones. But if the data is encrypted using the old key it would become bit recoverable.

See: https://datatracker.ietf.org/doc/draft-koch-openpgp-webkey-s...

As far as I've seen the proof integration is used only for Mastodon insurances and Keyoxide supports all of them by default: no need to ask for permission, no weird conditions to enter like, instance has to be bigger than N people.

I see this as a way to control who gets into Keybase. A perfect example of centralized control. The idea of programmable proofs looks good though.

> If you have any suggestions as to which E2E (group) messaging+fileshare+git platform I could use as a replacement for Keybase I'm all ears.

Sadly I won't help you with that. There are a number of services that want to eat Keybase's cake now but neither of them hits all points on my scale. So I'm using mostly several different services to get a semblance of the Keybase experience.

It seems there's already Keybase like solution using OpenPGP only (no centralized infrastructure needed): https://keyoxide.org/

Reply to person, CC the list.

> How do I make sure the emails are threaded properly?

Using In-Reply-To header that references parent Message-ID. Git asks for it when sending a patch.

Agreed, Programming Rust is really nice and I read a dozen of Rust books already. I'll be buying 2nd edition as soon as it's available.

The real problem is hosting issues and PRs in such a way. Github has an API and it's possible to script the backup but source code gets backup automatically so when the takedown strikes it's not a big problem.

Actually smartcards were already supported when I tested alpha some time ago. Thunderbird used GpgME to talk to GnuPG and GnuPG talked to the smartcard.