Data -> Chats and actual Identity

Metadata -> Who with whom and when from where,...

They construe payment info, PII and similar except chat contents as metadata and say metadata of metadata was that which is normally called metadata. And that it was safe to share despite this obviously being not true.

Everyone remembers https://www.nybooks.com/daily/2014/05/10/we-kill-people-base...

?

How does one understand the authors motivation?

I tossed them without a second thought after they annoyed me with Stellar. Nobody uses Stellar if they dont have a hidden incentive. It always had a huge forced marketing vibe.

Is there some sucessor to keybase?

(Motivation disclaimer: I want to dump on Keybase because in the end, even with flawless crypto at first, those organizations always erode the good things down to centralized with platform control again.)

I guess we need better words.

Things are being worked on.

Watch Sequoia.

Maybe some things regarding UX on my radar will surface in a range of <2 years.

The whole intention was to raise attention to a less often mentioned part of the information github exposes about accounts.

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCssSd91viJEmUQNx28L6JifYcGwTNEkLnmvZvdNxWxdTCrKwPEBVdlLooN90QugL/mJVwcWj9qsnOLbcoVaJlqMppY8UYlHP6OnGwKRGkpPdbKHnBA+Rrg7r8GUwdLW/PvI8DWhEPXzzWvrCNiESJWVdSCT2bTfAA3CQuPnL9cr5hcpw0i1jf7PBXRiVw2E2133KhEr91xNMH/jXh4jrly3J+kmBEmJcrkHNrHj0O8Ml+PmVQknq+tYT1DivnE2dxHoMkfdP0xP9yV9s0+7/JhU+tnXJ2+kaIOSpOOmhBPyjNYO6wkNvQh3aYzKrtcoOWPO2y56sfw9Uqlbpyr1ZU1 Gargyle

Albeit for long-term public signatures I see the benefit in spreading the sig and revocation information from the classical tools in to as many hard to modify places as possible. Popular global databases like Ethereum and similar are good condidates for that.

And of course have the verification scheme expose inconsistencies between different key-sources and tag them with their respective power structure categories. (Lime Government, Cryptocurrency-Devs, HugeCodeHostingPlatform, CompanyBehindHugeCodeHostingPlatform, etc...)

Its a big privacy leak, not a big security leak.

Your Pubkey can be used to cross-match multiple identities. Example: You have different coding personae. One that is activist, one that is company-peon. Different accounts, same SSH pubkey in Github or other server with publicly listed pubkeys --> Same person confirmed.

As a result of this the information can be used to target each of the identities in a more precise manner. On the human layer of the security side: New phishing/deception/blackmail vectors.

On the organizational layer: we have to target these keybearer devices now.

Maybe it even helps in a cryptanalytic way in some weird exotic scenario but not substantially.

And of course separation of concerns if you have different keybearer devices.

(Also the famous Keysticks are a nice solution to that organizationally but they are an additional risk for big scale attacks by having biased RNGs. In the end its hardware and audits are just a voluntary thing by corps. They can always choose to hide things from auditors or do a compromised batch at their mercy.)