And #Keybase sold itself to this company. π€¦ββοΈ 
@TheFuzzStone glad I'm not using either #zoom or #keybase
@yarmo, As I provide escrow services for the Russian/Ukrainian part of the #crypto community, there are many scammers who pretend to be me in order to steal money from people, so I always encourage everyone to request a #PGP signature for some message to make sure it's me. 99.999% of people don't want to deal with PGP, install additional software, import my PGP key, etc.
In this case people need only to copy-paste my signed message here and press "Verify" button:
@TheFuzzStone can we not put a verify button on our own website? Or would that be not trustworthy? I understand the advantage of keybase being easy for verification. But pgp existed before keybase, surely there must be other ways to achieve what they did.
So what Keybase got absolutely right is
1) a trusted website
2) that holds PGP keys of many people
3) easy to use copy & paste user interface
opmsg actually does just that including web-of-trust on top of BTC blockchain except for the nice web interface. Interesting challenge, need to think about it.
@TheFuzzStone @kravietz so then should we not build a keybase clone that uses those key servers as the backend? Shit those are public keysβ¦
What makes keybase trustworthy?
@yarmo, a little secret - Keybase's back-end is proprietary. π
@TheFuzzStone that's hardly a secret right? π
Wait, is that a "proprietary so safe" or a "proprietary so not trustworthy"?
Well, the nice thing about Keybase is that you don't have to verify it, it's built into the system already and you don't need to think about it. The whole complexity of the social graph is hidden from the user and this is precisely what @TheFuzzStone described - and it's a very interesting usage scenario with real threat actors, which is precisely why it intrigued me so much. In 90% of the regular business security this is superficial because they're centralized...
@kravietz, not only does it "hold" the keys, it also needs the ability to verify the signature.
These are typical PGP servers, but they're difficult for beginners:
* https://pgp.mit.edu/
* http://keys.gnupg.net/
* https://keyserver.ubuntu.com/
* https://pgp.circl.lu/
https://pgp.key-server.io/
You can find my key there, but, if you want to check my sig - you need to install some PGP client, import my key, set up the level of trust (the most confusing moment for beginners) and then check the sig.