They construe payment info, PII and similar except chat contents as metadata and say metadata of metadata was that which is normally called metadata. And that it was safe to share despite this obviously being not true.
Are there resources on the impact of Keybase being bought by Zoom?
Zoom is out of question too because they discourage e2e and darkpattern you into installing their software despite browser compatibility and because they darkpattern you into giving cam/mic access just to listen to a broadcast-only session even if unnecessary. They place their own controlled device toggles as source of truth instead of those by the browser UI and fail in weird ways if you toggle in-browser.
(Same for almost all other similar software as well)
I tossed them without a second thought after they annoyed me with Stellar. Nobody uses Stellar if they dont have a hidden incentive. It always had a huge forced marketing vibe.
Is there some sucessor to keybase?
(Motivation disclaimer: I want to dump on Keybase because in the end, even with flawless crypto at first, those organizations always erode the good things down to centralized with platform control again.)
You might have gotten me having this too narrow to be broadly useful. Because we were already arguing about a detail and I concentrate just on this detail, not a general github privacy overview.
The whole intention was to raise attention to a less often mentioned part of the information github exposes about accounts.
Can be configured in .ssh/config.
Shortcut for that is to use subdirs or filenames for keys that arent searched automatically and not have a default-name-key.
I am not sure actually because I do not have any persistent github accounts. I only do them in a throwaway fashion. (Of course Github is making that more annoying by the month, as every other bigcorp site.)
Its actually the same thing. A shared identifier. Of course email is another thing to separate for separate identities. But it is way more widely known that email adresses are used ad an unique identifier.
I am just wary of flattery and "my friend".
I am not especially suspicious of your motives but we don't know each other yet. If you want to have an interesting conversation with me I am positive to do that pseudonymously. Maybe leave me a pubkey here
Attaching this to cryptoassets increases your operational (more mental overhead, doesnt work with simple keybearer devices, you assume people to be lazy and bad at key management) and technical (irrevocable ethereum-bugs that can only be mitigated by chain splits) complexity.
Albeit for long-term public signatures I see the benefit in spreading the sig and revocation information from the classical tools in to as many hard to modify places as possible. Popular global databases like Ethereum and similar are good condidates for that.
And of course have the verification scheme expose inconsistencies between different key-sources and tag them with their respective power structure categories. (Lime Government, Cryptocurrency-Devs, HugeCodeHostingPlatform, CompanyBehindHugeCodeHostingPlatform, etc...)
The crowd that needs privacy is also the most high stakes and vulnerable crowd.
They are the people that may save civil society with a structure built by thousands of small stones.
Dismissing concern in that area is inherently giving tyrants and aspiring ones power.
To shortcut a lot of this developing twister of why people should use different keypairs for different ssh hosts:
Its a big privacy leak, not a big security leak.
Your Pubkey can be used to cross-match multiple identities.
Example:
You have different coding personae.
One that is activist, one that is company-peon.
Different accounts, same SSH pubkey in Github or other server with publicly listed pubkeys --> Same person confirmed.
As a result of this the information can be used to target each of the identities in a more precise manner. On the human layer of the security side:
New phishing/deception/blackmail vectors.
On the organizational layer: we have to target these keybearer devices now.
Maybe it even helps in a cryptanalytic way in some weird exotic scenario but not substantially.
And of course separation of concerns if you have different keybearer devices.
(Also the famous Keysticks are a nice solution to that organizationally but they are an additional risk for big scale attacks by having biased RNGs. In the end its hardware and audits are just a voluntary thing by corps. They can always choose to hide things from auditors or do a compromised batch at their mercy.)