Keybase stock3/6/2023 (Whatsapp founder Jan Koum specifically left Facebook over privacy concerns. You could try Whatsapp, but that’s now owned by Facebook which means, in spite of end-to-end encryption, Facebook could potentially still be accessing that content. But Facebook automatically scans these messages for abuse and combs through them manually for other, random pieces of information. Someone is always listening: either the company providing the chat service, or governments (Normcore post), or third parties who want to scoop up data.įor example, you could try Facebook Messenger. However PGP and it’s friendlier cousin, Keybase, give us a set of primitives that allow reliable and safe transferring of secret data.Today, it’s nearly impossible to have a truly private conversation online. There are times when the need to transmit data that is very sensitive in nature is unavoidable. While it’s unlikely that keybase will get compromised, PGP forms the root of a whole series of other sets of trust, and it’s one of the things we should be truly careful with. Basically, they take care of the nerdy stuff.įor developers, experts or the ambitious it’s better to purchase and use a Yubikey instead. So long as the important bit is replaced with the -BEGIN PGP MESSAGE-, it’s secure in transport.įor beginners, there’s a version of Keybase where keybase takes care of all key management, storing the “ultimate” private key and handling the issuing of subkeys etc. It’s still in wide use in the hacker community, and is the defacto standard for reporting security vulnerabilities safety. It can be bespoke and a bit fiddly, but the standard itself is safe enough. That means although it’s a website, you’re never sending your data to Keybase. The encryption happens in the browser itself, without querying the server except to fetch the public key. Essentially, it provides a way to say “yes, /andrewhowdencom is /andrewhowdencom”.Īnd, most importantly for our purposes, it provides easy ways to encrypt things with the public key. It allows a public chain of trust, endorsements and the signing of various public properties such as Twitter, GitHub etc. However, keybase.io has done some tremendous work making PGP more accessible and usable to the general public. Traditionally PGP was the domain of “serious computer people” of Linux nerds, hackers and encryption geeks. That means only someone who has my keyring and the associated pass code can decrypt the content that is encrypted with the public key. Private key: used for decrypting content, and generating signaturesĪs the name suggests, the private key is private - specifically, it’s stored on a Yubikey on my keyring.Public key: used for encrypting content, and verifying signatures.Without going too far into the details, I have a: Keybase is built on top of PGP, or “Pretty Good Privacy” is an encryption specification based on public-key cryptography. Take the content that starts BEGIN PGP MESSAGE and send it via a normal email.Enter a message that contains the credentials, and hit “encrypt”.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |