I like the key validation part of keybase, which somewhat takes the place of crypto party in-person web-of-trust key exchange event thingies. For those unfamiliar, keybase uses various social media accounts or domain or website rights to demonstrate that a person that is able to post information to those places also has access to their private key. So, for example, if you know someone and follow their work on a social media account or can check their DNS information or a magical URL on a site they control, and you are reasonably confident they haven't been kidnapped and they haven't mentioned losing control of their private key, then you have some confidence you have a valid public key.
I don't completely trust the keybase application (in fact I have it turned off) because "it's just some random binary a company gave me". It does some cool things though, including the userfs where you can copy files and they are magically transported to a corresponding directory on another keybase users machine, and vice versa. I think the application is open source though, so you could presumably inspect the source code and build it yourself. I haven't tried that. To your specific question at the end, I don't have much to contribute, sadly. On Tue, Jan 8, 2019 at 10:42 PM Mike C. <[email protected]> wrote: > I'm curious to know what others do in vetting security apps they use > or may recommend to others. > > I use a variety of fairly well known secure email & chat apps but just > learned about an app called Keybase. https://keybase.io/docs > > It's like encrypted Slack but also some really interesting things like > an encrypted cloud based file system and secure digital identity > management. > > Also, this seems like they're using blockchain: > "Every account on Keybase has a public history. "Sigchains" let > Keybase clients reconstruct the present without trusting Keybase's > servers. And when you "follow" someone on Keybase, you sign a snapshot > of your view of the claims in their sigchain." > > In the past I trusted apps that I use because of recommendations by > the EFF, Edward Snowden, the general digital security community. > > Currently, there doesn't seem to be too much written up about Keybase > other than an article on HackerNews from 2016. > > The ask. Does anyone play a bit more on the bleeding edge with privacy > & encryption apps and if so how do you go about vetting an a new app > that's relatively unknown? > > Thank you, > > Mike > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug > _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
