Rocket Chat is another solution. You can set up your own server fairly easily with docker if you want. I haven't seen a recent security audit for it.
On Tue, Jan 8, 2019 at 10:59 PM Russell Senior <russ...@personaltelco.net> wrote: > I like the key validation part of keybase, which somewhat takes the place > of crypto party in-person web-of-trust key exchange event thingies. For > those unfamiliar, keybase uses various social media accounts or domain or > website rights to demonstrate that a person that is able to post > information to those places also has access to their private key. So, for > example, if you know someone and follow their work on a social media > account or can check their DNS information or a magical URL on a site they > control, and you are reasonably confident they haven't been kidnapped and > they haven't mentioned losing control of their private key, then you have > some confidence you have a valid public key. > > I don't completely trust the keybase application (in fact I have it turned > off) because "it's just some random binary a company gave me". It does > some cool things though, including the userfs where you can copy files and > they are magically transported to a corresponding directory on another > keybase users machine, and vice versa. I think the application is open > source though, so you could presumably inspect the source code and build it > yourself. I haven't tried that. > > To your specific question at the end, I don't have much to contribute, > sadly. > > On Tue, Jan 8, 2019 at 10:42 PM Mike C. <mconno...@gmail.com> wrote: > > > I'm curious to know what others do in vetting security apps they use > > or may recommend to others. > > > > I use a variety of fairly well known secure email & chat apps but just > > learned about an app called Keybase. https://keybase.io/docs > > > > It's like encrypted Slack but also some really interesting things like > > an encrypted cloud based file system and secure digital identity > > management. > > > > Also, this seems like they're using blockchain: > > "Every account on Keybase has a public history. "Sigchains" let > > Keybase clients reconstruct the present without trusting Keybase's > > servers. And when you "follow" someone on Keybase, you sign a snapshot > > of your view of the claims in their sigchain." > > > > In the past I trusted apps that I use because of recommendations by > > the EFF, Edward Snowden, the general digital security community. > > > > Currently, there doesn't seem to be too much written up about Keybase > > other than an article on HackerNews from 2016. > > > > The ask. Does anyone play a bit more on the bleeding edge with privacy > > & encryption apps and if so how do you go about vetting an a new app > > that's relatively unknown? > > > > Thank you, > > > > Mike > > _______________________________________________ > > PLUG mailing list > > PLUG@pdxlinux.org > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > _______________________________________________ > PLUG mailing list > PLUG@pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > _______________________________________________ PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
