Keybase, Zoom and Messaging

Today Zoom acquired Keybase. It came as a shock to me at first; but, it shouldn't surprise us.

Zoom has been having a rough time with the security and privacy community. There have been countless articles on Zooms many problems. They have had 2 Windows Zero Day vulnerabilities, along with a Mac exploit that could allow hackers to take over a Zoom user’s Mac. To make matters worse, they use the worst form of AES encryption which allows the original image still to be partially visible. Zoom has a problem that requires a hefty solution.

The simple answer is to acquire a company that can improve your encryption for you. Google has been doing similar things for years. Keybase is unlikely to grow because cryptography is a niche market; the only users they have don't pay for the product. It is logical for this to have happened. With all the new money Zoom has now that most people are in lockdown, why not use it to improve your biggest flaw?

For Zoom users, this is could be a major advancement. If Keybase implements everything correctly then the security of Zoom calls will hugely increase.

For Keybase users, this should have been expected. A centralised platform that relies on closed source servers was bound to have problems. Additionally, the team behind Keybase aren't exactly known for privacy. This was their first venture into the area, and it was mainly because they saw a gap in the market.

The debate on centralised versus decentralised still continues. Some may have used Keybase as their centralised messaging platform, potentially because of concerns with Signal. If you're looking, I'm currently helping out with the development of BitPost a, lightweight private messaging platform (not yet in release), so feel free to check it out .

Keybase initially started as encryption key management tool, so what should we use now? Keybase proofs were a simple way to prove an identity, it will be interesting to see if something similar gets made. Already, a former Keybase developer has made his own platform keys.pub. Equally, Keyoxide and Wiktor's decentralised proofs are two interesting new projects.

The world won't end because of this. It's still unclear as to how Keybase will change because of this. Even so, there are plenty of alternatives including federated options like Element, who today announced end-to-end encryption by default.

I'll be using Riot until I know a little more about the plans Zoom has. But, it will be intriguing to see the developments that happen in the coming weeks.


I’m publishing this as part of 100 Days To Offload. You can join in yourself by visiting https://100daystooffload.com

#100DaysToOffload – Day 13/100