Keybase, Zoom and Messaging

Zoom has acquired Keybase. It came as a shock at first; but, it shouldn't surprise us.

Zoom has been having a rough time with the security and privacy community. Countless articles have cropped up on Zoom's countless problems. From Windows zero-day vulnerabilities to a dangerous Mac exploit and even using the worst form of AES encryption: Zoom has a problem that requires a hefty solution. The solution is to acquire a company that can improve your encryption for you. (Google has been doing similar things for years.) Keybase is unlikely to grow because cryptography is a niche market; the only users they have don't pay for the product. It is logical for this to have happened. With all the new money Zoom has now that most people are in lockdown, why not use it to improve your biggest flaw?

For Zoom users, this is could be a major advancement. If Keybase implements everything correctly then the security of Zoom calls will hugely increase. For Keybase users, this should have been expected. A centralised platform that relies on closed source servers was bound to have problems. Additionally, the team behind Keybase aren't exactly known for privacy. This was their first venture into the area, and it was most likely because they spotted a gap in the market.

The debate on centralised versus decentralised still continues. Those who used Keybase for messaging will be eager to change platform. Similarly, Keybase initially started as encryption key management tool and many are looking for a replacement. Already many alternatives are emerging:, Keyoxide and other decentralised proofs are all interesting options.

The world won't end because of this. It's still unclear as to how Keybase will change because of this. Even so, there are plenty of alternatives including federated options like Element, who announced end-to-end encryption by default. For most, using Element will sufice until Zoom reveals their plans. Nonetheless, it will still be intriguing to see the developments that happen in the coming weeks.

I’m publishing this as part of 100 Days To Offload. You can join in yourself by visiting

#100DaysToOffload – Day 13/100