I deleted my Keybase account

Keybase was acquired by Zoom, the videoconferencing company. In case you never heard of Keybase, it’s a service providing “identity” proofs tied to cryprographic keys, pulling together the various digital identities that many of us have online.

My Keybase account was deleted. None of the proofs exists anymore, even those that I had published on a few websites that I don’t even use anymore (like Twitter). I had never used it except for that vanity ‘look at my identities’ feeling. And to think that in the beginning many respected FOSS leaders jumped in like it was an amazing solution to GPG usability issues… Now it’s filled with fake accounts eager for cryptocurrency.

As many have noted, Keybase was bound to be sold from the beginning since it was based on venture capital funding. It may be difficult to put it in practice, but my resolution is to never create new accounts on web services provided by VC funded startups. And even without the VC, the Keybase server and infrastructure always was a proprietary black box ‒ you have no way of running your our Keybase server. Clever marketing had this centralization pictured as the best solution to the wide fragmentation that makes many possible uses of cryptographic keys difficult for most people.

Of course I had never uploaded my private keys to Keybase, despite this being strongly encouraged by the official documentation. But there’s a good chance that some people did that, and it doesn’t sound too good.

I don’t think I will look for a replacement, even though a few alternatives have already been announced (keys.pub, openpgp proofs). My current GPG key is found at keys.openpgp.org and many email clients can retrieve it on the fly thanks to WKD.

New GPG key

I’ve had a GPG key since 2001 (laughing at my e-mail address at that time is allowed, but not encouraged). My current GPG key was created in 2004, and the keysize is 1024 bits. While not urgent, it is a good idea to upgrade to a safer key.

I followed the how-to by Ana Guerrero, and I created my new GPG key with ID 3073EEC0DE1CCC58. It is important to sign your new key with your old key. The old key will be revoked at some point in the future.

If you have a GPG key that is still 1024 bits, it might be good to create a new one in the near future. If you don’t have a GPG key yet, the best thing is probably to download Enigmail or another similar program, and start using it right now.