April 15, 2019
Today we’re announcing that Keybase has a new, open proof protocol, and we’ve kicked it off with the Mastodon Fediverse. Already, 31 communities are live (mastodon.social, witches.live, aus.social, etc.), with many more in the coming days.
Previously, Keybase only supported the mega-behemoths: Twitter, Facebook, Reddit, Github, and HackerNews. This new protocol change isn’t just for Mastodon; we’re ripping Keybase wide open, so any community can cryptographically connect profiles to Keybase.
Everyone from a small phpBB forum to a big site such as Etsy, GitLab, or StackOverflow is welcome to do this easy integration.
First, what is Mastodon?
Mastodon is a microblogging social network. It’s like Twitter, except anyone can administer an “instance,” on a domain of their choice, letting in whatever members they want.
If you’re on an instance called cereal.eaters and I’m on an instance called milk-providers.org, we can follow each other and see each other’s “toots” across the network. Censorship rules are up to the instances. This is federation at its finest.
It’s pretty slick, and it honors the original spirit of the Internet.
Keybase Proofs
Keybase is a secure (as in cryptography) app for groups, communities, families, and friends. At its core is identity. Keybase is a catalog of connected identities and keys. For example, here’s my friend tammy :
I know her as @tammycamp on Twitter, and Keybase teaches me she’s also u/hodl_strong on Reddit. Further, Keybase lets me have an encrypted chat with her, or add her to a group I’m building. I can feel safe I’m talking to the right person.
My Keybase app actually checks that she posted a signed tweet on Twitter.
An example of our old way of doing things
Let’s walk through one. In our scenario, Keybase user haraldbluetooth wants to prove he is @toothyharald on Twitter.
After typing his Twitter handle into the Keybase app, Harald goes through these screens:
Problems with the old way
Pretty quick and easy, right?
Still, we think this flow is choppy. Harald’s Keybase app can tell him exactly what to tweet, but once he’s in Twitter, Keybase is just sitting around, hoping he didn’t change anything before posting.
Problems:
- posting is brittle; Twitter may not link to a screen with the tweet pre-filled. Also Harald may edit the tweet and mess it up. Twitter will still let him post it, but it will be nonsense.
- people can post false claims on Twitter; Keybase wouldn’t understand or honor them, but a tweet that’s a lie might confuse Twitter users.
- every site is different; Keybase needs to understand how to look up tweets, parse them, confirm the author, distinguish usernames, etc. It would be easier if Twitter could tell Keybase apps how it works and how to look up a proof.
- the tweets flow into history; how can someone start on Harald’s Twitter profile and know his Keybase username?
Our new protocol
Mastodon has done all this right, starting in Mastodon version 2.8. And now anyone else can, too.
Here’s what the proof flow looks like for Mastodon. When haraldbluetooth claims in Keybase that he’s allmyteeth on mastodon.social, he lands on a mastodon.social page:
Further, His mastodon.social page shows this special row:
This, unlike a Tweet or Toot that could say anything, only shows up on his Mastodon page if it’s legit.
FINAL RESULT: if you know Harald on Mastodon, you can end up with his keys! Or if you know him on Keybase or elsewhere, Keybase teaches you about his Mastodon identity. All cryptographically verifiable.
For programmers…a neat bonus
You can send encrypted messages from the command line, using these proofs.
keybase chat send haraldbluetooth "Ensam är stark!"
keybase chat send allmyteeth@mastodon.social "Ensam är stark!"
Or, using the Keybase chat API
echo '{"method": "send", "params": {"options": {"channel": {"name": "allmyteeth@mastodon.social"}, "message": {"body": "Ensam är stark!"}}}}' | keybase chat api
Your Keybase app will verify all the crypto, and the chat will appear:
What the Mastodon project had to do
It wasn’t a large project. They had to create or update a couple JSON endpoints, a config file, and an extra screen to handle this proof connection. Any site can do it.
Keybase profiles – in both the app and website – now link to Mastodon.
That’s it. If your team builds a site or app with members, go for it. If you use an app or website you’d like to see connected to Keybase, you can send them this page.
Having fun!
💖 Keybase
FAQ
I’m on a team that’s interested. How do we get our project connected to Keybase?
Here’s our integration guide. It’s still a bit rough around the edges, but it should only take a day or two of programming to get your side done.
I run an Mastodon instance. Am I already added?
Perhaps. If not, reach out to xgess.
I REALLY want the admins of Site X to integrate with Keybase.
Get ON them!
What are your hopes and dreams?
We would love to connect Keybase to any forum and messageboard software, GitLab, NPM, Ruby Gems, other code publishers, and even LinkedIn.
Over the years, people have asked us for various integrations in this ticket. If you know anyone on any of those teams, it’s now in their hands…we’ll be standing by to help out.
I think you should do this slightly differently.
Please let us know. We can expand and improve this.
Why Mastodon first?
Because our users requested it in force. And because we feel like there are shared values here. And because they were willing, helpful partners (thanks @gargron).
Are there sites you won’t link to?
Like a Mastodon instance, we reserve the right to work with whichever partners we prefer. We specifically will avoid at least these sites:
- sites which encourage or are known for illegal activity
- sites which primarily link to advertisements
- sites which feel tiny and spammy. We don’t want 10,000 partners with 5 members each; if you run, say, a family or apartment website, you don’t need to do this integration. Just prove ownership of the domain in the old Keybase way, putting your family’s proofs in yoursite.com/keybase.txt
What’s next?
We’re toying with an idea of auto-creating teams based on these integrations. If you run sitex.org, then your connected users could also automatically end up in teamx on Keybase, in channels of your choice, for encrypted chat and file sharing. If you run a larger community or site and are interested in talking about this feature, reach out to chris on Keybase. We could prioritize it.
What else?
Some big visual design changes in ~2 weeks.