Keybase.io/TOSDR location #483
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Should these sites be under the "Tools" section?
https://www.privacytools.io/#resources
For TOSDR, I do know it's brief history. It was pretty much abandon roughly for a year (had to check the commits again - Feb 2017 - Jan 2018) because I use to frequent it a lot. Not sure why it was dropped in development, maybe due to a large collection of websites that need to be added, vetted, and properly documented or maybe just lack of development time.
With the renewed interest in DuckDuckGo's add-on, which uses TOSDR, the development has continued (hence why there's a whole page of commits on one date Jan 2018). Their new version (https://github.com/tosdr/phoenix or https://edit.tosdr.org/) is still in alpha but lets users rate services instead of only being to add service on Github only. I can imagine once this rolls out of Alpha and gets more updates, this is probably usable and easily recommended.
For Keybase.io, I have no problem recommending it as long as people know why it's there, what it's good for, and what the trade-offs are. Keybase.io is basically a wrap around GPG I believe and attempts to trade in the complexity of GPG for convenience and ease. It makes it easier to confirm identities through basically a "web of trust", but this places a lot of trust on Keybase's security. If you have your own PGP keys, you can upload them to keep using that "identity". Again still trust on Keybase's security because private key is only meant for you.
The second part of this debate, however, is concerning their Terms of Service & hypothetical NSL order. In section 5 of their Terms (https://keybase.io/docs/terms), it mentions that anything you put in the service is by definition theirs. I copied and pasted below:
"When providing Keybase or the Service with content, such as your name, username, photos, social media names, data or files, or causing content to be posted, stored or transmitted using or through the Service (“Your Content”), including but not limited to the Registration Data and any other personal identification information that you provide, you hereby grant to us a non-exclusive, worldwide, perpetual, irrevocable, royalty-free, transferable (in whole or in part), fully-paid and sublicensable right, subject to the Privacy Policy, to use, reproduce, modify, transmit, display and distribute Your Content in any media known now or developed in the future, in connection with our provision of the Service. Further, to the fullest extent permitted under applicable law, you waive your moral rights and promise not to assert such rights or any other intellectual property or publicity rights against us, our sublicensees, or our assignees."
As for the "hypothetical" NSL, the conversation is here: https://github.com/keybase/keybase-issues/issues/901. I'm not sure if it's true or not but I decided to just leave it there for people. At the end of the day, Keybase.io has it's flaws and deciding to trust it is a choice of who you are trying to defending against.
To clarify, keybase/keybase-issues#901 is a fake AP article. In 2014 I posted as if it were real to make a point: that we might as well assume it is real and behave accordingly. The "[Hypothetical]" was later added to the title, but may be too subtle. I just now added a note at the beginning clarifying that the AP article is a fabrication to reduce confusion.