Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Ability to hide followers and following. #11300
This issue is a repeat. Some really good arguements on how / why to implement it were raised.
I should be able to hide their icons from showing on my page.
The client can verify all their signatures, no one asking to break the sigchain or anything.
Just merely asking for the ability to remove the icons/usernames of followers from my profile. You can still see it in the terminal if you reeeeeeally want.
A rebuttal to that was “wellll this is just a social construct of ‘ooh I’m sooo scaaaawed people will think I’m associated with other people that appear prominently on my profile under the word “follower””
To which the reply was:
Uhhhh, wasn’t the whole point of Keybase to enfuse SOCIAL media with public key cryptography? Saying the fear is invalid because no one will make social assumptions on social media is....... not a good argument.
I am for it.
But like I said. It’s a duplicate.
"Follow" has a connotation in the real world as well as on Keybase. I should be able to quickly/easily categorise my "followers" into at least three categories:
That aside, making the social graph public has some problems as well, although it is central to Keybase functioning. So perhaps when I want to "follow" someone, we should both be able to temporarily expose our follower/follows list to ensure we are who we think we are, but when browsing publicly, only graph edges that we want exposed would be exposed?
See https://keybase.io/docs/server_security/following. Follower information is public info by design, so even if you were to hide it on your profile, it's still available in the public Merkle tree. If you like, on desktop, you can run
I think everyone is fine with this. We just don't want 100 bot users with Nazi icons and boobs as their icon filling up our "Followers" page and making everyone else think we're sexist Nazis.
No one is asking "Please modify the merkle tree path to allow for removal of hashes based on the quadratic formula of the hypotenus"
They are saying "get the boobs and nazis off my followers list." and the simplest way to do that is "allow me to hide my followers"
Why does hiding a UI element (not touching the backend, a user can still run the CLI command to see the list of all followers of any user) decrease the security of Keybase?
It doesn't. No argument against it.
Here's a good way to phrase it:
They can trick people into this, because unlike your hopes and dreams,,, 99% OF ONLOOKERS DON'T UNDERSTAND EVERY TINY FEATURE AND DETAIL OF HOW KEYBASE WORKS.
If they go on Twitter and see that X is followed by nazis, and is doing nothing (Twitter blocking removes followers) they will assume you are also a Nazi.
If they go on Keybase, they won't push their glasses up on their nose and say "oh yes, of course the followers section is actually just a commit hash to the merkle tree on the sigchain with the discombobulator and the high frequency capacitor-mabob"...... they will think the exact same thing as Twitter.
"oh hey, this guy is a Nazi too. Steer clear, ok."
Maybe a big compromise would be to add a big ugly warning directly above the followers and following pages saying "HEY, THIS IS NOT A SOCIAL MEDIA PLATFORM, AND FOLLOWING JUST MEANS THAT THEY DIGITALLY SIGNED A KEY OF THE FOLOWEE. ONLY USE FOR THE PURPOSE OF IDENTITY VERIFICATION AND DON'T READ INTO IT SOCIAL CONTEXTS."
But to be honest, even that warning would get ignored the second you said "digital signature".
And if you're just going to target devs, then nuke the UI. Make everything CLI only.
Closing your eyes and sticking your fingers in your ears does not mean there is no problem.
There are other ways of fixing it, sure. But just saying "followers must be public because security" when no one is saying to make the merkle tree private, they are saying remove them from the UI so that low-skilled recruiters who can't even create a pivot table can't just click on my keybase profile and immediately know all my coworkers.
If they can work the CLI and get the follower names that way, good for them, but at least by allowing us to remove them from the UI it will help lower the problem.
Sorry for getting heated, but repeating the same thing over and over is not resolving any problems.
At the very least we'd like recognition that the problem exists. Because it does.
It sounds like there are two user stories desired:
The former is "solved" by allowing someone to check a "don't show my followers" box somewhere, and the default client respects this.
The latter might actually be solveable: expose an evil bit, if you were, on the graph edge between myself and the person following me. If the evil bit is set, that person by default doesn't show up in my followers, or maybe shows up in a special section called: "People who follow this person, but this person really doesn't like the follower." (Perhaps 4 states? 0-->Undef, 1-->Close acquaintance, 2-->Acquaintance, 3-->Don't-Know-This-Follower, 4-->Actively-Dislike-This-Follower)
The hard part is figuring out the implications of that. As soon as the second feature is implemented, you'll get the next feature request of: "I'm getting followed by 300x bots and spammers a day, how can I filter them out without spending 5 minutes a day flagging them as evil?"