Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ability to hide followers and following. #11300

Open
hosseamin opened this issue Apr 8, 2018 · 18 comments
Open

Ability to hide followers and following. #11300

hosseamin opened this issue Apr 8, 2018 · 18 comments

Comments

@hosseamin
Copy link

@hosseamin hosseamin commented Apr 8, 2018

No description provided.

@5h4d0ww0lf

This comment has been minimized.

Copy link

@5h4d0ww0lf 5h4d0ww0lf commented Apr 9, 2018

The whole concept of that is that you show who you trust and who trust you. (You can follow locally if you want)

@hosseamin

This comment has been minimized.

Copy link
Author

@hosseamin hosseamin commented Apr 9, 2018

Then how about showing them to those who we trust?

@5h4d0ww0lf

This comment has been minimized.

Copy link

@5h4d0ww0lf 5h4d0ww0lf commented Apr 9, 2018

@hosseamin On your profile there is category followed and following so anybody can see who you follow and who follows you.

@hosseamin

This comment has been minimized.

Copy link
Author

@hosseamin hosseamin commented Apr 9, 2018

@5h4d0ww0lf I meant, How about implementing a feature so public cannot see these lists but those who I'm following can see?

@5h4d0ww0lf

This comment has been minimized.

Copy link

@5h4d0ww0lf 5h4d0ww0lf commented Apr 10, 2018

@hosseamin Why? What purpose will it have? When you follow someone the only purpose is saying I trust you and if you are unsure use keybase follow -l %user% for local following so your pc knows you trust them but it isnt public.

@dabura667

This comment has been minimized.

Copy link

@dabura667 dabura667 commented Apr 10, 2018

This issue is a repeat. Some really good arguements on how / why to implement it were raised.

  • I have a keybase
  • 500 Nazis on Keybase with swastikas follow me.
  • My profile page is covered in Nazi symbols

I should be able to hide their icons from showing on my page.

The client can verify all their signatures, no one asking to break the sigchain or anything.

Just merely asking for the ability to remove the icons/usernames of followers from my profile. You can still see it in the terminal if you reeeeeeally want.

@dabura667

This comment has been minimized.

Copy link

@dabura667 dabura667 commented Apr 10, 2018

A rebuttal to that was “wellll this is just a social construct of ‘ooh I’m sooo scaaaawed people will think I’m associated with other people that appear prominently on my profile under the word “follower””

To which the reply was:

Uhhhh, wasn’t the whole point of Keybase to enfuse SOCIAL media with public key cryptography? Saying the fear is invalid because no one will make social assumptions on social media is....... not a good argument.

I am for it.

But like I said. It’s a duplicate.

@chicagobuss

This comment has been minimized.

Copy link

@chicagobuss chicagobuss commented Feb 28, 2019

If following/followers can't be made private, recruiters will start using this sytstem to systematically find people who likely work together.

I totally understand people wanting to make their follower/following information private - it's a very valid request IMO.

@philovivero

This comment has been minimized.

Copy link

@philovivero philovivero commented Feb 28, 2019

"Follow" has a connotation in the real world as well as on Keybase. I should be able to quickly/easily categorise my "followers" into at least three categories:

  • This follower is someone I know (+like, +trust, etc)
  • This follower is a random I don't know (or don't trust?)
  • This follower is a harasser that I wish I didn't know (I have at least one of these myself)

That aside, making the social graph public has some problems as well, although it is central to Keybase functioning. So perhaps when I want to "follow" someone, we should both be able to temporarily expose our follower/follows list to ensure we are who we think we are, but when browsing publicly, only graph edges that we want exposed would be exposed?

@chicagobuss

This comment has been minimized.

Copy link

@chicagobuss chicagobuss commented Mar 3, 2019

But like I said. It’s a duplicate.

@dabura667 - can you link this to the duplicate?

@Visgean

This comment has been minimized.

Copy link

@Visgean Visgean commented Aug 17, 2019

Any progress? I don't want my social graph publicly exposed.

@Visgean

This comment has been minimized.

Copy link

@Visgean Visgean commented Aug 17, 2019

@heronhaye

This comment has been minimized.

Copy link
Contributor

@heronhaye heronhaye commented Aug 19, 2019

See https://keybase.io/docs/server_security/following. Follower information is public info by design, so even if you were to hide it on your profile, it's still available in the public Merkle tree. If you like, on desktop, you can run keybase follow --local someuser to follow someone privately.

@dabura667

This comment has been minimized.

Copy link

@dabura667 dabura667 commented Aug 21, 2019

@heronhaye

even if you were to hide it on your profile, it's still available in the public Merkle tree.

I think everyone is fine with this. We just don't want 100 bot users with Nazi icons and boobs as their icon filling up our "Followers" page and making everyone else think we're sexist Nazis.

No one is asking "Please modify the merkle tree path to allow for removal of hashes based on the quadratic formula of the hypotenus"

They are saying "get the boobs and nazis off my followers list." and the simplest way to do that is "allow me to hide my followers"

Why does hiding a UI element (not touching the backend, a user can still run the CLI command to see the list of all followers of any user) decrease the security of Keybase?

It doesn't. No argument against it.

@dabura667

This comment has been minimized.

Copy link

@dabura667 dabura667 commented Aug 21, 2019

Here's a good way to phrase it:

  1. Keybase's INTENDED use of following/followers is to make a statement "I trust these people, and hey look at all these people who trust me!"
  2. The actual usage in the wild by bots and spammers is to trick 3rd parties looking at YOUR page (not the bot's) into thinking that YOU are saying "Look, all these Nazis trust me, swastikas as faaar as the eye can see. Since I am not doing anything to block / remove them, you should know that I am also a Nazi sympathist"

They can trick people into this, because unlike your hopes and dreams,,, 99% OF ONLOOKERS DON'T UNDERSTAND EVERY TINY FEATURE AND DETAIL OF HOW KEYBASE WORKS.

If they go on Twitter and see that X is followed by nazis, and is doing nothing (Twitter blocking removes followers) they will assume you are also a Nazi.

If they go on Keybase, they won't push their glasses up on their nose and say "oh yes, of course the followers section is actually just a commit hash to the merkle tree on the sigchain with the discombobulator and the high frequency capacitor-mabob"...... they will think the exact same thing as Twitter.

"oh hey, this guy is a Nazi too. Steer clear, ok."

Maybe a big compromise would be to add a big ugly warning directly above the followers and following pages saying "HEY, THIS IS NOT A SOCIAL MEDIA PLATFORM, AND FOLLOWING JUST MEANS THAT THEY DIGITALLY SIGNED A KEY OF THE FOLOWEE. ONLY USE FOR THE PURPOSE OF IDENTITY VERIFICATION AND DON'T READ INTO IT SOCIAL CONTEXTS."

But to be honest, even that warning would get ignored the second you said "digital signature".

And if you're just going to target devs, then nuke the UI. Make everything CLI only.

Closing your eyes and sticking your fingers in your ears does not mean there is no problem.

There are other ways of fixing it, sure. But just saying "followers must be public because security" when no one is saying to make the merkle tree private, they are saying remove them from the UI so that low-skilled recruiters who can't even create a pivot table can't just click on my keybase profile and immediately know all my coworkers.

If they can work the CLI and get the follower names that way, good for them, but at least by allowing us to remove them from the UI it will help lower the problem.

Sorry for getting heated, but repeating the same thing over and over is not resolving any problems.

At the very least we'd like recognition that the problem exists. Because it does.

@philovivero

This comment has been minimized.

Copy link

@philovivero philovivero commented Aug 21, 2019

It sounds like there are two user stories desired:

  • Prevent non-technical users from seeing who follows me easily, because they want to figure out my social graph. Require them to at least get a non-default client that will expose the social graph before they can see it, if I've marked myself as a privacy-concious person, or who hates recruiters.
  • Prevent randos who don't understand Keybase at all from thinking people who follow me represent my political views.

The former is "solved" by allowing someone to check a "don't show my followers" box somewhere, and the default client respects this.

The latter might actually be solveable: expose an evil bit, if you were, on the graph edge between myself and the person following me. If the evil bit is set, that person by default doesn't show up in my followers, or maybe shows up in a special section called: "People who follow this person, but this person really doesn't like the follower." (Perhaps 4 states? 0-->Undef, 1-->Close acquaintance, 2-->Acquaintance, 3-->Don't-Know-This-Follower, 4-->Actively-Dislike-This-Follower)

The hard part is figuring out the implications of that. As soon as the second feature is implemented, you'll get the next feature request of: "I'm getting followed by 300x bots and spammers a day, how can I filter them out without spending 5 minutes a day flagging them as evil?"

@DYevseyev

This comment has been minimized.

Copy link

@DYevseyev DYevseyev commented Oct 5, 2019

I have just realized that this is a major flaw of keybase.
Please can we get the ability to hide followers and following from public view.
Wish we could fork to a code that had this in mind so that it is not recorded for all time.

@heronhaye

This comment has been minimized.

Copy link
Contributor

@heronhaye heronhaye commented Oct 7, 2019

Also, if you block a user on their profile (... -> Block), they won't show up in your followers list.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
8 participants
You can’t perform that action at this time.