Open source the server components of Keybase #24105
Comments
|
Please! Very much please! |
|
This seems like an important step in Zoom retaining the value that they paid for in the Keybase acquisition. (admittedly, only Zoom know's what is best for Zoom's value) |
|
facts bro |
|
2020 strikes again, I’m really bummed because I have integrated keybase into my workflow heavily over the years. Back to rolling my own again. This one hurts. |
|
There should be "nothing to hide" regarding the server(s) implementation. I'd imagine the worry is that once technical users (probably the majority of the userbase) can self-host their own infrastructure, there's no need for a company to exist. That being said, I'd still happily pay a small monthly fee for a hosted server even under the circumstances of the acquisition. I'm still preparing to move my documents to another place though. And have been since Keybase became a day to day tool for me, since their business model, and thus any promise of sustainability, was always nonexistent. |
|
There would still be a demand for one central company that is the go-to place for those who don't want to set up their own server. Typically, one of the biggest drivers of demand for a "we host it for you" company like that is when organizations set it up themselves and then decide, after a period of time, that self-hosting isn't worth the trouble anymore. They become more likely to become customers when they know that they could, in principle, go to another vendor or host it themselves if absolutely necessary -- but if they're getting good service, they won't ever leave. So, +1. I hope Zoom makes the decision to open source the server code. I'm not privy to all the factors that went into their Keybase decision, but from what I can see from the outside, it would make a lot of business sense. |
|
A "feeling" in the keybase community is Zoom purchased keybase for all the smart crypto-nerds who wrote the platform to help them improve the security of the Zoom application + platform. This is all pure speculation though. (and somewhat based on the language at the end of the keybase blog post) Lets keep +1'ing this issue to show there is a lot of support in the keybase community for open sourcing the server components. If Zoom has good intentions, and are only interested in the skilled developers who wrote it... there is a chance they might agree to opening the server components. |
|
Zoom could achieve a big win here. |
ghost.org exists keybase server could exist too while still open sourcing the code |
I agree, many other open source businesses exist too. But I can imagine the angle would be that Keybase is a tech product for technical users. Still, I don't like the hassle of self-hosting and I'm sure many share the same sentiment and would prefer to pay for sustainability. |
|
A thought occurs: are there any unknowns that would prevent one from implementing their own backend by reverse engineering the API calls from the client? Seems doable, if Keybase itself don't disclose the source. |
@Southclaws Possibly, but why not just contribute to Matrix / Riot instead at that point? |
You're probably right there. I didn't consider that because I never used the chat features of Keybase, just the encrypted Git and filesystem integration. |
Because it is your next VC funded disappointment waiting to happen? |
This. I believe this is the most difficult thing to replicate, and I think it's what most people want to be open-sourced. The chat is a sad loss, but there are a lot of good alternatives out there for that. |
For one, it's entirely open source. But why do you say it's VC funded? From their site:
|
Because it is. Matrix is developed by a startup called New Vector which has already taken multiple rounds of VC money. The Matrix.org foundation is only for the development of the standard, the development on Riot and other software is done by the VC-backed New Vector. The way that Matrix is positioning itself as the 'meta-protocol', bridging other protocols, slowly gobbling different services and communities sure feels like EEE to me. |
|
+1!!!! If the server source is available, this will allow for a federated group of keybase servers to come up. I personally want to use this as the foundation for a community hosted cloud services project. The community already use keybase as the primary source of community chat and shared files with the foundation of provable ID for members. We would love to self-host this as a service in full for the group and help others do the same in a simple, easy to maintain way. |
|
If someone knowledgeable and private can please contact me that would like
to help and/or make a difference with this project I can help you help me
fix it I hope. I cannot find a good friend that believes me, in that, I
have a lot of control via a computer genius and his files. Sadly, he is no
longer with me, but was an important role in the future of ai...
On Thu, May 7, 2020 at 17:30 Dan Shields ***@***.***> wrote:
+1!!!!
If the server source is available, this will allow for a federated group
of keybase servers to come up. I personally want to use this as the
foundation for a community hosted cloud services project
<https://github.com/Cryptorado-Community/Cryptorado-Node>.
The community already use keybase as the primary source of community chat
and shared files with the foundation of provable ID for members. We would
love to self-host this as a service in full for the group and help others
do the same in a simple, easy to maintain way.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#24105 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AKVHKYQRQLKW5VJ5EYYN3X3RQMY7VANCNFSM4M3SFNEQ>
.
--
TAMARA NUTTER
|
Not true. All the server side software, and more generally any project under the matrix-org organisation on GitHub, is owned by the foundation, which isn't directed by New Vector. In fact, all the work New Vector employees do on these projects is donated to the foundation. Only Riot and Modular.im belong to New Vector. And even then, Riot's open source, anyone can host it outside of the riot.im domain, fork it, hack it. If New Vector was to take a wrong turn at some point in the future, it wouldn't mean people wouldn't have access to a Riot that didn't. |
FWIW some folks in the Matrix community are experimenting with Got over Matrix, which makes sense since the structure of a Matrix room (a DAG) isn't unlike the one of a Git repo |
|
Gitlab opens their backend and still has a stable business with steady revenue from support contracts. They offer private hosting solutions OR support for self-hosted solutions. Bitwarden also open sourced the backend, and uses signed certs to open up certain features to paying customers. "Front and Back open but still making money" is totally viable. Our company would totally do a support contract with a proxy for the CCP. But anything more than a support contract is a no go... This really hurts a lot. I personally liked this app, would have paid for it. Our company would have paid for it. It didn't have to be like this. Another example of governance ruining a good project. |
|
There's a possibility (and this is purely speculation by an outsider here) that Zoom is looking at the potential to add a potential Slack competitor to their portfolio to provide an all-encompassing solution for remote work... you get the team organization and chat, along with video conference. |
|
I don't have much to say that hasn't already been said. I totally understand why you all sold the company. I don't hold any ill-will for that. That said, I think the community would've been really appreciative if we'd gotten some assurance that Keybase as we know it is not going to go away. I hope this acquisition ends up like Microsoft's purchase of Github. Lots of outrage at the beginning; 6 months later, all is bliss. We love Keybase. Many of us would be willing to pay for it. Please do not kill it off. |
|
I just want a private end-to-end encrypted git |
|
@kallisti5 Take a look of www.Maskbook.com www.github.com/DimensionDev/Maskbook and our approach to do it in a much more server less way. |
|
Have to say I was very disappointed and deleted my families keybase accounts already. I hope they do open source this, but really can't see it happening. |
|
There is also a petition on change dot org about this if anyone wants to sign it. It might be worth a few clicks. |
|
The Russian message really put the trust level up a notch :P |
|
@gustavohmsilva Don't mind me, I'm just shitposting |
|
@notpushkin , Internet at it's finest! |
|
Shitposting in bug tracking comments is a great way to get the entire bug ignored and the ticket locked. Look at bug 82 in Android. Come on, folks, let's be professional about this. |
|
it's ded jim |
|
+1 |
|
I won't use keybase until everything is open-sourced. Even before it got bought by zoom. |
|
still closed source, hah |
|
Any timeline for this? Thanks |
|
@haneef95 I wouldn't hold my breath. I would keep an eye out for competitors though. The messaging stuff is handled by existing FOSS projects and we don't really need yet another cryptocurrency wallet, but having a profile of verified identities is a great concept that Keybase implemented very well. Currently the closest thing I've seen to a true competitor is Keyoxide but it's far from user friendly. |
|
@crimeminister funny you should say that, I came across it shortly after making my comment and it certainly looks very promising. Keybase without the bloat, or rather, what Keybase originally was. |
|
Sorry folks, it looks like Keybase is on bare minimum maintenance mode at this point. Just look at the commit graphs for the client...
That tells a pretty damning story about keybase's future and what Zoom is doing to the project. Without open sourcing the server side components (which seems unlikely at this point), keys.pub seems like the only viable alternative (minus a lot of the features people like) tldr; I wouldn't assume keybase is going to be around a year from now. Plan accordingly. |
|
Looking into Cryptomator for Encrypted folders |
|
Thanks @ftpmorph Will look into those. Could you advise as to which FOSS projects you're referring to please? |
|
@kallisti5 sadly I think you are most certainly correct. It seems Zoom bought Keybase for the people and has the engineers working solely on their own product. I don't think they care about Keybase. @haneef95 Keyoxide is the one I've seen growing in popularity recently, but it requires manual management of PGP keys; adding proofs as notations to your PGP key then reuploading it to a key server each time you make a change to the proofs you add. On the plus side, this method means you are not relying on Keyoxide itself - it is decentralised, and you are in full control of your private keys - but it is an absolute mess of a UX. If you like Keybase because of the ease of use, Keys.pub is a far more promising project and is much more closely aligned with Keybase. |
|
Thanks @ftpmorph Checking out both of them. I'm looking for File System integration that was in Keybase. Cryptomator seems to be a good option for that. It seems as though Keybase would've to be replaced by multiple applications! |
|
Look into Matrix for the chats, too. I think the only piece it's missing is social proofs, which isn't too hard to add I guess. |
Matrix is missing file sharing, and group file sharing. This was super handy to be honest for our open source 501(c)(3). Matrix is also pretty slow to sync, and the clients have varying support for formatting. Matrix definitely has a lot of potential, but even after 6 months of lack of updates by Zoom, keybase still shines in a lot of places. |
|
@kallisti5 I have found |
Matrix definitely supports file sharing, both in DMs and in group chats:
That's only true for initial syncs of huge accounts (i.e. accounts that are in a lot of big rooms) - so it should only impact a very small number of users and even for them once that first initial sync is done the client should only do incremental syncs which are fast enough. |
|
How can we non-techie Keybase fans help? I want to interface with Keybase for an app I want to have developers build, and it would be terrible to go through all the work trying to bring a laymen’s group to Keybase only to have it disappear. I feel a bit helpless with this situation. |
|
Please consider open sourcing the server portion of Keybase |
|
I'm not sure this will happen. While Keybase seemed like a user- and developer-friendly organization, Zoom seems like the opposite, if anything. Just like Zoom's behavior around security. Not community friendly. |
|
Who's up for writing a backend server? I can start a new project. |
|
https://github.com/dragonsblade/enigma-server Haven't added any code yet, but here's the project repository. Feel free to put ideas in here, or start your own repository and paste that in chat. |
What about a Martrix integration with syncthing? That should allow for a streamlined flow to select users and sync files using your syncthing backend (which can be launched automatically & be set to stop when idling for some time). I'm more keen on Wire getting federation setup nicely (which is in their plans). Plus their server is entirely FOSS & has k3 setup documentation. They're trying to hire a contractor to clean up the mobile app so it can be submitted into F-DROID. A bit unfortunate about the bulkiness of their mobile clients - but overall it seems great (with the ability to self host & use the main server - with federation & MLS coming). |
|
Great, but not sure if that means this is completed: https://gitlab.com/fdroid/rfp/-/issues/108#note_642137975 |
|
@dm17 the issue is in the "requests for packaging" repo, and I suppose that request is now fulfilled. |
and others
There's an uproar in keybase chat about the purchase of Keybase by Zoom.
Statements like this "Ultimately Keybase's future is in Zoom's hands, and we'll see where that takes us." scare the keybase community and will drive away the more technically minded user-base.
Please open source the server components to keybase.
While the Keybase client is open source, and handles all of the encryption + decryption, the server component that streams chats, file transfers, etc between users is not. Keybase will not function if Zoom shuts down the (currently closed source) server component.
This act will help ensure the long term stability of the keybase platform in-case keybase's future is bleak at Zoom.
The text was updated successfully, but these errors were encountered: