Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open source the server components of Keybase #24105

Open
kallisti5 opened this issue May 7, 2020 · 132 comments
Open

Open source the server components of Keybase #24105

kallisti5 opened this issue May 7, 2020 · 132 comments

Comments

@kallisti5
Copy link

@kallisti5 kallisti5 commented May 7, 2020

There's an uproar in keybase chat about the purchase of Keybase by Zoom.

Statements like this "Ultimately Keybase's future is in Zoom's hands, and we'll see where that takes us." scare the keybase community and will drive away the more technically minded user-base.

Please open source the server components to keybase.

While the Keybase client is open source, and handles all of the encryption + decryption, the server component that streams chats, file transfers, etc between users is not. Keybase will not function if Zoom shuts down the (currently closed source) server component.

This act will help ensure the long term stability of the keybase platform in-case keybase's future is bleak at Zoom.

@virtadpt
Copy link

@virtadpt virtadpt commented May 7, 2020

Please! Very much please!

@NewAlexandria
Copy link

@NewAlexandria NewAlexandria commented May 7, 2020

This seems like an important step in Zoom retaining the value that they paid for in the Keybase acquisition. (admittedly, only Zoom know's what is best for Zoom's value)

@Laphatize
Copy link

@Laphatize Laphatize commented May 7, 2020

facts bro

@aaronky
Copy link

@aaronky aaronky commented May 7, 2020

2020 strikes again, I’m really bummed because I have integrated keybase into my workflow heavily over the years.

Back to rolling my own again. This one hurts.

@Southclaws
Copy link

@Southclaws Southclaws commented May 7, 2020

There should be "nothing to hide" regarding the server(s) implementation. I'd imagine the worry is that once technical users (probably the majority of the userbase) can self-host their own infrastructure, there's no need for a company to exist.

That being said, I'd still happily pay a small monthly fee for a hosted server even under the circumstances of the acquisition. I'm still preparing to move my documents to another place though. And have been since Keybase became a day to day tool for me, since their business model, and thus any promise of sustainability, was always nonexistent.

@kfogel
Copy link

@kfogel kfogel commented May 7, 2020

There would still be a demand for one central company that is the go-to place for those who don't want to set up their own server. Typically, one of the biggest drivers of demand for a "we host it for you" company like that is when organizations set it up themselves and then decide, after a period of time, that self-hosting isn't worth the trouble anymore. They become more likely to become customers when they know that they could, in principle, go to another vendor or host it themselves if absolutely necessary -- but if they're getting good service, they won't ever leave.

So, +1. I hope Zoom makes the decision to open source the server code. I'm not privy to all the factors that went into their Keybase decision, but from what I can see from the outside, it would make a lot of business sense.

@kallisti5
Copy link
Author

@kallisti5 kallisti5 commented May 7, 2020

A "feeling" in the keybase community is Zoom purchased keybase for all the smart crypto-nerds who wrote the platform to help them improve the security of the Zoom application + platform. This is all pure speculation though. (and somewhat based on the language at the end of the keybase blog post)

Lets keep +1'ing this issue to show there is a lot of support in the keybase community for open sourcing the server components. If Zoom has good intentions, and are only interested in the skilled developers who wrote it... there is a chance they might agree to opening the server components.

@clord
Copy link

@clord clord commented May 7, 2020

Zoom could achieve a big win here.

@alexparker
Copy link

@alexparker alexparker commented May 7, 2020

There should be "nothing to hide" regarding the server(s) implementation. I'd imagine the worry is that once technical users (probably the majority of the userbase) can self-host their own infrastructure, there's no need for a company to exist.

That being said, I'd still happily pay a small monthly fee for a hosted server even under the circumstances of the acquisition. I'm still preparing to move my documents to another place though. And have been since Keybase became a day to day tool for me, since their business model, and thus any promise of sustainability, was always nonexistent.

ghost.org exists keybase server could exist too while still open sourcing the code

@Southclaws
Copy link

@Southclaws Southclaws commented May 7, 2020

ghost.org exists keybase server could exist too while still open sourcing the code

I agree, many other open source businesses exist too. But I can imagine the angle would be that Keybase is a tech product for technical users. Still, I don't like the hassle of self-hosting and I'm sure many share the same sentiment and would prefer to pay for sustainability.

@Southclaws
Copy link

@Southclaws Southclaws commented May 7, 2020

A thought occurs: are there any unknowns that would prevent one from implementing their own backend by reverse engineering the API calls from the client? Seems doable, if Keybase itself don't disclose the source.

@programmarchy
Copy link

@programmarchy programmarchy commented May 7, 2020

A thought occurs: are there any unknowns that would prevent one from implementing their own backend by reverse engineering the API calls from the client? Seems doable, if Keybase itself don't disclose the source.

@Southclaws Possibly, but why not just contribute to Matrix / Riot instead at that point?

@Southclaws
Copy link

@Southclaws Southclaws commented May 7, 2020

Possibly, but why not just contribute to Matrix / Riot instead at that point?

You're probably right there. I didn't consider that because I never used the chat features of Keybase, just the encrypted Git and filesystem integration.

@rscmbbng
Copy link

@rscmbbng rscmbbng commented May 7, 2020

@Southclaws Possibly, but why not just contribute to Matrix / Riot instead at that point?

Because it is your next VC funded disappointment waiting to happen?

@manuelvsousa
Copy link

@manuelvsousa manuelvsousa commented May 7, 2020

Possibly, but why not just contribute to Matrix / Riot instead at that point?

You're probably right there. I didn't consider that because I never used the chat features of Keybase, just the encrypted Git and filesystem integration.

This. I believe this is the most difficult thing to replicate, and I think it's what most people want to be open-sourced. The chat is a sad loss, but there are a lot of good alternatives out there for that.

@programmarchy
Copy link

@programmarchy programmarchy commented May 7, 2020

@Southclaws Possibly, but why not just contribute to Matrix / Riot instead at that point?

Because it is your next VC funded disappointment waiting to happen?

For one, it's entirely open source. But why do you say it's VC funded? From their site:

The Matrix.org Foundation is a non-profit UK Community Interest Company, incorporated to act as the neutral guardian of the standard on behalf of the whole Matrix community. It is an open initiative which acts as a neutral and independent custodian of the Matrix standard.

@rscmbbng
Copy link

@rscmbbng rscmbbng commented May 7, 2020

For one, it's entirely open source. But why do you say it's VC funded?

Because it is. Matrix is developed by a startup called New Vector which has already taken multiple rounds of VC money. The Matrix.org foundation is only for the development of the standard, the development on Riot and other software is done by the VC-backed New Vector. The way that Matrix is positioning itself as the 'meta-protocol', bridging other protocols, slowly gobbling different services and communities sure feels like EEE to me.

@NukeManDan
Copy link

@NukeManDan NukeManDan commented May 7, 2020

+1!!!!

If the server source is available, this will allow for a federated group of keybase servers to come up. I personally want to use this as the foundation for a community hosted cloud services project.

The community already use keybase as the primary source of community chat and shared files with the foundation of provable ID for members. We would love to self-host this as a service in full for the group and help others do the same in a simple, easy to maintain way.

@Camorandj
Copy link

@Camorandj Camorandj commented May 7, 2020

@babolivier
Copy link

@babolivier babolivier commented May 7, 2020

The Matrix.org foundation is only for the development of the standard, the development on Riot and other software is done by the VC-backed New Vector.

Not true. All the server side software, and more generally any project under the matrix-org organisation on GitHub, is owned by the foundation, which isn't directed by New Vector. In fact, all the work New Vector employees do on these projects is donated to the foundation. Only Riot and Modular.im belong to New Vector. And even then, Riot's open source, anyone can host it outside of the riot.im domain, fork it, hack it. If New Vector was to take a wrong turn at some point in the future, it wouldn't mean people wouldn't have access to a Riot that didn't.

@babolivier
Copy link

@babolivier babolivier commented May 7, 2020

just the encrypted Git

FWIW some folks in the Matrix community are experimenting with Got over Matrix, which makes sense since the structure of a Matrix room (a DAG) isn't unlike the one of a Git repo 😛

@junderw
Copy link

@junderw junderw commented May 7, 2020

Gitlab opens their backend and still has a stable business with steady revenue from support contracts. They offer private hosting solutions OR support for self-hosted solutions.

Bitwarden also open sourced the backend, and uses signed certs to open up certain features to paying customers.

"Front and Back open but still making money" is totally viable.

Our company would totally do a support contract with a proxy for the CCP. But anything more than a support contract is a no go...

This really hurts a lot. I personally liked this app, would have paid for it. Our company would have paid for it.

It didn't have to be like this.

Another example of governance ruining a good project.

@ajgraves
Copy link

@ajgraves ajgraves commented May 8, 2020

There's a possibility (and this is purely speculation by an outsider here) that Zoom is looking at the potential to add a potential Slack competitor to their portfolio to provide an all-encompassing solution for remote work... you get the team organization and chat, along with video conference.

@jamesjulich
Copy link

@jamesjulich jamesjulich commented May 8, 2020

I don't have much to say that hasn't already been said. I totally understand why you all sold the company. I don't hold any ill-will for that. That said, I think the community would've been really appreciative if we'd gotten some assurance that Keybase as we know it is not going to go away.

I hope this acquisition ends up like Microsoft's purchase of Github. Lots of outrage at the beginning; 6 months later, all is bliss. We love Keybase. Many of us would be willing to pay for it. Please do not kill it off.

@lattice0
Copy link

@lattice0 lattice0 commented May 8, 2020

I just want a private end-to-end encrypted git

@Tedko
Copy link

@Tedko Tedko commented May 8, 2020

@kallisti5 Take a look of www.Maskbook.com www.github.com/DimensionDev/Maskbook and our approach to do it in a much more server less way.
But indeed many functionalities of keybase still require a server though

@mannp
Copy link

@mannp mannp commented May 8, 2020

Have to say I was very disappointed and deleted my families keybase accounts already.

I hope they do open source this, but really can't see it happening.

@Krahos
Copy link

@Krahos Krahos commented May 8, 2020

There is also a petition on change dot org about this if anyone wants to sign it. It might be worth a few clicks.

@gustavohmsilva
Copy link

@gustavohmsilva gustavohmsilva commented Aug 27, 2020

The Russian message really put the trust level up a notch :P

@notpushkin
Copy link

@notpushkin notpushkin commented Aug 27, 2020

@gustavohmsilva Don't mind me, I'm just shitposting

@gustavohmsilva
Copy link

@gustavohmsilva gustavohmsilva commented Aug 27, 2020

@notpushkin , Internet at it's finest!

@virtadpt
Copy link

@virtadpt virtadpt commented Aug 27, 2020

Shitposting in bug tracking comments is a great way to get the entire bug ignored and the ticket locked. Look at bug 82 in Android. Come on, folks, let's be professional about this.

@ucodelukas
Copy link

@ucodelukas ucodelukas commented Aug 27, 2020

it's ded jim

@StygianBlues
Copy link

@StygianBlues StygianBlues commented Aug 29, 2020

+1

@reesericci
Copy link

@reesericci reesericci commented Sep 10, 2020

I won't use keybase until everything is open-sourced. Even before it got bought by zoom.

@ucodelukas
Copy link

@ucodelukas ucodelukas commented Nov 16, 2020

still closed source, hah

@haneef95
Copy link

@haneef95 haneef95 commented Jan 30, 2021

Any timeline for this?

Thanks

@ftpmorph
Copy link

@ftpmorph ftpmorph commented Feb 2, 2021

@haneef95 I wouldn't hold my breath. I would keep an eye out for competitors though. The messaging stuff is handled by existing FOSS projects and we don't really need yet another cryptocurrency wallet, but having a profile of verified identities is a great concept that Keybase implemented very well.

Currently the closest thing I've seen to a true competitor is Keyoxide but it's far from user friendly.

@crimeminister
Copy link

@crimeminister crimeminister commented Feb 2, 2021

@ftpmorph You might find keys.pub of interest.

@ftpmorph
Copy link

@ftpmorph ftpmorph commented Feb 2, 2021

@crimeminister funny you should say that, I came across it shortly after making my comment and it certainly looks very promising. Keybase without the bloat, or rather, what Keybase originally was.

@kallisti5
Copy link
Author

@kallisti5 kallisti5 commented Feb 2, 2021

Sorry folks, it looks like Keybase is on bare minimum maintenance mode at this point. Just look at the commit graphs for the client...

keybase

That tells a pretty damning story about keybase's future and what Zoom is doing to the project.

Without open sourcing the server side components (which seems unlikely at this point), keys.pub seems like the only viable alternative (minus a lot of the features people like)

tldr; I wouldn't assume keybase is going to be around a year from now. Plan accordingly.

@haneef95
Copy link

@haneef95 haneef95 commented Feb 2, 2021

Looking into Cryptomator for Encrypted folders

@haneef95
Copy link

@haneef95 haneef95 commented Feb 2, 2021

Thanks @ftpmorph

Will look into those.

Could you advise as to which FOSS projects you're referring to please?

@ftpmorph
Copy link

@ftpmorph ftpmorph commented Feb 2, 2021

@kallisti5 sadly I think you are most certainly correct. It seems Zoom bought Keybase for the people and has the engineers working solely on their own product. I don't think they care about Keybase.

@haneef95 Keyoxide is the one I've seen growing in popularity recently, but it requires manual management of PGP keys; adding proofs as notations to your PGP key then reuploading it to a key server each time you make a change to the proofs you add. On the plus side, this method means you are not relying on Keyoxide itself - it is decentralised, and you are in full control of your private keys - but it is an absolute mess of a UX.

If you like Keybase because of the ease of use, Keys.pub is a far more promising project and is much more closely aligned with Keybase.

@haneef95
Copy link

@haneef95 haneef95 commented Feb 3, 2021

Thanks @ftpmorph

Checking out both of them. I'm looking for File System integration that was in Keybase.

Cryptomator seems to be a good option for that.

It seems as though Keybase would've to be replaced by multiple applications!

@notpushkin
Copy link

@notpushkin notpushkin commented Feb 3, 2021

Look into Matrix for the chats, too. I think the only piece it's missing is social proofs, which isn't too hard to add I guess.

@kallisti5
Copy link
Author

@kallisti5 kallisti5 commented Feb 5, 2021

Look into Matrix for the chats, too. I think the only piece it's missing is social proofs, which isn't too hard to add I guess.

Matrix is missing file sharing, and group file sharing. This was super handy to be honest for our open source 501(c)(3). Matrix is also pretty slow to sync, and the clients have varying support for formatting.

Matrix definitely has a lot of potential, but even after 6 months of lack of updates by Zoom, keybase still shines in a lot of places.

@crimeminister
Copy link

@crimeminister crimeminister commented Feb 5, 2021

@kallisti5 I have found syncthing a pretty good solution for some file sharing needs, though it's not as easy and automagical as you get from integration in the messaging application itself.

@babolivier
Copy link

@babolivier babolivier commented Feb 15, 2021

@kallisti5

Matrix is missing file sharing, and group file sharing.

Matrix definitely supports file sharing, both in DMs and in group chats:

Matrix is also pretty slow to sync

That's only true for initial syncs of huge accounts (i.e. accounts that are in a lot of big rooms) - so it should only impact a very small number of users and even for them once that first initial sync is done the client should only do incremental syncs which are fast enough.

@legacygold
Copy link

@legacygold legacygold commented Sep 12, 2021

How can we non-techie Keybase fans help? I want to interface with Keybase for an app I want to have developers build, and it would be terrible to go through all the work trying to bring a laymen’s group to Keybase only to have it disappear. I feel a bit helpless with this situation.

@georgebaily
Copy link

@georgebaily georgebaily commented Oct 15, 2021

Please consider open sourcing the server portion of Keybase

@huyz
Copy link

@huyz huyz commented Oct 17, 2021

I'm not sure this will happen. While Keybase seemed like a user- and developer-friendly organization, Zoom seems like the opposite, if anything. Just like Zoom's behavior around security. Not community friendly.

@ghost
Copy link

@ghost ghost commented Oct 18, 2021

Who's up for writing a backend server? I can start a new project.

@ghost
Copy link

@ghost ghost commented Oct 20, 2021

https://github.com/dragonsblade/enigma-server Haven't added any code yet, but here's the project repository. Feel free to put ideas in here, or start your own repository and paste that in chat.

@dm17
Copy link

@dm17 dm17 commented Dec 16, 2021

Look into Matrix for the chats, too. I think the only piece it's missing is social proofs, which isn't too hard to add I guess.

Matrix is missing file sharing, and group file sharing. This was super handy to be honest for our open source 501(c)(3). Matrix is also pretty slow to sync, and the clients have varying support for formatting.

Matrix definitely has a lot of potential, but even after 6 months of lack of updates by Zoom, keybase still shines in a lot of places.

What about a Martrix integration with syncthing? That should allow for a streamlined flow to select users and sync files using your syncthing backend (which can be launched automatically & be set to stop when idling for some time).

I'm more keen on Wire getting federation setup nicely (which is in their plans). Plus their server is entirely FOSS & has k3 setup documentation. They're trying to hire a contractor to clean up the mobile app so it can be submitted into F-DROID. A bit unfortunate about the bulkiness of their mobile clients - but overall it seems great (with the ability to self host & use the main server - with federation & MLS coming).

@selurvedu
Copy link

@selurvedu selurvedu commented Dec 16, 2021

@dm17

They're trying to hire a contractor to clean up the mobile app so it can be submitted into F-DROID.

https://f-droid.org/packages/com.wire

@dm17
Copy link

@dm17 dm17 commented Dec 16, 2021

@dm17

They're trying to hire a contractor to clean up the mobile app so it can be submitted into F-DROID.

https://f-droid.org/packages/com.wire

Great, but not sure if that means this is completed: https://gitlab.com/fdroid/rfp/-/issues/108#note_642137975

@selurvedu
Copy link

@selurvedu selurvedu commented Dec 16, 2021

@dm17 the issue is in the "requests for packaging" repo, and I suppose that request is now fulfilled.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests