Just last week, Keybase announced the alpha release of the Keybase application Apple operating systems. The Kaybase app makes it possible to share files in a cryptographically secure way.
Users can write data in an automatically created folder using the format ” /keybase/public/username. Files written in that folder are then signed automatically and appear as plain text files on computers.
Keybase claims that he way that the whole encryption process works prevents server-side and man-in-the-middle attacks, an issue that has become increasingly prevalent for private internet users and government agencies alike. The onslaught of cyberattacks of 2015 have only upper the tension of the cybersecurity and privacy vs. physical security and government surveillance debate.
In fact, the government is almost surely unhappy with the fact that more and more encrypted apps continue to proliferate in the Apple store and Google play. If the NSA had its way, there would be no smartphone encryption capabilities that weren’t built with a backdoor made specifically for government employees.
Of course, and as is often stated by tech company CEOs and engineers alike, no encryption can be made weak in a way that would only be useable for government employees. Weak encryption is weak encryption, and any man-made backdoors can and will be exploited by cyber terrorists and identity thefts. That’s why a lot of tech moguls are opposed to the idea; making a backdoor to their encryption methods is equivalent to devaluing the product that they release to the market and putting their hard-earned customers at risk.
Keybase files can be streamed in on command, but syncing as is done with Dropbox and Google drive will be impossible.
Shared folders are encrypted using keys specific to the device of the person sharing them, so the files can only be accessed from that physical device. If the device is lost, the private data is lost too. This may seem extreme, but there’s plenty of data holders that would likely prefer this to having their data leaked.
Unfortunately for privacy lovers, participation in the Keybase project is by invitation only. Its system “is a lot less complex than PGP keys and far harder to compromise, particularly with man-in-the-middle exploits,” was all Rob Enderle of the Enderle Group had to say about it. Sync products “are generally more convenient, particularly if you’re offline a lot,” he added.
“Smack-dab in the middle of a public Refit or… Twitter conversations you should be able to say, ‘Hey, I threw those gifs/libraries/whatever in our encrypted keybase folder,” he explained.
“When you track someone on Keybase, you sign a portable summary of their identity, as you saw and verified it,” he continued.
“I think enterprises will be interested in this, especially if it can be made somewhat more user-friendly,” commented Mike Jude, the program manager of Stratecast/Frost & Sullivan.
“I see it as a nifty way to encrypt business communications, where the point isn’t absolute security but only temporary security… defined by business needs.”