Thoughts on Keybase

[Mirimir]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/06/2015 08:29 PM, MFPA wrote:
> Hi
> 
> 
> On Wednesday 7 January 2015 at 2:14:43 AM, in
> <mid:54AC9693.2090402 at riseup.net>, Mirimir wrote:
> 
> 
> 
>> I also favor compartmentalization. But reading
>> <https://keybase.io/>, I don't see any requirement to
>> include all online identity information, provide
>> government-issued ID, etc, etc, etc.
> 
> Including more than one of your online identities on the same keybase
> profile damages the compartmentalisation between those identities.

Right. But including more than one seems more genuine, somehow ;) And
mostly I meant multiple accounts using a particular pseudonym, rather
than multiple pseudonyms.

> Would there be much point in having a separate keybase profile for
> each separate online identity? I guess it would have some value as a
> kind of surrogate keyserver. A quick look at a few random keybase
> profiles showed me some that had only a person's name and a link to a
> key. And one with no identity links at all but 20 trackers.

I wouldn't bother for most of them. But I do like having all Mirimir
stuff linked, with authenticated association to a key. I see it more as
an enhanced keyserver than as a surrogate.

>> I already use
>> Gravatar
>> <http://www.gravatar.com/avatar/2fb817d36499985e91e5778ed4a0c8b7.png>.
> 
> Does that mean Gravatar can track your activity (or popularity?)
> across all sites that fetch the image?

I'm sure that they could. But I don't care.

>> Wouldn't Keybase just better link all that to Mirimir's
>> GnuPG key?
> 
> If you favour compartmentalisation, wouldn't that be something to
> avoid?

Not at all, as long as it's just Mirimir stuff that's linked. Each of my
other pseudonyms has its own key, and its own set of accounts. But none
of them is active in the same circles as Mirimir. I don't play sock
puppet games.

>> Or am I missing the point? Is there an
>> expectation that Keybase usernames are not merely
>> pseudonyms?
> 
> I think it is that you *can* (rather than *must*) use your real name
> and photo and link it to your OpenPGP key and your other online
> presences.

We shall see if they give me an account :)

> People believe it really is *your* facebook page (or whatever), so
> they will believe it is *your* key.

Well, I don't do Facebook as Mirimir. But Wilders is arguably a geeky
equivalent thereof.

> Here is a review of Keybase I found:-
> 
> <http://www.coindesk.com/keybase-project-plans-make-cryptography-easy-twitter/>.

Cool.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBAgAGBQJUrLIgAAoJEGINZVEXwuQ+8DMH/1kQCyE9F+n4xq1TBDiIG1hS
a8AqCN2v3uuWU3+1iPZrnaT1aOR0Hauty6uq9pupEFOw3hb7VF8ZUV9+ksp9nUO2
RnvMEDFr0Bw1SIFUhGZhYcDM6cv7gBbvpVQ9rX6JyaaqbF6DY/dgfI9P+io+WFxu
3cPfNMAnf4VeGQvW+uL6WygHmy0dNHKw2S55kqyfEYMmpNw2xjiKMvk9Dz5mWxFG
kUeHVDsSjegVgto3DKX6E/0dTb66NxmX01HYxZ0UcSsR5gL/L7mAEnVJZtW/JcOT
xe1plqW0KhxP8yOYTmd3dpqTjnAQB/s7oMFrfIAu8RNOYmL3sFU837zbFgz6+FM=
=fVw9
-----END PGP SIGNATURE-----