I used to be against this style of 'DRM' -- either analog hole (screenshot or physical camera) or client subversion (client logs all messages out of band forever); but I think I misunderstood the use case. This is about changing behaviours to be more ephemeral; An expectation that your messages are not there forever. In a world of "unlock your phone or arrest" these features are very important. Thanks for rolling this out KB
Nice, succinct response in the FAQ to those who don't care about privacy:
"I have nothing to hide"
Because no one is trying to hurt you
As I understand, Keybase chat is open-source? (https://github.com/keybase/client)
I don't have time to read through the code right now, but I'd love to hear how they implemented exploding messages with untrustworthy clients.
I've thought about it a few times before, and it seems one of the few places that closed software has an advantage - You can't easily force third-party clients to delete messages.
If they've solved that, I'm really interested to learn how it works!!
If you haven't done so already, try clicking on any of the text of the blog post.
You might be surprised, but for some people this feature can be life or death. My team has been actually waiting for Keybase to have this. We work in countries where some of us are regularly taken aside by the local police or armed forces and our phones are being checked to see if we have anything against the current government. We have to constantly make sure our communication has no traces. We'll be moving to Keybase very soon. Thank you for this!
As a security layperson my initial reaction was "how can cryptography help with expiring messages, once it's decrypted it's decrypted, that doesn't sound right", but I'm curious if I'm understanding correctly that this is actually two separate features: 1) clients voluntarily respecting "please delete this message at X time" and 2) forward secrecy. And Keybase has tied them together for UX reasons since people tend to not have an intuitive understanding of when they might want to use forward secrecy, but they always want it in the case of exploding messages.
Of course this is not to address the case where the recipient would take a screenshot. I still find disappearing messages useful to reduce attack surface if say, the phone gets taken away and unlocked by someone else, or a backup of it is found and restored on something else, or if the phone gets compromised at some point at least not all previous messages are exposed, etc. A useful feature, not meant to address scenarios or malicious recipients or previous compromised devices.
I had to stop using Keybase after this issue [1] cropped up: when you re-install your OS, you lose access to the "device" and have to provision a new one, even though the machine is the same, and even in possession of an uncompromised private key.
Apparently this happens a lot [2-7... probably more]. Unfortunately, this renders Keybase unusable for me because, even though I still have my private key, I cannot access my laptop's Keybase when I install it.
[1]: https://github.com/keybase/client/issues/3460#issuecomment-2...
[2]: https://github.com/keybase/client/issues/3559
[3]: https://github.com/keybase/keybase-issues/issues/1952
[4]: https://github.com/keybase/keybase-issues/issues/1985
[5]: https://github.com/keybase/client/issues/4260
> corporate messages
In this day and age, I do not advise this. Check with your company's compliance officer or corporate council before doing anything that is designed to remove evidence of communication.
Consider this:
I send an exploding message, set for 1 day, to Bob.
Bob checks his chat a week from now.
Does Bob get the message? Or has it already exploded?
This is like snapchat, they're offering something that they can't actually guarantee. Of course keybase users are going to be generally more knowledgeable than snapchat users and most will understand the limitations.
This very article shows you the problem with "features" like this.
You see that video demonstrating the feature? Notice how you can read the content of the message which was supposedly deleted?
I want all my data on the internet to explode after N days.
I keep asking for this. Google, Facebook, where is that feature?
click on some text in the article, it "explodes" :)
Can someone explain the FAQ item around "My team uses Telegram and I'm scared shitless."? I musta missed the joke
How does this differ from the existing "Message deletion/retention" feature that was present before this? Did the existing feature delete messages, but not keys? Is the old feature and the new feature combined, or are they still separate?
anyone care to expand on the practical applications/implications/threat model where this makes sense?
now that their is a exploding feature, can i finally explode this annoying notification about not providing my full name and description.
Hi everyone..I am trying to recover from a deceitful relationship and also trying to help people figure out if their partners are cheating or not..I am friends with the head of team of a hacking team..His investigation services include surveillance of a cheating spouse, partner, wife, husband, boyfriend or girlfriend,hacks from destroying data and evidence against you,changing school and university grades,increasing credit score,expunging your driving and criminal records to someone who is trying to blackmail you,he does random bank wire transfers and etc..He helped me hacked into my ex phone and find out he was cheating on me..If it wasn't for him,I would be in the dark still...Here's >>>>enriquehackdemon11at) gee mail (dot) C o M )>>>>..Tell your friends,family and loved ones to get in touch with him..He offers affordable rates, fast service and is highly confidentialā¦.enriquehackdemon11(at) gee mail (dot) C o M )
absolutly https://news.ycombinator.com and http://mawazo.tk
i found this two blogs http://mawazo.tk and http//cnn.com
very nice blog https://tinyurl.com/ybsu2vdw
hi
Exploding messages are a stupid gimmick that does not hold up to any nontrivial threat model. What's out there is out there. Clients programmed to throw away plain- and ciphertext can simply be modified to keep them. Is the intersection of the set of clueless fools and set of people who want to use strong encrypted chats really this large??
Anyone want to code
Please Kenbp49@gmail.com
Heard about this last week from a friend on the keybase team, happy to see it launch on time :) congrats!
Seriously, do we need a stupid animation and a silly-looking "ka-boom" image? It just comes across as trying too hard to be cute and ends up looking childish and stupid.
Author here. I'm seeing the same comment in 4 different places on here, worded with various amounts of hostility. I now wish I had addressed this in the FAQ on the post.
There's the suggestion that an exploding feature is worthless, given your partner can just take a screenshot or video of what you sent.
This suggestion is missing (1) that your relationship with a partner is disproportionately okay at the time you sent something (i.e., you trust them THEN) and (2) there's a whole different class of adversary who compromises your or your partners' devices in the future.
SnapChat, as far as I know, has none of the cryptographic implementation of Keybase. And yet it has likely protected hundreds of thousands of kids from severe bullying. Consider the teen girl who sends the goofy sexy pic to her boyfriend. Before the advent of exploding messages, he might've iMessaged or emailed that to a friend, just one friend, his best friend, out of pride. And that friend sent it to a few more, and so on. Not out of malice, but suddenly the whole school has seen her pic of god knows what and she literally wants to die. But with Snapchat, taking a screenshot is knowingly violating a social agreement. It's also violating the trust of his current girlfriend - everyone knows it's not okay to screenshot that shit. And the number of people who would do that is much tinier. Second, consider the far worse scenario: she dumps him a month later and until then he has been NiceGuy. But then he becomes r/niceguy, the guy who will look through the old pictures and spread them around.
Finally, let's not forget that your device can be compromised by loss, theft, or hackers, at any time. Exploding messages are gone when that happens.
People can be tricked, compelled, coerced, blackmailed, and hacked. Or just turn evil. All in the future. Which is what a timed message protects against. This is why Keybase is doing this. Paired with encryption it's quite powerful.