> this is the main reason most people (including me) aren't using it.
Most people don't know what PGP/GPG is, probably know less than nothing (have misconceptions) about encryption, and don't even realize why a service like keybase.io would be helpful, much less that it exists.
What I love about this community is that there are people like aianus below who have early access to stuff like this, and being part of this community will engender them to help you. I like this service because people outside of this community will get involved after they work out the kinks. People getting invites are developers and tech-centric people who likely have other keys anyway and are testdriving the software.
The biggest way forward for keybase would be Facebook or Twitter allowing you to integrate your key into the service.
> it seems like I've been trying to get an account for years, now ;(
The keybase github account was created 2 years ago on sept 6 ;). Someone below will likely help you out if you email them.
It's actually a bad idea and parent post is right: they need to open it up to more people even if still limited or with a warning that features might change. The reason has to do with their goal of making something usable for widespread audience. Asking what GPG-loving techies and HN readers think about usability will not tell you if your grandmaw or average employee will find it usable. I remember the studies on PGP surprised cryptographers in that what they thought was understandable (esp icons) were really confusing to end users.
So, they need to go ahead and get a diverse audience to spot problems early on. For sure, they should stick to a patient audience that knows they're helping something evolve rather than using a finished product. Still need to broaden and diversify it, though. I'd start with the 10,000+ volunteers on that waiting list.
> Asking what GPG-loving techies and HN readers think about usability
Although, many of us do UX or appreciate and can accurately review it, they want the GPG-loving techies to evaluate their security and software. This isn't exactly a social network, you can't move fast and break stuff, and just push flaming builds and iterate. This has to launch to the public with bulletproof security. This is because in 3 years they want "Log in with Keybase.io" on every website instead of "Log in with Facebook" and they want secondary authentication for twitter and facebook to leverage their keys. So they have to convince people and those companies they have security pretty well figured out.
I understand where you are coming from and I would like it if they rolled out quickly. They could maybe even do it tomorrow, I don't actually know but so far it seems to work well. However, the public isn't really clamoring for this anyway, because they don't even know what it is. I was even surprised how old keys were. You can see elon musks e@x.com key from the early 90's on the MIT keyserver and some are much older than that. Not even everone on HN has keys I bet, so the public isn't as anxious as you or I might be ;). I hope they release soon though.
"they want the GPG-loving techies to evaluate their security and software."
"This has to launch to the public with bulletproof security."
How is merely using Keybase.io a security evaluation? It isn't. Security evaluation is all kinds of activities with specialized skill working on source, interfaces, debuggers and so on. You do that in parallel with testing of usability, performance, reliability, and so on. So, they need the security evaluations but also need users running it through paces for other reasons. They can and should do both.
"This isn't exactly a social network, you can't move fast and break stuff, and just push flaming builds and iterate."
Whose asking for that? I believe I said patient, filtered user-base that are clearly told it is a work in progress given to them for evaluation.
"I understand where you are coming from and I would like it if they rolled out quickly."
I'm not even asking for that. I'm just saying they need to seriously increase their user-base and with more non-technical, privacy-focused users. What input they're receiving before launch needs to be as diverse and representative of what they'll receive after launch. They can still cap the user count or be selective. Closed with 10,000+ person backlog or wide open in full production is a false dilemma. Heck, maybe even a room's worth of people from each likely demographic, skill level, target platform, and so on. Will help spot many issues coming from each before production.
"Not even everone on HN has keys I bet, so the public isn't as anxious as you or I might be ;)"
I should be clear that I'm not factoring in the general public at all: they'll continue using Facebook Messenger, etc for private communications because it's cool, convenient, cheap, whatever. I don't waste time trying to push privacy tech, esp key management, on the public any more past improvements to infrastructure or tools they already use. Strong security/privacy is and always was a niche. However, as Keybase's vision realizes, the niche is potentially larger than techies with GPG or stuff in keyservers: people who would use it if it was simpler & less technical at interface. So, I advocate they get more of that audience into their user-base for feedback.
Sorry mate, I was having a laugh with the social network bit, but I think we are both just saying the same thing. The product is in Alpha. It isn't ready yet. I just downloaded it and it says "This product is in Alpha". They will then move to private Beta then Beta then launch. So I think they will do what you are asking, but they are further behind.
I guess my point was that they have a really long release cycle because this is a security project. Regardless, I have 9 invites so I am considering allocating a few to some non-technical friends now to get their take.
"Sorry mate, I was having a laugh with the social network bit,"
I kind of got that. Picturing "move fast and break stuff" applied to security would be a hilarious concept. So long as it was the competition doing it. :)
"Regardless, I have 9 invites so I am considering allocating a few to some non-technical friends now to get their take."
Now that's a good idea. Might help so long as they're the kind of people that go through extra trouble for privacy or control of their data. You'll know it's the case if they ask "what is a" or "how do you" on something everyone assumed was obvious. If that moment doesn't come, the UX team was really good. ;)
Curious, how did you go from behind 12k people asking for an invite to having 9? I figured aianus got you one but nine is some progress in a short time. ;)
Chris Coyne (co-founder of keybase.io) seems to send them to new members. Unless he was on here, which is possible, I have no reason to suspect I received special treatment. It actually is fairly smart because you can grow your base by an order of magnitude and if you have set the culture of the people you invite, the site will blossom that way. I sent you an email to ask if you want an invite. If you get back to me I will send you one.
Most people don't know what PGP/GPG is, probably know less than nothing (have misconceptions) about encryption, and don't even realize why a service like keybase.io would be helpful, much less that it exists.
What I love about this community is that there are people like aianus below who have early access to stuff like this, and being part of this community will engender them to help you. I like this service because people outside of this community will get involved after they work out the kinks. People getting invites are developers and tech-centric people who likely have other keys anyway and are testdriving the software.
The biggest way forward for keybase would be Facebook or Twitter allowing you to integrate your key into the service.
> it seems like I've been trying to get an account for years, now ;(
The keybase github account was created 2 years ago on sept 6 ;). Someone below will likely help you out if you email them.
Thanks aianus. Appreciate the invite.