Good on them! The rest of this comment is not actually applicable anymore and you should give Keybase Chat a try :)
Original comment:
-----------------
My biggest concern with it, however, is that the Keybase client is now frequently verifying all my contacts' proofs. Many of these verifications are for personal websites and are done over port 80 or involve DNS lookups that my contacts control.
This leaks a great deal of metadata over the network about who my contacts are, and makes it easy for a hostile network to determine who I am if I'm running the Keybase app.
I hope they decide on some sort of fix for this. They could at least not do verifications over insecure connections and arbitrary 3rd party DNS lookups without my explicit approval.
Edit: since I haven't been running Keybase for the past 2 weeks, I missed the fact that they disabled continuous background proof verification due to my concerns: https://github.com/keybase/keybase-issues/issues/2782#issuec...
Good on them! The rest of this comment is not actually applicable anymore and you should give Keybase Chat a try :)
Original comment:
-----------------
My biggest concern with it, however, is that the Keybase client is now frequently verifying all my contacts' proofs. Many of these verifications are for personal websites and are done over port 80 or involve DNS lookups that my contacts control.
This leaks a great deal of metadata over the network about who my contacts are, and makes it easy for a hostile network to determine who I am if I'm running the Keybase app.
I reported this on GitHub when I noticed it and have unfortunately not been regularly running the Keybase app since: https://github.com/keybase/keybase-issues/issues/2782
I hope they decide on some sort of fix for this. They could at least not do verifications over insecure connections and arbitrary 3rd party DNS lookups without my explicit approval.