Flaws in keybase app kept chat3/6/2023 So it’s designed to cause widespread harm, the scale of which that could provoke a class action. What’s even more perverse is that non-delivery is not a rare event- it’s simply a matter of the recipient not running their junk software. So humans are actually composing messages that are silently black-holed! Nothing is more reckless and irresponsible than a messaging service that fails to deliver without telling the sender. Malice: Users who are wise enough to distrust the keybase server have no way to receive messages that are collected through the Keybase Chat mechanism.ĭeception: People who send messages using Keybase Chat are not given feedback on non-delivery. Malice: The login webform is coded as a pop-up to force users to disable their ad blockers. (Hence this article, which is out of reach for Jack O’Connor to censor) This censorship is the most malicious variety because it blocks other users from becoming aware of pitfalls in software that they have trusted. Malice: There are so many security bugs that keybase developer Jack O’Connor (“oconnor663”) is outright deleting some of the more embarrassing security-critical bug reports. SoftwareFreedom: The javascript on is non-free software (it fails the #LibreJS test). We may also automatically download to your computer or device new versions of the Software.” It’s no accident, they enforce it in the ToS that you agree to: “We may automatically check your version of the Software. This also means adding firejail sandboxing to that script will also be reversed. The overwriting is also silent, so some users will be unaware when their traffic becomes exposed. So users who try to patch the leaks by introducing torsocks wrappers in that script will learn who really owns that tool on the next upgrade or downgrade, when the script is overwritten. Malice: Keybase is designed to reverse users’ edits to the run_keybase script. This is in their privacy policy: “When you access or use the Service,we automatically collect and store information about your browsing habits and your use of the Service (“Usage Information”),including: a. This is not the usual DNS leak that Tor users are accustomed to, the connection itself takes place outside of the #Tor network. The tool actually surreptitiously phones home to the central server of Keybase, Inc. They simply call it an “app” on this page: but it’s actually a surreptitious server that runs continuously in the background as a daemon.ĭeception: Tor mode serves only to mislead users. Here are some of the issues:ĭeception: Their software is a server masquerading as a client app. The Keybase software and service are both littered with severe bugs that create a security and legal nightmare.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |