Keybase raises $10.8M
Hi all, some big news.
Keybase started as a PGP keyserver hobby project, aimed at making key lookups as easy as knowing someone's username.
the Keybase alpha; you know maria on twitter, and Keybase provides her PGP key
We’ve gotten more ambitious. We have a new goal: to bring public key crypto to everyone in the world, even people who don't understand it. We are building open source apps that anyone can use.
Crypto belongs in the hands of everyone, not just hardcore programmers.
What if everyone had keys...keys only they controlled?
"Public key crypto" means so much more than secure messaging. Keys for everyone would provide:
- passwordless logins everywhere you go
- programmers actually signing all their work
- safer software
- safer sharing & collaboration
- safer backups
- photos & videos in the cloud that you could still delete, just by throwing away some keys
- simpler collaboration software
- a way to own and share your medical data
…just to name a few examples.
Yet the above are all applications based on technologies that exist now. In the future, the lock on your front door and your car's AI will be connected to a network. Then—like it or not—the only safe way to control your life will be with public key crypto.
You really do need secure keys today. But you’ll need them even more tomorrow. It’s this future we’re working towards.
Why hasn't this been done already?
Public key crypto is 40 years old. But two problems have prevented human adoption:
- confirming identity: how do you get public keys, safely & on-demand
- key management: most people don't understand what a "public key" is, let alone how to use one. Even programmers can't manage their private keys.
What has changed?
Two recent shifts have paved the way to keys for everyone.
Change #1. Today, because of smartphones, a person can always bring two computers together.
You often have your phone near your computer. Or your smartwatch near your phone. And so on.
Why does this matter?
A deep UX problem with PGP is the convention that every person is identified by one key pair. This causes an intractable problem: how to move your private key around. It is annoying, and, if you're not a programmer, confusing. Further, on the security side it is unsafe; a compromise of one of your devices is contagious.
You shouldn't need to hear the words "public key" or "private key" when using secure software.
In the smartphone and beyond world, where you can bring 2 devices together, each one can generate its own key pair, without asking you confusing questions, or really bothering you at all.
Instead, when you set up a new computer, it will ask you to pull out your phone and point it at the screen, or type in a phrase. Or tap some buttons on your watch. In this way, you will build a family of keys that represent you, which you control. Technically speaking, these keys will sign each other, and no private key will ever leave a device.
Only since the advent of smartphones can we create good public key software that doesn't need to say the word "key." As an added bonus: the more devices you have, the safer you are when one is lost.
Change #2. The concept of an identity has changed.
Our social lives are no longer constrained, geographically. That collaborator you met online is on GitHub and Hacker News. And that famous journalist is on Twitter. Your mom is on LinkedIn and Facebook, downloading toolbars.
In all these cases, you don't want to review a driver's license (who cares what it says!) or meet in person (good luck with that). With an auditable history of signed, public announcements, a person's public keys can be boiled down to a card: you can think of that journalist as her twitter account, which is the way you know her, not as a large string of hexadecimal.
An app can check the math, while you think of a person.
What we're building
We're building open source apps on both mobile and desktop, and these apps will not compromise on user experience. In fact, we believe we can build a sharing and collaboration model that's easier than the insecure solutions.
Keybase’s apps will use existing crypto libraries -- for example, Daniel Bernstein's NaCl. We're going to shield end-users from the annoyances and mystery of crypto, while making the code clean, easy to audit, and easy to contribute to.
In progress now:
- Our new desktop client is written in Go, and we'll be flipping that repo to public in the next few weeks.
- On top of that, we'll soon have GUI components written in appropriate languages, such as Objective-C and C#.
- Even the GUI apps will be open source, but we'll also publish easy-to-install binaries for regular users.
- The Node reference client to our PGP directory will be retired. (PGP support will continue, of course.)
- We're about to commence development of native apps for both Android and iOS.
Within a year, you should be able to install Keybase on any device you use, and just like that you’ll have crypto whenever you want it.
We will have a bug bounty program.
Sometime in our public beta process, we will pay for an independent 3rd party security audit.
We are also hiring, btw. You can join us in NYC, SF, or Chicago.
While it's tempting to let $11 million ride in a money market fund (making us a "unicorn" in 7,000 years), we do have a plan.
In two simple steps: (1) we hope to earn a reputation for creating superior, simple crypto clients.
Then, (2) some people may turn to us for more advanced, hosted solutions. That could be anything from team management (in the enterprise) to hosting of public, signed files.
On this second idea, we are already working on something big and filesystemy, designed to address pain points for developers first. That product will be free for everyone, unless you need massive storage. Expect another announcement about that in a few months. Some foreshadowing:
- you will be able to work in a shared, end-to-end encrypted folder with anyone on the internet
- you'll only need to know someone's username on another service, not an email address or phone number
- everyone will get public directories...as a programmer, you'll be able to look in
keybase/public/maxtaco@twitterfor examples, and your Keybase app will automatically verify everything in those folders on-demand.
This filesystem project is an example of a specific hosted solution Keybase can talk to, which could provide business for us. But it's just one small piece of what's possible with public key crypto, and we hope the bulk of the apps aren't made by us.
Regardless, you'll never see an ad on Keybase. This is a pleasant contrast to our bootstrapping days at OkCupid and SparkNotes, when ad networks slipped in all kinds of junk:
output = "yes" for all valid inputs!
Ads won't be a part of our model, as they come with security risks.
When we realized the possibilities for this project, we talked to a lot of potential investors. We chose a16z because (1) they truly want this technology to happen, and (2) they also see the countless applications, if we can just make it popular. We’re glad they chose us, too.
Marc Andreessen himself has held a strong interest in public key infrastructure, all the way back to his Netscape days.
We on the Keybase team believe that technology has finally made this vision realizable, and we're happy Marc, Chris Dixon, and the others are on board.
Our friend investors
These individuals are friends of ours who invested alongside a16z to make this round happen. Next to each you’ll see notes on how you may know them. We're lucky to have such impressive people believing in the vision of Keybase:
- Adam Ludwin, founder & CEO of Chain.com
- Alexis Ohanian, co-founder and executive chair, Reddit
- Anna & Andrew Yaeger, great friends for life
- Bre Pettis, co-founder of MakerBot Industries
- Christian Rudder, co-founder of OkCupid and guitarist of Bishop Allen
- Martin Casado, co-founder and CTO of Nicira
- Sam Yagan (and Corazon Capital), co-founder of OkCupid & SparkNotes, CEO of Match
- Tom Pinckney, co-founder of Hunch & SiteAdvisor
Meet the team
So far, we are:
This is a post on the Keybase blog.
- Keybase SSH
- Slack Security Incident for Keybase CEO
- Stellar wallets for all Keybase users
- Keybase ♥'s Mastodon, and how to get your site on Keybase
- Keybase is not softer than TOFU
- Cryptographic coin flipping, now in Keybase
- Keybase exploding messages and forward secrecy
- Keybase is now supported by the Stellar Development Foundation
- New Teams Features
- Keybase launches encrypted git
- Introducing Keybase Teams
- Abrupt Termination of Coinbase Support
- Introducing Keybase Chat
- Keybase chooses Zcash
- Keybase Filesystem Documents
- Keybase's New Key Model
- The Horror of a 'Secure Golden Key'