S P A M
Quick update on SPAM and UNSAVORIES on Keybase
Keybase has grown leaps and bounds in the last year. As a secure app it's become quite awesome - something we're truly proud of. That's the good news. But...sometimes the shit is attracted to the fly.
We mean people like Senior Inspector Veber from Poland:
Perhaps she has said hi to you, or promoted her hobbies: fish, fitness, and fiat. More likely, though, she's asked for money. She is a spammer. And her account is now locked out.
Where it comes from
Keybase allows access from VPN's, over TOR, and from Russian & Nigerian IP's. (Note: Nigeria actually is a huge source of spam and fake accounts on the Internet.) Some spam is coming from the US and Western Europe, but mostly not.
To be clear, the current spam volume isn't dire, YET. Keybase still works great. But we should act quickly.
Step 1: Lauching in the next few days
Our next app release will be early next week.
If you're contacted by someone you don't follow and with whom you haven't chatted before, you'll get a quick warning and the ability to block them and optionally report them in one click. You'll also be able to send Keybase admins the transcript of your chat -- something we obviously don't normally have access to, since keybase is end-to-end encrypted.
The design is still being tweaked, but you'll see something like this starting next week:
95% of the time, you will know this person. Dismissing the warning about chris is as simple as writing a message, clicking the wave 👋 button, or clicking the X in the corner. However, if you click block, you'll be faced with some nice actions. Here's the iOS version:
Reporting chris expands this menu:
What this gets us
First off, it lets YOU get rid of the person, so you never see them again. Second, it gets us a report so our admins can take swift action. This means you'll get less spam, because we'll have faster detection from other people's reports. But it also means you'll have something constructive to do, if any slips through.
This will be a huge improvement over the current situation: spam volume will likely drop 95%; when it does come through, it'll be a click to remove.
Coming from profiles
If you get followed by or stumble upon an unsavory type, and you'd like them to disappear, you can take similar actions from profiles:
Clicking "block" here gives you the same menu. If, for example, some loser follows you, you can block them from appearing in your follower list.
As a bonus, their profile pic will get covered in Poo.
In real life, they'll feel an unexplained pang of loss.
Step 2. And, finally, the NUCLEAR OPTION
For a long time we've debated a certain feature which some users have been arguing for.
In many ways this breaks Keybase's social features, but it may be the ideal option for:
- people who are magnets for negative attention (not their fault)
- work environments that require no outside contact
- really, really attractive people such as this person
So, in the next release, in about 4 weeks, everyone will start seeing this option in their chat settings:
[ ] Only let someone message me or add me to a team if...
Checking this option will expand a set of advanced options:
[x] I follow them, OR [x] I follow someone who follows them, OR [x] they're in one of these teams with me [x] celeb_vips [x] ceos [x] myproject.xyz [ ] keybasefriends (an open team) etc.
These options will create a custom walled-garden experience. It won't be necessary for most people -- especially after the blocking features launch -- but it will 100% shut down all unwanted contact. If you feel it applies to you or your project, thanks for your current patience as we get it working.
Development has already begun, and we're working quickly.
After all this...
We'll continue spending more time on spam and losers. For obvious reasons we don't talk about most of our admin work, but it's actually been non-zero for months.
This is a cat-and-mouse game, and Internet spammers are the cat feces. They'll harden with time, and we'll keep burying them.
That's it. More improvements soon.
Anything "open" team admins should know?
You'll be able to kick a user directly from their chat message. Also expect an option soon for making team joiners fill out a request form.
What about me?
Why blog about it before releasing?
People have been asking and assuming we weren't doing anything. The block project has been in our pipeline for a while, actually.
The Nuclear Option was only recently decided, based on user feedback.
Why didn't you do this sooner?
There were other things about Keybase holding it back far more than spam. We were working on those things.
I see a person on Keybase who's a member of QAnon/Right-wing-Club-X/Communists-Y/Bernie-Sanders-Club/American-Gun-Nuts-Inc/Whatever. I'm offended. Can you boot them? Or stop showing them as recommendations?
Nope. You can block them manually for yourself, although please don't report them, as it'll waste our time. We won't hide people in general for political or religious views that you find offensive. Hell, they probably find you offensive, and we won't boot you either.
Keybase is a private company and we do retain our rights to kick people out. That hammer will not be used because someone is mostly disliked, as long as they're playing nicely on Keybase.
What will you censor?
We will crush into a pulp any calls to violence.
This is a post on the Keybase blog.
- Keybase SSH
- Slack Security Incident for Keybase CEO
- Stellar wallets for all Keybase users
- Keybase ♥'s Mastodon, and how to get your site on Keybase
- Keybase is not softer than TOFU
- Cryptographic coin flipping, now in Keybase
- Keybase exploding messages and forward secrecy
- Keybase is now supported by the Stellar Development Foundation
- New Teams Features
- Keybase launches encrypted git
- Introducing Keybase Teams
- Abrupt Termination of Coinbase Support
- Introducing Keybase Chat
- Keybase chooses Zcash
- Keybase Filesystem Documents
- Keybase's New Key Model
- Keybase raises $10.8M
- The Horror of a 'Secure Golden Key'