Usage

Source code

See also

Tor Support

The Keybase command-line client supports Tor. Of course anonymity is a fraught and subtle property. This document explains how to protect your identity with Tor and other Keybase features.

Prerequisite

To use the command-line client with Tor, you'll need the Tor SOCKS proxy running locally. See the Tor project's documentation for more information on how to set up a local Tor proxy.

A short demo

To enable Tor with the default options, just add the --tor-mode=leaky global command-line flag:

keybase --tor-mode=leaky id malgorithms@twitter

And you'll get an output like:

warn: Tor support is in alpha; please be careful and report any issues
info: ...checking identity proofs
✔ public key fingerprint: 94AA 3A5B DBD4 0EA5 49CA BAF9 FBC0 7D6A 9701 6CB3
✔ "malgorithms" on twitter: https://twitter.com/malgorithms/status/433640580220874754
✔ "malgorithms" on github: https://gist.github.com/8852373
✔ "malgorithms" on hackernews: https://news.ycombinator.com/user?id=malgorithms
✔ admin of keybase.io via HTTPS: https://keybase.io/.well-known/keybase.txt
✖ admin of the DNS zone for chriscoyne.com (failed with code 210: DNS isn't reliable over tor)
info: ✔ Wrote tracking info to local database
info: Success!

All network traffic is now protected via Tor, so the server or network eavesdroppers can't discern your IP adddress, but the server can still see your login credentials. This mode of operation is akin to Tor anonymity mode(3). It won't protect you from a Keybase server breach, but it will prevent your ISP (or any other nefarious network snoopers) from knowing you use Keybase.

Note that not everything worked in the above attempt to identify @malgorithms. The Keybase CLI didn't even bother checking DNS for chriscoyne.com because DNS and naked HTTP is inherently unreliable over Tor; relay nodes can make up whatever they want, and a malicious node can fake a proof.

Strict mode

If you want a higher level of privacy, you can ask for strict Tor mode, which will withhold all user-identifying information from the server, akin to Tor anonymity mode(1). For example, try this:

keybase --tor-mode=strict follow btcdrak@twitter

And you'll get an output like:

warn: In Tor mode: strict=true; proxy=localhost:9050
warn: Tor support is in alpha; please be careful and report any issues
warn: Tor strict mode: not syncing your profile with the server
info: ...checking identity proofs
✔ public key fingerprint: 20AA 7564 29A0 B9B9 5974 3F72 E1E4 B2A1 286B A323
✔ "btcdrak" on twitter: https://twitter.com/btcdrak/status/513395408845148160
✔ "btcdrak" on github: https://gist.github.com/e4435571fe4c7d55231b
✔ "btcdrak" on reddit: https://www.reddit.com/r/KeybaseProofs/comments/2gyyej/my_keybase_proof_redditbtcdrak_keybasebtcdrak/
Is this the btcdrak you wanted? [y/N] y
warn: Can't write tracking statement to server in strict Tor mode
info: ✔ Wrote tracking info to local database
info: Success!

Notice a few new things going on. In the third line of output, there's a warning that the client skipped syncing its local view of your profile with the server's. If it did, someone analyzing traffic on the server could correctly guess that a lookup of Alice directly followed by a lookup of Bob implies that Alice was following or ID'ing Bob. So the lookup of Alice is surpressed. Also note that the client doesn't offer to write a follower statement to the server, which would also divulge the user's identity. Instead, it just settles for writing following information to the local store.

Some commands won't work at all in strict mode. For instance, if you try to log-in afresh:

keybase logout
keybase --tor-mode=strict login

You'll get: ``` error: Cannot run this command in strict Tor mode ```

Web Support

As part of Tor support, we've also exposed https://keybase.io as a hidden address; this is a marginal improvement over standard anonymous Tor browsing, since your traffic need not traverse an exit node. Our hidden address is:

http://fncuwbiisyh6ak3i.onion

Note that the command-line client uses this hidden address internally, by default.