New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Zoom Buys Keybase
raindog308
Administrator, Veteran
in General
https://www.theregister.co.uk/2020/05/07/zoom_buys_keybase/
I had no idea Keybase was actually a company. I thought it was someone's pet project.
Given Zoom's track record on security, if you're using products from a security company they just bought...
Comments
Fuck
Really sucks, I'm gonna miss the encrypted group chats with ephemeral messages. Not sure of a good alternative besides signal but last time I used them their desktop app sucked. Would Matrix/Riot be any good?
These privacy-oriented startups can't be trusted.
Why do you say that? As far as I know keybase hasn't done anything wrong (besides selling out ofc haha).
Zoom has never been privacy oriented
One of the two things can happen.
Zoom gets improved
Keybase becomes Zoom(2)™
They could have hired the Keybase team for security/encryption upgrade or implementation of Keybase's protocol/algorithm (I don't know how these things work). Or, used algorithms created by Keybase or other developers; WhatsApp uses Signal's encryption protocol but they don't own Signal (Foundation).
In Keybase's blog post about Keybase "joining" Zoom, they say, "Ultimately Keybase's future is in Zoom's hands, and we'll see where that takes us. "
https://keybase.io/blog/keybase-joins-zoom
I'm sure Keybase users will be at least slightly worried about their data, which is now owned by Zoom.
I wish Keybase had Video Call option, and the encryption "idea" still there
But, Keybase have a "Crypto Wallet" function, and I hope any workers didn't try to steal any money from it,
Is that a joke?
Keybase is about as much about security as a cow is about nice garments.
I just had a closer look. Their main languages are go and coffeescript. Well noted, I forgive using coffeescript for browser related stuff - but I do not forgive having a prominent "proofs" section on github where I find "iced coffeescript" code; (a) there are no proofs, nothing even close to a proof, period, and (b) that "iced coffeescript" thingy is basically just a version of coffeescript with some 'await' convenience added.
As for go, don't get me started, let it suffice to clearly state that go is a fine language for some jobs like heavy IO jobs, but go is not a language that (serious) security professionals use.
My guess is that Keybase just happened to be the cheapest available thing to allow Zoom to create an illusion of security improvements.
I don't think there is much to worry about data on keybase. Keybase tries hard to open source their code and make transactions verifiable. There is minimal gain with high cost zoom may risk by trying to monetize it. Realistic threat would be that zoom would just shutdown Keybase that it is not profitable. RIP keybase
"Zoom kills Keybase"
It's very clear in the press release, they didn't even want to reassure anyone.
With no viable business model in sight and after the whole XLM debacle, the writing was on the wall anyway.
Clearly, you should immediately contact the NCC Group and inform them they are idiots with your thorough audit. I've never seen someone write so much without saying anything useful as you. You'd be known as "oh, it's that guy, again" in most work circles.
Why would I do that?
You are (as often) blathering without even the slightest idea of the topic. I'll explain it to you: NCC group renders a service - for payment. If they are asked to seriously check for flaws and vulnerabilities they'll do that. More often than not however such companies are asked to provide a "seal of quality" to make clueless idiots (hint, hint) believe that the "checked" product or service is safe/secure. NCC group, at least some of their engineers I presume, are not idiots. It's a simple question of delivering of what the client ordered and payed for.
The problem is that I couldn't possibly explain the reasoning beyond my post above because you obviously lack the ability to understand the relevant issues.
Funny though:
You are an idiot, plain and simple. Not because you don't know programming or software analysis and proofs of correctness, but because you are so utterly stupid that you even don't know the limits of your, pardon me, very limited mind.
TL;DR If you don't know how to make bread then shut up and don't explain to a baker how bread is made - and obtrusively at that.
Because you say shit like "Keybase is about as much about security as a cow is about nice garments" and then give some bullshit rant and declaring you know better than all. When pressed about serious security audit, you go on a fucking benchmark and intelligence rant and attack the integrity of professional security engineers
You're in the "IT security" field but don't trust companies doing the work you supposedly do? Hmm, what does that tell us? You're a joke.
No. Trying to say that you can't explain something because the other person lacks the ability makes you a certifiable cunt. Just think about anyone in your life, teachers, parents, politicians, whatever who said "I couldn't possibly explain the reasoning beyond my post above because you obviously lack the ability to understand the relevant issues" and you'd say to yourself, "Jesus, this guy is a stupid fucking cunt".
What the fuck does your shitty benchmark app have to do with this topic? Talk about going on a fucking rant.
Remember, I've already proven that your benchmark app is garbage and that you are sloppy and incompetent programmer who doesn't test or verify correct operation. I don't know why you'd bring up that embarrassment again. Just reminding me that I have no respect for your programming skills.
Trying to make it sound like you're an authority on security and that others are not makes you look really pathetic. I have no fucking idea what you actually do where you see little to no value in having code and technology audits. It's mind boggling the attitude and opinions you have contrary to a security professional.
Are you one of those "I'm an engineer because I put it in my title" or because you actually got a degree in engineering from a university? Because I know QA testers who would tell people they are "Lead test engineers" despite "Engineer" being a protected term in my province. That's just an example of unjustified title appropriation, I know you don't do QA.
Oh, Jesus Christ, you're a lead engineer! Do people have to report to you?! Of god, I pity those co-workers. I was pretty sure you worked alone because you'd just be a nightmare to work with in a team and you'd be more self-aware of your issues if you had professionals working with you to sort you out. Where am I "blindly trusting a "secure" tag"? All I did was point out an actual thorough technology audit and not some rant from a two bit wannabe security newbie with no credentials at all on a forum.
So, "You are an idiot... because you are so utterly stupid that you even don't know the limits of your... mind."
If you're going to call someone an idiot and stupid, don't be an idiot whiling do so. It makes you look stupid.
That doesn't even make sense. But that's par for the course for you. It's, "Don't tell Daddy how to fuck". You use WAYYY too many words to say absolute stupid shit.
Thanks for putting my assessment of you into words.
More than enough time wasted on you. Have a nice day.
Good job zoom. Deleted my account.