With the recent security issue, many people recommend as alternative. Personally however, I certainly prefer products that own their security issues: And I'm not the only one who made such experience with the Keybase team.

@WPalant having used Keybase a lot and still using it - the clients are garbage and instead of adding simple features (and not accepting PRs for them) they add things no one will ever ask for like an irrelevant crypto currency.

I would basically recommend email and letting Google read it before bringing another person on the platform

@fallenhitokiri Sadly, email is broken for anything even remotely private. So crypto messengers have their place - if only we had some better choices.

So far I settled on . While being far from perfect, it does the job. has some appeal not having accounts bound to phone numbers, but with a paid-for client I'm afraid that I won't find anybody else willing to communicate through it. All other solutions I'm aware of have significant issues.

@WPalant email is insecure, but depending on the privacy level I'm more comfortable with email than some messengers out there. At least I don't have a false sense of security.

I am currently on Signal as well. Sucks that I can add a desktop but not a second phone. Super inconvenient, but otherwise works.

I gave up on Threema for this exact reason. I paid for it and the only other two people who did can now chat with me.

@fallenhitokiri @WPalant Yes, threema is not free. And those, who don't realise, that there is no free lunch, actually paid with their data and privacy. Its only seems to be free, but it is not. Have you tried to convince your friends for self-hosted #xmpp or #matrix? At least there are free clients for the both protocols.

@ludman1 @WPalant
So... Meaningless platitudes and the suggestion for something that adds a whole new layer of complexity and adds far more cost? Guess why we are where we are right now.

@WPalant It is just the app, right? I only use keybase to prove what accounts are mine.

@kashire I never checked out their app. This particular issue was in the browser extension. And it wasn't a big one - merely the response from the team is highly problematic and raises questions about their general approach to security.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.