In response to the news that Keybase was acquired by Zoom
, I got an unsolicited email from a Keybase competitor called Cyph which I'd never heard of before. It seems they're looking through public PGP keys on Keybase and sending emails to the associated email address letting people know that they're somewhat of an alternative to Keybase.
The unsolicited nature of the communication is a little off-putting, but they say they haven't added me to any mailing list and will not contact me again if I ignore their email. But I figured I'd at least check out their blog post they linked to in the email and see what they were all about.
Here's a quote of and link to the blog post, which seems to contain most of the same information in the email I received, plus a little more:
One of our major competitors, Keybase, was acquired by Zoom last month.
Many Keybase users are now looking for alternatives as a result, primarily due to a lack of trust in the new ownership to maintain high privacy standards, as well as speculation that the service is now doomed to ultimately be shut down. However, no single solution has so far stood out from the crowd; instead, users are faced with the prospect of setting up a hodgepodge of independent solutions.
Keybase is great, but a full alternative is clearly needed. That’s why we’ve spent the past month building new features to make Cyph more of a direct replacement.
Cyph’s features and general architecture are similar in many ways to Keybase, plus/minus a few features:
- On the plus side, our features include voice/video calling (with group support), Bitcoin, and social networking (like Twitter, but all posts are signed + optionally encrypted for a subset of your contacts).
- On the minus side, Keybase offers some awesome niche features (like encrypted git repos) that we currently do not.
- And now, with our latest release, we’ve built out a set of PGP key management and utility features to make Cyph more immediately useful for users coming from Keybase.
Additionally, the architecture of Cyph yields some significant broader advantages:
- Full web support
- Whereas Keybase splits up its features between the web UI, the CLI, GPG, and the native apps, thanks to WebSign Cyph is able to provide a consistent experience across all platforms. The full functionality is available regardless of whether you use https://cyph.app or the desktop and mobile apps, with no need to worry about degraded security on the web.
- Automatic strong public key authentication for all users
- No need to verify keys or usernames out of band, meet up in person to compare fingerprints or “Safety Numbers”, etc.
- Quantum-resistant cryptography
- Post-quantum encryption, key exchange, and signing algorithms are used throughout the application (in combination with classical crypto such as elliptic curves). Whereas others are still planning long-term migrations to post-quantum crypto, Cyph was built with it in mind from the start, meaning that your private data is theoretically protected from future QC attacks today.
We encourage you to submit a response to our poll to vote on the missing features you’d like us to add. And if you’re a Keybase user, just include your username and email address to skip the line and get a free invite to the Cyph beta!
I also noticed that they're offering a "special offer for Keybase users: $100 Lifetime Platinum upgrade! (Usually $48/mo.) Adds 1 TB storage, BTC wallet, and more."
I'm not necessarily recommending Cyph since I have no real experience with them, but I it's worth looking into and I will be creating an account to see for myself how it works.