Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Keybase Alternatives?
726 points by capableweb on May 7, 2020 | hide | past | favorite | 228 comments
Since Keybase is being acquired by Zoom (see https://news.ycombinator.com/item?id=23102430), it would be lazy to not start looking at alternatives already

I myself mostly use the following features from Keybase: Chat, KBFS, Git repositories and encrypting messages sent out-of-band via PGP in Keybase (and the various cryptographic tools [signing, validation etc])

What alternatives have the features outlined above, but are ideally either FOSS or at least not run by a for-profit company? I mainly used Keybase to make using those features easier, so please don't suggest the cli of gnupgp (or similar) as alternatives.




> I myself mostly use the following features from Keybase: Chat, KBFS, Git repositories and encrypting messages sent out-of-band via PGP in Keybase (and the various cryptographic tools [signing, validation etc])

While all these features are individually nice, I kinda started to worry about Keybase as a product when they started bolting on stuff like this.

I think the key (pun intended) to stable & ongoing success in this space is to focus on doing one thing well. Keybase was incepted as a service for signing & validation. There's currently https://keys.pub for that. I'd be interested to hear if there's others.

For chat, there's a lot of competitors to choose from. I like Riot.im.

For KBFS, Tresorit has been mentioned. I signed up, but haven't been super impressed with their clients yet. I'm not sure what better options are out there.


The key differentiator of Keybase (at least back when I joined during early alpha) is that it links identities across different web properties, so that one can easily find someone’s personal site(s) or profiles on other platforms with cryptographic certainty.

AFIACT this crucial aspect is missing from keys.pub.


> easily find someone’s personal site(s) or profiles on other platforms with cryptographic certainty

I always thought it was meant the other way around: if you know someone from HN, you just have to look them up on Keybase and you can talk to them.


I wasn't familiar with this acronym, so I looked it up. AFAICT = As Far As I Can Tell. You switched two letters.


I missed that on the first read, and you reminded me on the concept called typoglycemia, which I did noy know until just now was actually an urban legend meme that apparently is true enough: https://en.m.wikipedia.org/wiki/Typoglycemia


I feel like they were making a general secure E2E 'corporate team software' kit, with a focus on software dev. Storage, chat, git, etc. But then they forgot to charge money :(

For corps especially, they want to be able to pay money so they can get support and SLAs. But keybase files have always had somewhat bad performance and undefined storage limits, so you couldn't rely on it as a company. It was always the biggest confusion point about keybase for me. If keybase charged money, would they have been more successful?

The social network / device & key management stuff they started with I considered their original startup idea that they pivoted from.


Agreed. I was really impressed with the software quality for an all-FOSS team, but it wasn't quite good enough for enterprise, and without charging money it won't ever happen.

I wonder what if any features besides for the core crypto code Zoom will try to adapt. They are after all a rapidly growing enterprise app and I could see chat or file sharing being added.


> and without charging money it won't ever happen

they got to do some pretty cool stuff and just exited pretty nicely joining a company that is on the rise. I'd say that's a success. Being in the field that's pretty much what I wish I could do whenever I'll start a startup.


None of these really worried me.

The Stellar airdrop was my "oh shit" moment.


"Going crypto" is the new 'jumping the shark'.


Then again "crypto" is what Keybase is all about.


I can picture them being "OK I want to implement some cool cryptography stuff right now, what about a cryptocurrency wallet? Like that we can even get some funding".

Honestly I would have done the same stuff, I don't see why people are mad, it doesn't make the product less good.


These worried me. Then the airdrop panicked me! :)


This, and not adding 2FA of any kind on the website.


On Tresorit side, I've been with them for many years (when they were just starting out they were decently generous on free allowances and gatherfathered across).

Client is so-so (more stable than KBFS to be honest) but the service is very costly and I would rather a BYOB (bring your own backend) approach using some other product...


HN discussion about https://keys.pub from two weeks ago:

https://news.ycombinator.com/item?id=22995792


> when they started bolting on stuff like this

I was not necessarily worried, but it's true that it's nice to have a tool that does a few simple things. keys.pub looks like it's doing this.


I think the only complete alternative is to successfully persuade the Keybase team to release their server code under an open source license. Their client is already open source.

https://github.com/keybase

The only other alternative is a mishmash of multiple apps that each do part of what Keybase does.


Recent github issue opened for this -> https://github.com/keybase/client/issues/24105


That would be really great, but feels like very unlikely as well. If they could open source it, why didn't they do it before?


Probably, because it provided them with more likely paths to monetization having everyone dependent on their server infrastructure. An argument could be made that if Zoom wants to build positive equity with the security community then open sourcing the Keybase server might be a good way to do that.


The only positive Zoom is interested in is the rate of growth in their bank account.


Partly b/c when Keybase was in due dilligence with Zoom they wouldn’t make any major decisions like that.

Now that the deal is done and appears to have been primarily an acquihire focused on adding E2E to Zoom, Keybase may be low enough priority for Zoom that open sourcing it is a viable option now.

Eg, it doesn’t sound like Zoom wants to allocate any dev time to Keybase, wants to stay focused on Zoom, and probably can’t sell Keybase without its developer team who are all working on Zoom now. So hopefully they’ll just open source it and let the community take over.


I'm not seeing much mention in this thread of the cryptographically-linked identities feature of Keybase, i.e. where you can link your Website, Twitter, Reddit, HN, etc.

As far as I know, that was Keybase's initial offering, which they then built on top of to create a full suite of applications.

Although to play the Devil's advocate - while the feature is cool and implemented nicely, I doubt that many people actually use it beyond the novelty factor.


I've had one person use it to find me after a conference, confirm my various online identities (he only had one handle to work with), and contact me securely.

That leadededededed to paying work, so it was important even if it only happened one time.


> That lead to paying work

Typo: it should be “led”, not “lead”


typo corrected, thanks!!


: )


Hi, I'm developing Bloom[0] which is an entirely FOSS encrypted[1] and offline-first (but with multi-devices sync!) productivity app which features Files, contacts, calendar and notes. So no chat nor Git, but everything else :)

If you are interested in joining the (coming soon) beta, feel free to contact me: https://bloom.sh/contact

[0] https://gitlab.com/bloom42/bloom

[1] https://gitlab.com/bloom42/bloom/-/wikis/security


am I right that it's Google apps FOSS alternatives?


Yes :) I launched it last June but it was a webApp. Time have passed and the project has switched to native apps to offer what Google (and the web) can't offer: offline first and end-to-end encryption.

So it offers the same services as Google, but with better (in my opinion) features.


can I get beta invite?


Nice, my only problem with it is that it's centralized.


Decentralization is my goal, but I need to do things in the right order and not fight 10 battles at 1 time. here is my plan to add decentralization:

* secure revenues with the hosted offering to assure the sustainability of the project

* Grow a community

* Work on decentralization

So it's "centralized" (it's not really a social app, so it's not really a problem) right now, but the goal is (the identity part) to be federated/p2p in 1 year


As a heavy Keybase user, this looks promising. Is the lack of chat a permanent decision, or is it just something that's planned for later?


Thank you!

Currently it's not planned because it's a lack of focus and I believe that the existing alternatives (Signal & Matrix) are really good.

Adding encrypted email is envisaged but it will be considered once the other features have reached stability (Email is such a mess...)


For encrypted email, maybe you could look for integration with something like mailpile.


Thank you For the hint! I will take a look


Since nobody's mentioned Wire, it's not a 1:1 alternative but it's close in terms of chat. I don't think any 1:1 alternative to KeyBase will rise up anytime soon, hosting git and files will be a bit to build up to.

Website:

https://wire.com/en/

Their backend is open source unlike KeyBase:

https://github.com/wireapp/wire-server


We've been using Wire in our company for a few years now, I can't say it's a great UX or bug-free, but it gets the job done and supports most things we want like being available on all platforms, key verification (proper e2ee, not like Keybase that trusts the server on first use), (group) calling and (group) video calling, audited, open source, sending files of course, timed/expiring messages, no need for a phone number upon registering... it's really quite complete if you're willing to put up with it being a sluggish web/electron client. Well, and the network effect: I wish more people were on it so that wouldn't be a barrier, but Keybase had the same issue there so this might be a good place for Keybase users to continue chatting.


Have to agree on the Wire clients being sluggish. I’ve seen this on all platforms I use (even on mobile). Otherwise it’s so nice to have something that doesn’t require a phone number and allows up to three accounts to be setup in a client for free users.


Wire is great on paper (and PowerPoint slides). Not on my machines.


I used it a few years ago and I thought the US was pretty good on iOS at least.


Handshake [1] is a great keybase alternative that doesn’t even rely on centralization. All information is verifiable with the blockchain acting as the root of trust.

[1] https://handshake.org


I thought Handshake was decentralized DNS server. Keybase is primarily a secure chat app. Does Handshake have chat, chat room, and team chat functionality too?


> Keybase is primarily a secure chat app.

It looks like keybase has morphed since I've last looked at it. I recall its primary function being that of a Web of Trust-like system for different public keys and addresses.

> Does Handshake have chat, chat room, and team chat functionality too?

That said, with additional tools, Handshake also improves end to end encryption services since you can actually place fingerprints/certificates on the blockchain so you can actually verify these instead of just 'hitting yes' like most people appear to do when using e2e chat applications.

As a bonus, it also improves web security since there are hundreds of actors who can generate 'valid' certificates today. This becomes impossible with Handshake.


> Keybase is primarily a secure chat app

I guess it depends on the user, but the key feature of Keybase (for me) is the web of trust I've built over the years now, and secondary is the features built on top of that web of trust.


>Keybase is primarily a secure chat app.

Isn't that chat pretty new in Keybase's history?


Just over three years.


I think Keybase pivoted to add more features besides the web of trust functionality. That said I think there's definitely potential in using Handshake as an identity solution. ie If I own my username on Handshake I can point github.username to my github, twitter.username to twitter, etc. It's pretty easy to do with redirects


Sorry, can't use that - it uses Node v10.


more context pls


It requires you to install a dead version of Node.js.


That’s cute.


Uncute. It's like POC in Production.


If you just want to share your public key safely, a .well-known directory on your domain works these days: https://wiki.gnupg.org/WKD


Just a quick note on WKD since I've been bitten by this a few days ago: as soon as you set it up, some people will start using your keys automatically, without even knowing it (eg. it seems that ProtonMail automatically uses keys found on a WKD to encrypt outgoing mails). While in itself it's not a bad idea, you'd better prepare for this to avoid looking stupid like me, when you receive a casual encrypted mail and you're not able to read it (my private keys are air-gapped and until now I only expected to receive PGP-encrypted mail if it was worth the effort to read it offline).


Using WKD is also a good way to solicit useless “security”-related emails from people running questionable automated scanners.


I think you confused this with security.txt standard. WKD is not enumerable (unless explicitly configured like that) so the issue doesn't exist.


That's why we can't have nice things :-(

As soon as something is well-known, it will be abused by spammers/scammers.


> ...when you receive a casual encrypted mail and you're not able to read it (my private keys are air-gapped...

Could you elaborate on why you put your public key in well-known and also how (and for what purposes) you use your air-gapped private key? As an average user, I’ve always been worried about private keys being stolen or lost.


I'm trying to get my public key available to others by more reliable sources than the traditional PKS, mostly because I'm signing git commits and Linux packages. I've an encryption key as well that I use to encrypt server backups, but I'm not expecting it to be used much for emails (actually, every single email I've received with sensible information was /not/ encrypted — people just don't understand / care).

Not all my private keys are air-gapped, but the encryption key is, since I don't need to decrypt my backups, and don't expect to receive encrypted email very often, so why take the risk? I have an old laptop which is not connected to any network and that I only use for this now: I plug the USB key with the private key, decrypt / sign whatever I need to and that's all. It takes me a lot of time, but I don't do that more than a few times every year.


Ah that's awesome! I've never heard of that before. Thank you!


Also GitHub supports https://github.com/<username>.keys


I think that's only ssh keys, not including gpg keys.


You can use https://github.com/<username>.gpg


There is a messy one-liner to get public gpg keys from Github but you have to call their API and parse the JSON response using `jq` or such.


And once age-tool.com is ready it'll happily encrypt to SSH keys ;-)


Thanks, this is really useful. I just used Keybase as a reliable location to store and share my public keys.


Scuttlebutt is an open source p2p gossip network (no central servers) that includes clients that implement chat, blogging, git and github replacements, Shamir's Secret sharing (splitting up a secret by encrypting it so that a number of your friends are needed to decrypt, via Dark Crystal [https://darkcrystal.pw/]), games and probably more that I am forgetting. You could easily place your public keys in your user profile.


Just looked in the repository, looks like there is an app for it on f-droid. Do you have experience with Manyverse / would you recommend it?

app https://f-droid.org/app/se.manyver / website https://www.manyver.se/


I've downloaded Manyverse from F-Droid so many times, hoping to finally use it for real...but I never could. I was particularly excited recently when an iOS app was released.

If you have a really close group of techy friends who don't mind hiccups and tinkering and don't mind a strictly non-private social medium, maybe it could work.

However, if you're trying to use it with normies, you might be disappointed. Private messages don't work at all, in my experience. Syncing with a pub server takes a couple of restarts, and there is no indicator in the GUI that any syncing is happening, so the user is left guessing.

I have nothing but respect for Andre Staltz and all the dedication and work that he and others have put into the app (and ecosystem) but, at least for me, it's just not quite there yet.


I'm only a recent user of SSB, many of the problems you describe seems related to the inherent nature of the protocol making it hard to onboard (ie. You almost always would need access to a pub to connect to the first few users).

On iOS you could try https://planetary.social/


Sad to hear but thanks for the info!


I mainly use it on my laptop only, I try and keep my cellphone free of distractions. For that it's been no worse than any other open source project, a few hiccups at time, some technical know how is useful.

I'd suggest downloading it with a few people that are all on the same wifi so that you can find each other, and perhaps set up a pub if you don't know someone that is already apart of the network, as bootstrapping is from nothing is slow going.


I tried looking up Dark Crystal, but the link doesn't work and neither does search results. Do you have any more into?


https://darkcrystal.pw


If anyone's looking for a fully open source, decentralized encrypted filesystem similar to KBFS, then checkout Peergos[1][2]. It's built on top of IPFS.

[1] https://book.peergos.org

[2] https://github.com/peergos/peergos

[disclaimer: Peergos founder]


I'm expecting Matrix/Riot has some of those like chat, and will develop some more.

And there'll be definitely alternatives, which is the beauty of FOSS.


I am also curious here. I have used and advocated strongly for Keybase with a couple of local government clients to send sensitive files back and forth (not sensitive in the sense of national security, but more to preserve privacy and store encrypted at rest).

But I want to get ahead of the concern that Keybase is now owned by a Chinese company, which instantly compromises it.

PGP is dead on arrival, since it's an overcomplicated mess.

Keybase felt like WireGuard for its use case, just dead simple and also secure.

Update: I just want to clarify that I am happy for the Keybase team. This is clearly an Aquihire meant to bolster Zoom's security talent. And as a Zoom user, I'm generally happy about this development. But there will definitely be a concern about them being acquired by a Chinese company.

Update #2: I thought about FooBarWidget and others' comments, and I'm going to alter my wording. Zoom isn't a Chinese company, but their development team has been entirely based in China all this time and there have been concerns about that (which are entirely legitimate for certain groups like governments, in my opinion), especially given their communications aren't e2e encrypted.


Zoom is not a Chinese company. The founder merely was born in China. He is US citizen.

I am very put off by this anti-China rhetoric. Everything that even has a remote connection to China is now under suspicion. This is madness.


Yeah, Zoom is a US based company. Yes, they have a development team in China. It is valid to be concerned about the Chinese government exercising control of some sort over the local development team to put in a backdoor, just as our government seems to want to do to US developed products. No politicians really seem to like encryption very much. This is an overall geopolitical risk not unique to Zoom. But Zoom is not a Chinese company, it falls under US jurisdiction. And sovereign security risks are not unique to Chinese companies. Just saying that Zoom needs to be treated with caution because it is a "Chinese company" is lazy and inaccurate, and incorrectly characterizes both Zoom and where that risk originates.


Yes, and I've clarified and fixed my originally badly described wording. I'll let Zoom describe this themselves.

From Zoom's S-1 [1]:

"In addition, we have a high concentration of research and development personnel in China, which could expose us to market scrutiny regarding the integrity of our solution or data security features. Any security compromise in our industry, whether actual or perceived, could harm our reputation, erode confidence in the effectiveness of our security measures, negatively affect our ability to attract new customers and hosts, cause existing customers to elect not to renew their subscriptions or subject us to third-party lawsuits, regulatory fines or other action or liability, which could harm our business."

[1] https://www.sec.gov/Archives/edgar/data/1585521/000119312519...


Thanks for clarifying that, and yes, Zoom's s-1 writers did a good job of laying it out. The risks are real, and presenting them in an incorrect way makes it easy for people to dismiss the risks when they shouldn't. If the times comes because they're a Chinese company, and you check and see that they're a delaware c corp founded by a US citizen headquartered in the US, that would lead you to discount that risk. Clarifying that the risk comes from the development team being in a country where the government is in a contentious trade relationship with the US with an authoritarian regime (especially if the dev team isn't in one of the special economic zones) helps highlight what the risk is and confirm that it is a real threat.


> Any publicized security compromise in our industry, whether actual or perceived, could harm our reputation...

FTFY


> It is valid to be concerned about the Chinese government exercising control of some sort over the local development team to put in a backdoor, just as our government seems to want to do to US developed products.

Chinese companies legally cannot refuse a government request for data. https://en.wikipedia.org/wiki/China_Internet_Security_Law

Comparing that with US/EU private sector protections is absurd.


I can't find your claim in the linked Wikipedia page. What section?


First section:

> It requires network operators to store select data within China and allows Chinese authorities to conduct spot-checks on a company's network operations.

More has been reported about the implications of the law:

> China’s National Intelligence Law from 2017 requires organizations and citizens to “support, assist and cooperate with the state intelligence work.”

https://www.cnbc.com/2019/03/05/huawei-would-have-to-give-da...


As others have pointed out, without rhetoric, over 700 Chinese nationals work for a couple of companies Zoom owns. Legal entities based in China. So, it's a China company and a US company. My wife works for an Indian/US company. It happens, and it's a thing.

The "rhetoric" of public opinion isn't always backed by logic, but it usually is backed by some good reason to be upset or irritated by the thing they (us in mass) are judging.

In this case, it's pretty clear that the Chinese government is acting divisively and is doing that either to protect itself (the leaders/their control) or the people (which is then implied they can't care for themselves or know better).

Either way, the route China (the govt.) has taken with business, politics, history, culture or whatever, is viewed less than desirable by Western culture. If you don't like the judgement, you can bitch about it or forget about it.

Not my horse, not my wagon. We've got bigger, oranger problems here.


Maybe not a Chinese company, but there's a lot of smoke around the question of control. Enough smoke to indicate fire?

Eg smoke: https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto...


> Zoom is not a Chinese company

So how do you call a company whose operations are more than 90% in China, employing Chinese engineers, under the supervision of the CCP? You may be technically right, on paper it's a "US company", but come on...


Agreed, this is a huge distraction that gives cover to bad domestic policy and surveillance over-reach.


Errr what?

Their development team is entirely based out of China.

Please, spare me the rubbish about anti-China rhetoric. This has nothing to do with the Chinese people or culture. I clarified that this is for local _government_ clients. It absolutely matters, whether you get offended or not. I also mentioned that my company is a Zoom customer and this move generally has me happy.

We had the same conversation about Russian owned antivirus companies months ago as well. I understand there is legitimate concern about anti-Asian rhetoric. I just wanted to clarify that it's not where I'm coming from. As someone who introduced Keybase to these clients, these questions are going to come to me. And I want to have an answer for my government clients for this legitimate concern.


If you want to clarify that that's not where you're coming from, aggressive swipes like "please spare me the rubbish" have to go. It's against the HN guidelines to post like that, so please edit it out in the future.

https://news.ycombinator.com/newsguidelines.html


This “development team entirely based out of China” bullshit is so easily debunked it’s not even funny. A simple glance at the list of open positions could tell you it’s false. https://zoom.wd5.myworkdayjobs.com/Zoom


Unless they've made a major shift, it's definitely true: https://www.cnbc.com/2019/03/26/zoom-key-profit-driver-ahead...


It’s pretty hard to argue with someone who can’t see the difference between largely and entirely.


If you have reason to be concerned about the CCP undermining your communications infrastructure, it's a distinction without a difference.

Like yes, you're correct, the person you're replying to is wrong. But the reason they brought it up remains valid with the correction.


If someone first makes a false accusation, then post a “correction” only to double down on a lesser yet still false accusation, I’d say it’s reason enough to conclude that they’re arguing in bad faith and attempting to slander.

You don’t need to spread false information to make a possibly valid point. People also increasingly use this sort of “yeah, they play fast and loose with facts but they have a point so cheers” to defend garbage journalism and I’m not a fan at all.


> If someone first makes a false accusation, then post a “correction” only to double down on a lesser yet still false accusation, I’d say it’s reason enough to conclude that they’re arguing in bad faith and attempting to slander.

You aren't listening to what he's saying: "If you have reason to be concerned about the CCP undermining your communications infrastructure, it's a distinction without a difference. The reason they brought it up remains valid with the correction."


For me I just stop responding to anyone focusing on minor details and missing the point

Anything related to China CCP has large enough security concern chance. This is due to political motive to have control of information flow on everything they can.

Any team in China can be enforced to provide one or more means to obtain more data or can't operate smoothly. (See Google)

This is not "anti-China", more like "anti anti-privacy" (what's the opposite of privacy?). Same goes for any US company that does anti-privacy things like Google.


Your distinction here is 100% on the money.

We're not talking legalese, we're talking about privacy. It's quite easy to defame an argument by nitpicking, but the holistic view that anything developed or with tightly or loosely coupled links to China by default. Explicitly should be called out as being untrusted.


If you're getting hung up about the difference of me saying "entirely" and "largely" – yeah ok you're right. Mathematically, for the word "entirely" to be true, it would have to be every single breathing soul at zoom that ever touches any tech.

I actually did mis-read from an older article that all their development is done in China (the language is that their R&D and tech teams are concentrated in China). Hence I said entirely. But yes let's go with largely. This is an argument about who has jurisdiction to force the altering of parts of their tech stack.

Entirely vs Largely: Does that do _anything_ to alter my concerns? Nope.


> I am very put off by this anti-China rhetoric. Everything that even has a remote connection to China is now under suspicion. This is madness.

Personally, I don't want companies even having development groups in China simply because I don't want China deriving any benefit from the outside world given their behavior over many things (Great Firewall, Hong Kong, Uyghurs, general human rights, covering up Covid-19 to start, etc.).

We are well past the point that "giving to China" will normalize them. Evidence shows that attitude has failed. It's time to treat them like the persona non grata that they deserve to be.

That's beside the security implications.


C'mon: Hong Kong, persecution of Uighurs and Falun Gong and political prisoners and artists and journalists and anyone who talks about Taiwan or the Tienanmen Square Massacre, IP theft, cyber attacks, political aggression in the South China Sea ("Nine-Dash Line"), not to mention trying to expend their censorship apparatus internationally!


C'mon: Hong Kong, persecution of Uighurs and Falun Gong and political prisoners and artists and journalists and anyone who talks about Taiwan or the Tienanmen Square Massacre, IP theft, cyber attacks, political aggression in the South China Sea ("Nine-Dash Line"), not to mention trying to expend their censorship apparatus internationally!

I like China but the CCP is a problem.


You list a bunch of terms, but pretty much all of those things have a different side to the story.

I'll start with one thing, because addressing them all takes too long.

You think the Hong Kong rioters are fighting for freedom? Take a look at how they attack innocent women and elderly that simply disagree with them:

https://twitter.com/Mondayfreemary/status/125844037836732416...

Western media romanticizes the whole thing by not reporting anything about the dark side of the movement, and by cutting footage to make the rioters look like heroes: https://twitter.com/DanielDumbrill/status/125835760285075456...

Here's the real story, I've written a summary just earlier today: https://twitter.com/honglilai/status/1258294860618108928

This isn't just about one or two people who are criminals. The rioting, the violence, the hate for mainlanders (hate for PEOPLE, not just CCP) has completely taken over the movement. Heck, I don't even dare going to Hong Kong anymore -- as someone with a mainland background, I fear for my life.

Furthermore, 'Liking China but opposing CCP' is, in actuality, a statement that doesn't make much sense once you understand how the CCP - Chinese people relationship actually works: https://twitter.com/Bkerrychina/status/1253635970236375040

The CCP enjoys a pretty high level of support in China. Real support. Even many people who use VPN to use Twitter say they support the CCP. This support has grown tremendously in the past decade, in no small part thanks to all the demonization bullshit that western media tries to pull on China. Many Chinese read western media, think 'wtf is this overblown nonsense?', and end up supporting CCP more, even if they were previously neutral or slightly anti.

My point: by listing all those terms, you are painting a one-dimensional, stereotypical, overblown and distorted view of China. If you really want to help Chinese people, you gotta first understand where they come from. This begins with gaining an accurate image of what China is, not the media stereotype.


> You list a bunch of terms as if in a 'gotcha' manner, but pretty much all of those things have a different side to the story. I'll start with one thing, because addressing them all takes too long.

What is the "different side to the story" of involuntary organ harvesting of political and religious prisoners?

> You think the Hong Kong rioters are fighting for freedom?

Yes.

> Take a look at how they attack innocent women and elderly that simply disagree with them: https://twitter.com/Mondayfreemary/status/125844037836732416....

I looked but the video wouldn't play.

If that's what happened then that's also bad.

Anyway, I don't get my news from Twitter. I also don't get my news from mainstream Western new media because they are biased (I agree with you about that.)

> Furthermore, 'Liking China but opposing CCP' is, in actuality, a statement that doesn't make much sense once you understand how the CCP - Chinese people relationship actually works: https://twitter.com/Bkerrychina/status/1253635970236375040

I'll read that article, FWIW. Cheers.

But I can tell you what I mean when I say that. Chinese culture is a part of my culture. I grew up in San Francisco. There has always been a Chinese cultural influence in my life. The first Chinese New Years Parade was held here in 1851 (predating the communist party by ~70-80 years, eh?)

Also, there are millions of Chinese that do not live in China https://en.wikipedia.org/wiki/Overseas_Chinese

So China as a people and a culture is much much older and larger than the communists. That is the China that lives in my affections. I want to add that Lao Tzu's "Tao Te Ching" is the greatest book of wisdom in the world (in my opinion.)

    CCP != China
> The CCP enjoys a pretty high level of support in China. Real support. Even many people who use VPN to use Twitter say they support the CCP. This support has grown tremendously in the past decade, in no small part thanks to all the demonization bullshit that western media tries to pull on China. Many Chinese read western media, think 'wtf is this overblown nonsense?', and end up supporting CCP more, even if they were previously neutral or slightly anti.

You cannot possibly know that with any certainty in a regime that punishes criticism!

You just can't.

People lie when you've got a big stick in your hand to beat them with if you don't like what you hear, eh?

> My point: by listing all those terms, you are painting a one-dimensional, stereotypical, overblown and distorted view of China.

"...of the CCP" you mean. I don't blame Chinese people for the crimes of the CCP.

> If you really want to help Chinese people, you gotta first understand where they come from.

A billion and a half people don't need any help from me.

> This begins with gaining an accurate image of what China is, not the media stereotype.

I don't know what to tell you. Like I said, I don't follow the media.

FWIW, I straight up studied China for awhile until I realized how vast it was and how silly and arrogant I was to think that I could possibly encompass it. Now all I want is for the CCP to stop trying to edit history, stop locking people in mass concentration camps, stop stealing their organs, and stop fucking with the South China Sea. Those seem simple enough for even me to opine on, in all my ignorance.


> What is the "different side to the story" of involuntary organ harvesting of political and religious prisoners?

It's about the accuracy of the claim that there's involuntary harvesting going on: https://thegrayzone.com/2019/09/30/reports-china-organ-harve...

There was harvesting going on of prisoners that have already been executed. China admitted as much: https://www.youtube.com/watch?v=wbxvZ2lIR08 This practice has stopped since 2015.

> Anyway, I don't get my news from Twitter.

Unfortunately, there's not much I can do about the fact that most media outlets don't publish videos like these. But the video footage speak for themselves. Here's evidence of rioters setting a man on fire for disagreeing with them: https://www.youtube.com/watch?v=gblPwStlsQs

If you are interested in a more long-form discussion about what's going on in Hong Kong, check out Daniel Dumbrill, a Canadian who lived in Hong Kong and now lives in Shenzhen: https://www.youtube.com/watch?v=LQx5NKAfueg

> I'll read that article, FWIW. Cheers.

Thanks. I'm already plenty glad that you're at least willing to take a look, even if you disagree.

> But I can tell you what I mean when I say that.

All right, point taken.

For the sake of discussion, I'll limit my scope here to mainlanders, not the diaspora.

I'll also tell you my point of view. I was born in the mainland, I now live in the Netherlands. My wife is a mainlander too. You're right that China as a culture and civilization is older than the CPP. Having said that, having studied China's history, I do think the CCP is the legitimate government of the mainland.

> You cannot possibly know that with any certainty in a regime that punishes criticism!

The claim that it's a "regime that punishes criticism" is overblown. There's a core of truth, but overblown. Things haven't been that extreme since the 70s. Nowadays there are many people who do in fact criticize the government.

For some perspective, try this video. This is an interview between an American and a Canadian, who both live in China. They discuss their experience with Chinese society, and things (including things about the government) are different from what they thought it is based on western views: https://www.youtube.com/watch?v=ufxfSJgQuSI

It also kinda depends on what you mean by criticize. If you try to incite riots or government overthrow, or if you work with foreign agencies -- yeah they REALLY don't like that sort of stuff, and you'll get into a lot of trouble. But for more perspective, try this example:

In 2019 there were protests in Guangdong about the building of a crematorium. https://mothership.sg/2019/12/news-china-protests-wenlou-hua... The government did not arrest the peaceful protesters. They did arrest the violent ones, but even those were released later. Eventually, the government gave the protesters what they wanted.

> People lie when you've got a big stick in your hand to beat them with if you don't like what you hear, eh?

The people I talked to are on a VPN, operating on western websites, talking to me in private. The Chinese government is not monitoring those conversations.

Having lived in the west for so long, I also studied China for quite a while. The more I study, the more I realize that the western view of CCP is... not exactly wrong, but very very problematic.


> The more I study, the more I realize that the western view of CCP is... not exactly wrong, but very very problematic

What's problematic to me is that a government censors information that could change people's minds. How can we call "legitimate" a government that is not allowing those who are supposed to be the source of its legitimacy, to access opinions and ideas that could influence their choice of which party they would legitimise?

Of course it would be hypocritical to say that our western governments don't try to do the same. But at least they are forced to limit the scope of their control to information that can somewhat fit under the umbrella of "National Security" -and at least their propaganda is forced to compete with everything else out there. Censoring by force books, websites and public media that express vastly opposing ideas is out of the question -as it should be -don't you agree?


There is an alternative perspective wrt what generates legitimacy. It is improving people's livelihood. Food, health, security, education, economic prosperity. Given the huge number of low income people in China, China is still very much a developing country. And China HAS made lots of progress in those fronts, much more than any other country.

As for disallowing criticism: nowadays it's not as bad as you think. Check my other threads.


Why should this progress in economic development be enough to make it legitimate? I mean, even if we assumed that the end justifies the means and that all that matters is economic prosperity, they didn't even have to do a lot of things right -just less badly than before (which admittedly wasn't that hard when someone looks at how bad they were).

And if this progress happened to coincide with loosening up the restrictions of personal freedoms and the censorship that you mention, perhaps the case is that a government that allowed more freedoms might had facilitated even more progress.


There is no proof that your latter claim is true. South Korea, Singapore and Taiwan were all authoritarian before they got economically prosperous. Only after that did they become democratic.

The states in the middle east, which had democracy forced upon them, aren't doing that well either.

It takes a while to get there, and not all stages of development of a country is a good match for democracy.

And you say that it is not that hard to do things less badly than before. I disagree. The CCP is literally the first functional and competent government they've had in 150 years. I think you are massively underestimating how difficult it is to develop China.

I am not saying economic concerns should forever be their number one priority. At some point that has to change. But is democracy really the best path for China right now? Do they deserve no credit for what they have already achieved?


Ok, I suppose we all have our priorities and biases. I can see how being able to feed for one's family can feel more urgent than being able to exercise their freedoms.

Perhaps the (late) CCP deserves credit for improving economy, infrastructure, efficiency and quality of life, to the extent that it did. And for being less cruel than its predecessors.

It is just that from the perspective of westerners, it is hard to judge positively a government that still has no respect for individual freedoms and private aspects of people's lives -i.e. looking the social score system, it is a step to the wrong direction.

My worry is that if the Chinese people become complacent and just feel grateful that they have more prosperity than before, the day where they are able to enjoy the freedoms that every person deserves will be far. And that, if they are not used to having free access to information and being in control, it will be more likely for someone less peaceful than the current CCP leadership in the future to start a war or something.


> As for disallowing criticism: nowadays it's not as bad as you think.

I don’t have to try a dozen VPNs to read western news outlets anymore?


It's not as good as the west, censorship exists. But gone are the days where your neighbors report you for every little thing you may say wrong. You can file complaints against the government, and they do look into those without punishing you. You can even file lawsuits against the government (admittedly, not very effect yet, with a success rate of 30%, but not nothing).

Does China have problems? Yes, many. But my point is rather that it's not the hellhole many people think it is.


Well met! I hope I don't sound like some maniac.

In re: the organ harvesting, I really hope you're right. I mean I really fervently hope you're right.

(It reminds me of the Walled City of Kowloon. I saw a BBC documentary about it and was haunted for years. Then one day I looked it up and, lo and behold, they had torn it down years ago. Always value new information, eh?)

> But the video footage speak for themselves.

But they don't. I'm not going to watch that (I have firm policy not to watch footage of IRL death. I watched "Faces of Death" in high school with my friends and regretted it.) but whatever it shows I'm not a video expert so I can't tell what it actually is: it could be fake, or even deepfake.

(FWIW I am firmly against setting people on fire, under pretty much any circumstance, for pretty much any reason. I think we can all agree that things have gone too far when someone gets immolated.)

When you get right down to it, I have no idea what's really going on over there, and no way of finding out.

The best I can do is go by things like the actual formal actions of the CCP, which don't seem good. (Although, as I say that, I recall that they presided over one of, if not the, greatest economic transformation on Earth. So: good job on that. Credit where credit is due.)

> check out Daniel Dumbrill

Despite what I just said, I'll do that. Always value new information, eh?

> I'll also tell you my point of view. I was born in the mainland, I now live in the Netherlands. My wife is a mainlander too. You're right that China as a culture and civilization is older than the CPP. Having said that, having studied China's history, I do think the CCP is the legitimate government of the mainland.

Cheers! Well met.

FWIW, I'm serious when I say I like China. Y'all are like a stern and distant Grandfather: wise and kind but also a little frightening. Don't tell the other Americans I said that, though, okay? ;-)

For me, it's useful emotionally to distinguish and blame "the Commies" because that way I can say to myself that Chinese people aren't to blame for the fucked up things the CCP does. In the USA, I feel that we are kind of all to blame for things like invading Iraq on a pretext, or electing a human cartoon character to be POTUS.

> I do think the CCP is the legitimate government of the mainland.

Yeah... * sigh * me too. But I don't like it.

It's been long enough IMO, and they are stable enough (again in my almost-worthless opinion) and the UN let them in, yeah?

Honestly, we over here were all set for the great Eastern Glasnost, if you will, and it's really a downer that China seems hung up on sabre-rattling. Can't we all just settle down and make some money? There are asteroids and Mars and places to go and things to do...

> The claim that it's a "regime that punishes criticism" is overblown. There's a core of truth, but overblown. Things haven't been that extreme since the 70s. Nowadays there are many people who do in fact criticize the government.

Again, I really and sincerely hope you are right!

As an American the very idea that someone from the government would get on my case for speech is preposterous. "Donald Trump is a pathetic excuse for a President!" See? No one cares. But jokes aside, as long as the CCP is punishing criticism at all they'll never be fully legitimate (again, in my all-but-worthless opinion!)

It's a weakness. Same with trying to rewrite history.

They either have to get their act together and be big enough to admit mistakes -or- pressure the rest of the whole wide world into toeing the line on their political picture-show. That sets them on an inevitable clash with Western-style freedom of speech. It's bad policy even for a legitimate government.

The stability of China is crucial to the whole world. If the legitimate government is weak that's a cause for concern.

But again, I know just enough about China to know how inadequate my knowledge is, so this is all just the ranting of a rando on the internet, eh? :-)

> For some perspective, try this video

I will. Despite it all, always value new information, eh?

> In 2019 there were protests in Guangdong about the building of a crematorium. https://mothership.sg/2019/12/news-china-protests-wenlou-hua.... The government did not arrest the peaceful protesters. They did arrest the violent ones, but even those were released later. Eventually, the government gave the protesters what they wanted.

Okay, but that happens here too. That wasn't the same thing as standing in front of the White House with a sign saying "Donald Trump is Winnie the Pooh".

> The people I talked to are on a VPN, operating on western websites, talking to me in private. The Chinese government is not monitoring those conversations.

Alright, I'll credit that. Cheers.

> Having lived in the west for so long, I also studied China for quite a while. The more I study, the more I realize that the western view of CCP is... not exactly wrong, but very very problematic.

Now that I agree with. Thank you for an enlightening conversation, and I really will read/watch those links (not the one with the person getting burned to death, but the other ones) FWIW.


Cheers, glad you're open to new perspectives.

A few additions:

The man who got burned didn't die. He got hospitalized for a few months. He is now recovered, but with scars and trauma. Here is an interview with his wife back when he was still in coma: https://www.scmp.com/news/china/society/article/3038421/wife...

FYI, SCMP is based in HK, though they are partly owned by a mainland company. Still, I find that SCMP as a whole is pretty balanced. The site has a mix of pro and anti CCP articles. The sentiment varies between authors.

> For me, it's useful emotionally to distinguish and blame "the Commies" because that way I can say to myself that Chinese people aren't to blame for the fucked up things the CCP does.

I understand.

To me, the people are to blame too. As explained in the article, CCP has 90 million members. Just the party only has more people than many EU countries. Many members are normal people: doctors, nurses, factory workers, businessmen. The CCP isn't a small elite who rules over the mainland, they are the fabric of mainland society.

The madness of the cultural revolution wasn't a CCP only thing. Many people supported the madness, that's why it took off. We all own the madness. Nowadays we can see that it was wrong.

I think there is nothing wrong with the normal people owning mistakes. I think it is rather crucial, in order to learn and move forward.

> As an American the very idea that someone from the government would get on my case for speech is preposterous.

I see what you mean. China still isn't quite on that level. But don't know whether it ever will be.

But at the same time, I don't think it's fair to judge China by that standard. China has a very different history and condition. If you judge it by western standards, China will forever disappoint you, for nothing else but "it's not like the west".

Here's what I think is a better perspective to judge China by:

The country literally had 150 years of war, revolution and poverty. Starting 40 years ago or so, that is finally over. China was quite low on the Maslow pyramid of needs, so it's no wonder they prioritize food, safety, money, prosperity.

And they succeeded in that. Everyone can eat, which was not at all a given. 200 million people lifted out of poverty -- the biggest contribution in the world. Universal Healthcare. Millions of Chinese travel to foreign countries every year, and pretty much all of them voluntarily go back. For the most part, Chinese people nowadays live a normal live.

Economic freedom, the right to survival, the right to health, are human rights too. The CCP prioritizes those over freedom of speech. As a developing country, it is impossible to prioritize everything, so you have to make choices.

It's also not just a case of "China is still behind the west, but they are working on it, give them a break". On some dimensions, they are ahead, or at least different. For example:

Chinese cities are very safe. You can go out at night, into dark alleys, without getting mugged. The police don't carry guns, there's no need to.

China managed to restore huge parts of deserts into green land.

China as a state also faces threats. The censorship, which I don't like, is meant to protect against that. It's not so much criticism that they don't like (in fact there are official channels for submitting complaints), it's threats against the state. As an American that may sound weird, but recall that mainlanders are tired of 150 years of revolution. Now they want stability, unity, prosperity. And requires a stable state.

The threats are not theoretical, as I've found out recently. A big threat comes from... The US. The US regularly stages coups against governments they don't like. Even democratic governments. Democratic Iran in the 60s. And just now, Venezuela. Part of the reason why the CCP top leadership is so secretive, and why they are making society more controlling, is to protect against US lead coups.


> The threats are not theoretical, as I've found out recently. A big threat comes from... The US. The US regularly stages coups against governmentd they don't like. Even democratic governments. Democratic Iran in the 60s. And just now, Venezuela. Part of the reason why the CCP top leadership is so secretive, and why they are msking society more controlling, to to protect against US lead coups.

Yeah if you wonder why the Chinese are putting Uyghurs in camps it's because the US and Saudi Arabia sent Uyghurs to fight their proxy war in Syria. You can imagine what the Chinese government thinks of that.


Stop trying to justify genocide.


Is there really a genocide going on? Forced reeducation, yes. But killing? https://thegrayzone.com/2019/12/21/china-detaining-millions-...


Stop trying to justify genocide.


Strong claims need better evidence. The evidence is shaky, and obviously backed by political interests.


> Furthermore, 'Liking China but opposing CCP' is, in actuality, a statement that doesn't make much sense once you understand how the CCP - Chinese people relationship actually works: https://twitter.com/Bkerrychina/status/1253635970236375040

Taiwan and the Republic of China debunks this.


What sort of debunking are you referring to?

Maybe you're talking about how Taiwan does not like the CCP. Correct. So let me be clear: when I said "Chinese people" I'm referring to mainlanders.


> So let me be clear: when I said "Chinese people" I'm referring to mainlanders.

You claim that all mainlanders like the CCP, which is a spurious claim given not only how impossible it is to generalize over such a huge group (including people the CCP is actively persecuting, such as Uyghurs!) but also because the CCP actively punishes people who speak against it.

Even aside from that, your conflation of "Chinese" and "mainlanders" and further conflation of "Chinese" and "mainlanders who like the CCP" is precisely what I'm talking about. It's improper, it's politically biased, and it destroys the conversation we're supposedly trying to have here.


Not all. High level of support. There are those who are against. But overall, support is strong.

> but also because the CCP actively punishes people who speak against it.

See my other thread regarding this topic.


Meanwhile, anti-anti-China people are ... often well meaning but a bit daft.

One managed to mishear "Uighur Muslims" (yes, there are anti-anti-China people who don't know who they are, and yes, they misheard "Uighur" as a word starting with "N") and it took me quite some annoyance to get that straightened out and everybody on the "Chinese people pretty cool, Xi really not so much" page.


> it took me quite some annoyance to get that straightened out and everybody on the "Chinese people pretty cool, Xi really not so much" page.

This shouldn't be hard to get across, except the CCP is very interested in ensuring people don't distinguish between the government of the People's Republic of China and Chinese people as a whole. Which leads to criticism of the CCP/PRC being seen as racist, which adds lots of heat to the discussion but absolutely no light. Precisely what the CCP would want, were it to attempt to influence online discussions. But I'm sure the CCP doesn't try to influence online discussions.... right?


Oh man, you really overestimate the CCP's media competence. Take a look at the state media and propaganda in China. It's all very traditional, very straightforward, mostly fact based (even if cherry-picked). Even the infamous 50 cents army is pretty stupid, and not what you think it is: https://www.quora.com/Does-the-50-cent-army-really-exist-and...

CCP influencing online discussions in the west? Hahahaha! As someone who's neutral (not even supportive) about the CCP, I can only hope that they become that competent within a decade. Those idiots still have no idea how sophisticated communication with western audiences needs to be. In the mean time, western media walks all over them, even with stories that are easily debunked.


> As someone who's neutral (not even supportive) about the CCP, I can only hope that they become that competent within a decade.

You don't sound very neutral.


I am not surprised that you think that. A lot of western discourse has gone so far off to the anti China direction that anything neutral people say can come over as pro CCP.

I am not. I have plenty of critique against them. But the sentiment in HN is already so anti China that there is no need for me to voice that critique.

I am not even saying "CCP good". I am saying "CCP not as bad as you think" and "there are alternative perspectives that are just as valid".

As for my hope that they become competent in media: it is to counter all the obvious lies. I mean... Wuhan lab virus? Really? And people willingly believe these stories all over the world?


You just keep saying "everyone is anti-China" over and over without clarifying what you actually mean.

Your insistence on not making a distinction between the CCP and the Chinese people makes it hard to engage in any discussion, as criticism of one is taken as criticism of the other. I have a strong feeling the CCP is depending on this mentality from it's people, playing up ethnonationalism and xenophobia to distract from any criticism towards them.

You said clearly you wish the CCP had better propaganda and communication, why? That would make them stronger, yet you claim to not be in favor of them. Do you care to clarify?


You raise an interesting point when you ask me to explain why I think HN is anti-China. It was so self-evident to me, but apparently you don't experience it as such. Maybe the HN crowd is not so much anti-China, but rather just misinformed, by virtue of living in the western media bubble which paints a one-sided picture of China.

I gave the Wuhan lab virus theory as an example. Actually the entire COVID-19 reporting is a big example, and is what triggered me to speak up in the first place. I was in China in January, I personally witnessed the news, lockdown progression, etc. And yet when I look at western reporting, there is so much misinformation, so much unjustified blame for things that are obviously not true.

For example, I see so many comments on HN saying China covered up for months (they didn't -- downplayed jan 1 to jan 20 at most), saying that China deliberately allowed international flights from Wuhan after the lockdown in order to infect the world (they didn't), and more. I see so many extreme, obviously untrue information, that I see this as anti-China.

And Chinese media is very weak against such unsubstantiated attacks. How can I sit back, see all the lies and bullying, and not hope that Chinese media gets their act together? This has got nothing to do with whether I support the CCP in the end -- just because CCP has problems, and that there are legit criticisms against CCP, doesn't mean we should accept lies against CCP, nor does it mean that they shouldn't be able to defend themselves against lies.


> You raise an interesting point when you ask me to explain why I think HN is anti-China. It was so self-evident to me, but apparently you don't experience it as such. Maybe the HN crowd is not so much anti-China, but rather just misinformed, by virtue of living in the western media bubble which paints a one-sided picture of China.

Again, you're not actually saying anything here, these are just your perceptions.

> I see so many extreme, obviously untrue information, that I see this as anti-China.

Right as I said it seems that you view all criticism of the Chinese Communist Party as criticism of China and Chinese people. This makes you a (ethno)nationalist, which is ironically another western stereotype. That Chinese see all criticism of China as criticism of them personally.

> And Chinese media is very weak against such unsubstantiated attacks. How can I sit back, see all the lies and bullying, and not hope that Chinese media gets their act together?

It's hard to make any conclusion other than you see the CCP as fighting for your image as well as their own. I'm wondering if you are willing to concede this is the case, and if so how do you suggest someone like me to attempt any sort of dialogue? Seems self-defeating.

And if in your opinion I got something wrong, what is it? Thanks for your response ahead of time, I come in good faith to better understand you and your perspective.


Okay, I am glad you are willing to discuss in good faith. Thank you for elaborating your point of view.

I will admit that I have an emotional bond with China, by virtue of being born there. If you define nationalist as anyone who feels as having a personal stake at the reputation of a country, then I guess I am. I wish for the country to develop, to be prosperous, to be recognized as an equal (more on this later) and to be treated fairly.

I do not personally agree with that definition, because I see a nationalist as someone who accepts their country unquestionably, and someone who thinks their country is better than others. I conform to neither of those properties. China does have many problems, it’s lagging behind the west in many aspects. If you want me to list some (besides the obvious freedom of speech things): support for disabled people is not very good, hygiene of public toilets is poor, social safety net is not as good as e.g. Netherlands, the tendency of local governments to cover up bad news thanks to structural problems with incentives. I also don’t think China is better than others, I merely wish for it to be able to stand as an equal (in value, not in likeness) among western countries. Respect other countries, and be respected in return.

In this sense, you can also say I am a Dutch nationalist. Having lived in the Netherlands for longer than in China, I have absorbed many western ideas and ideals, some of which I think China should embrace better. I also wish for the Dutch to be well, and despite the high taxes and rigid rules here I am pretty glad at how well-managed the country is.

You suspect that CCP is deliberately instilling nationalism in order to make Chinese people unwilling to accept criticism against CCP. Here are my thoughts:

- For myself, it is not true. I lived in China until early primary school. I did learn a vague sense of being proud of being Chinese, but that isn’t very different from how e.g. Americans learn to be proud of their country. I didn’t learn much history yet, nor how the state works or how other foreign countries worked. Everything after age 8 was Dutch education. But I have always felt a disconnect between what here in the west I am told about China, vs my own experience and what family tell me. Only recently have I started to do my own research to learn where this disconnect comes from, and how Chinese history was like.

- This presupposes that the CCP can be neatly separated from the mainland people. And that if we cannot, then criticism is impossible. I agree with neither: https://news.ycombinator.com/item?id=23124883

- The more I learn about Chinese history, the more I think you’ve got it backwards. The CCP derives legitimacy from preexisting nationalism. It was already there before the PRC founding, the CCP didn’t create it. The CCP top leadership are actually moderates: they try to suppress nationalism rather than making it bigger. For example: there is a saying that if the mainland Chinese were allowed to vote, they would’ve already launched an invasion against Taiwan already; while the CCP is happy with the status quo without openly saying it.

- I don’t know how much it applies to HN, but in the wider world, I see the statement ‘I am against CCP, not Chinese people’ being used merely as lip service. For example: Trump invoking the Hong Kong Freedom bill, and many people cheering on it, but the only thing the bill does is hurting HK economy and thus the livelihood of ordinary Hong Kong citizen. I suspect many people are sincere about the abstract idea of that statement, but they haven’t given any thought about what it means in more practical, realistic terms. And at the same time, many other people are not being sincere at all, and merely use the statement as a cover for racism.

- I do think criticism against CCP is okay, but I am not seeing a lot of fair criticism. I see a lot of double standards, where CCP is criticized for something while other parties are not. I see a lot of criticism that’s based on either false info, or info with dubious evidence. Such dubious evidence is often accepted without question, even though when it comes to other countries people would’ve probably done a better job scrutinizing.

Imagine that everybody thinks Netherlands is a country of drug addicts and prostitutes, and that that is what people talk about all the time. I wouldn’t be happy about that either.

- A lot of criticism isn’t per se wrong, but does assume that western values are universally correct. The more I learn about history, the more I cast doubt on this. Western values arose under very specific circumstances. Mainland China has a very different history, so the values there are different. The insistence on criticizing the CCP from the viewpoint of western values, comes over to me as imposing one’s values on others. Some mainland Chinese values arose specifically because of western imperialism, so this imposition even comes over as hypocritical or tone-deaf at times.

- So much emphasis on criticism, but I think what we need is more emphasis on solutions. I mean: many problems in China aren't going to be solved by overthrowing the CCP (if that is at all possible). This isn't as simple as kicking out the bad guys and things will be better. For better or worse, and for all its faults, the CCP is still the only government that truly advances mainland Chinese people's interests; no other government will do it for them, and any post-CCP government will not necessarily be better than CCP. Rather than focusing on criticism, I think we need to focus on mutual understanding and finding ways to cooperate. The CCP will not feel inclined to accept western values as long as they believe that they are being treated as inferior instead of as equals, and that those values are a thinly veiled excuse for overthrowing them and for ignoring the west's own problems.

I hope this clears things up. If you have more questions or thoughts, I would be happy to engage.


> I am very put off by this anti-China rhetoric.

It isn't anti-China, it's anti-PRC. The difference is obvious.


PRC = China for conversations regarding government policy and potential privacy violations and undue pressure on development. The same concerns could be had for software developed in the U.S. US Gov = U.S. for all intents and purposes with regard to this topic. Now you're just splitting hairs.


> Now you're just splitting hairs.

No, I am not. I am hitting on something which makes some people angry. There's a difference.

As long as the Republic of China is independent, this isn't hair-splitting.

> The same concerns could be had for software developed in the U.S.

Of course not. The US isn't an authoritarian regime.


Try to effect some justice, and you'll quickly learn how authoritarian the US is.


I have, and you're wrong.


China is an authoritarian one-party state. There might be a difference, but it's pretty slim.


> China is an authoritarian one-party state. There might be a difference, but it's pretty slim.

China is a culture with a very long history, like all cultures, and a diasporic population, not to mention all of the Chinese people under the rule of the Republic of China on Taiwan.

Confusing the PRC with the entirety of Chinese people, Chinese culture, and China as a whole is rather similar to refusing to distinguish between Nazis and Germans, and only serves to either make criticism of the PRC impossible, since one can always accuse the critic of racism, or make defense of the Chinese people and culture impossible, since it will be taken as burnishing the PRC.


Nobody is confusing Chinese people with the PRC. Stop muddying the waters of an important and policy impacting conversation.


Someone in this very thread is:

https://news.ycombinator.com/item?id=23111557


I am not confusing CCP with the entirety of Chinese people, culture and history, as I have already explained elsewhere.

I am, however, claiming that the CCP is massively intertwined with mainland Chinese people. See this article that explains this in more detail: https://oxfordpoliticalreview.com/amp/2020/04/24/china-serie...

So if you say "I am against CCP, not the Chinese people", then that statement only makes sense if you exclude "many many mainlanders" from the definition of "Chinese people". Which makes the statement rather weak, or even nonsensical.

You say that if we accept this intertwine, it makes criticism impossible. Not so. You can still criticize the CCP, but you need to be more nuanced with your criticism, do more due diligence instead of merely rehashing western narratives, and realize that you're criticizing the CCP and the people at the same time (which could be entirely legit).

I therefore argue that recognizing the CCP - mainland people intertwine is a good thing, as it makes criticism more honest, more accurate, and possibly more helpful/constructive. No longer can you put all the blame on "just the bad guys" -- all of us mainlanders are complicit in some sense. We all own the problem, so we can't stop at just blaming, and have to actually find a solution.


> Keybase felt like WireGuard for its use case, just dead simple and also secure.

WireGuard, however, is "decentralized" because you can run it yourself whereas Keybase was always a centralized service where you always had to trust someone else instead of yourself or a public blockchain!

That being said, congratulations to the keybase team! :-)


It is not important Zoom is a Chinese company or not. The problem is, Zoom can't be trusted at all because of their behavior.

They showed us they don't think security seriously at all through their actions. For example, they opened up lots of holes(local HTTP server to bypass app open dialogue, local privilege escalation via their webcam/mic hack) on the user's system to provide "better" UX. They just cannot be trusted.


Having development in the US just means they'd have to be concerned about illicit US government interference. How is that an improvement?

https://www.aclu.org/other/surveillance-under-usapatriot-act https://www.eff.org/deeplinks/2020/03/earn-it-act-violates-c...


Yes, and to the couple of my clients who are governments of AMERICAN cities, that answer is clear. (And that was my original premise).

I am no cheerleader for NSA surveillance. People who know me in real life are probably tired of hearing me talk about it (and privacy/security in general).


It's an improvement because it isn't nearly as pervasive as PRC interference.


[flagged]


Please don't break the site guidelines regardless of how bad another comment is or you feel it is. That only makes things worse.

https://news.ycombinator.com/newsguidelines.html


U.S. surveillance is ok if you're a US gov entity. Completely irrelevant to the question posed by GP.


Were you unaware that the founder of Zoom is an American or are you implying that the company is Chinese despite that?


Nobody implied this. Clearly stated was the concern of the majority of development being in the PRC impacting US government use of Keybase.


That was after the edits/updates.


Edits and updates I made within minutes. The replies to my comment ultimately forced me to be more thoughtful in my words, resulting in me being able to better lay out my thoughts.

I specifically left my original comments in there because I don't want to pretend that I said anything perfectly right from the beginning, without the help of others.


>PGP is dead on arrival, since it's an overcomplicated mess.

Er what? The complaint about PGP is that it is too simple. Users have to know too much about how public key cryptography works. The suggested alternatives are much more complex.


Thanks keybase for the free 100$ worth of lumens. You'll be remembered fondly.


Good point, I should move those out. I'll have to ask if a friend can convert the Lumens to Bitcoin so it can be donated to sci-hub.


You can convert them to Bitcion on Lightning Network here: https://kriptode.com/xlmtoln/index.html


What have you done with your lumens?


Immediately sold them and kept the cash


The most embarrassing pump-and-dump in recent memory.


I will always love them for this.


I'm hodling them of course


I converted to some other coin and bought an AirVPN subscription for a year, donated $15 to the Tor Project, and I have about $40 left now.


I converted mine to regular bitcoin.


I totally forgot about that. Turns out I have 6000 lumens. Thanks!


The Keybase acquisition is a reminder of the potential fragility of using centralized services (root servers, GitHub, CAs) to support decentralized tools (DNS, Git, TLS).

> ideally either FOSS or at least not run by a for-profit company

I agree with these aims, but ideally I’d hope for the alternatives to be decentralized as well.


Why not Mattermost (https://mattermost.com/)? If the key feature of keybase was encrypted chat, seems like Mattermost solves the problem.

Or Signal?


Why would mattermost solve that?


For e2e encrypted chat there's https://conversations.im. I've been using it for a while since it lets me bring my own domain and have been very happy. The Android client supports encryption with PGP keys and OMEMO (a double ratchet like Signal uses with some nice key trust options added on top to make it easy for novices, but configurable by experts).


A few days ago Conversations also learned how to make audio and video calls :-)


I've only heard about https://keys.pub


Signal App - Completely open source

https://signal.org/en/


Does signal still require me to share a phone number?


It does (or at least did, when I was using it). It only requires it for registration, so you could even use a disposable phone number, but regardless it is a nonsensical choice for something that could aspire to be a general-purpose chat application.

The server is open-source so you could host your own server -though that's not very practical due to the client situation (not really a variety of configurable ones, so you'd probably need to change/package/distribute the official).


I used Signal for more than a year. Unfortunately compared to Keybase's chat, it is buggy, slow and lackluster in functionality.


Chat: Pick one of the many available. telegram, signal, wickr etc etc

KBFS: personally I switched to gpg encrypting important files on a NAS with encrypted backups to amazon glacier and backblaze.

Git: gitlab, github, bitbucket (just to name a few)

Encrypted messages out-of-band: Just use plain pgp/gpg


> Git: gitlab, github, bitbucket (just to name a few)

None of those hide the contents of your repo from the company that's hosting it. I suppose self-hosted Gitlab hides it the same way that Keybase does (the company's software sees your repo, but it's not stored in plaintext on their disks)


Yes. I _love_ Keybase Git for instant, immediate, safe backups of private repos. Keybase Git has been an absolutely killer feature for me since it came out and I'll miss it terribly if Keybase-the-software takes a turn for the worse. Now is the time to ensure I've got everything properly backed up, I guess.

https://github.com/spwhitton/git-remote-gcrypt is probably the best alternative for now, but I'm wailing and gnashing my teeth at the prospect of going back to PGP keys. Maybe there's some way to intersect https://github.com/FiloSottile/age and a git remote.


... and https://rovaughn.github.io/2015-2-9.html. Maybe a weekend project hiding in here somewhere.


telegram is not a secure chat app any more than skype or fb messenger are, there is some per-conversaion opt-in 'secure chat' feature with unknown guarantees that is not even available on the desktop client.


The big feature for me is easy and secure backup of things like dotfiles (and it not being secured ONLY by a password). I may just combine gpg and a private S3 bucket now along with some simple bash tooling.


Exactly how I'd been using it - keeping my dotfiles in a git repo that's not at GitHub.


I have been working on this decentralized key-value database: https://github.com/kevacoin-project/kevacoin Together with W3C's draft Decentralized Identifiers (DID: https://www.w3.org/TR/did-core/), it could provide a decentralized alternative.

Not sure what is the best way to verify Twitter/Github account though. This has to be managed by users themselves. E.g. one user posts a proof in the Twitter account, the other user verifies the proof by checking the proof against the public key posted in the database.


Take a look of GunDB for DB?

Also for binding social account -- maybe take a look of https://Maskbook.com & https://github.com/DimensionDev/Maskbook - able to send encrypted post/comment on fb/twitter etc


We're working on a solution for user to link their Fb/twitter identity to a decentralized ID and post encrypted post/comment (even sending any crypto over) on Fb/twitter only viewable by friends *(not able to decrypted by Fb or NSA) -

https://maskbook.com

Source code:

https://github.com/DimensionDev/Maskbook

For now we're trying to integrate decentralized FS solution as well so eventually Fb/twitter can be merely an infrastructure layer


keys.pub does the signing/validation part


keys.pub felt a lot like keybase when I first saw it. Now it seems like a no brainer go to replacement.


That looks awesome!


What's a good business model for this kind of company?https://news.ycombinator.com/item?id=23106043


I would pay business money, for a way to manage, simply and conveniently, trusted developer identities (via a web of trust) to validate software packages. This is something of a larger concern, but if that was their product goal, it is a thing I would attach a dollar figure to


I'm a light user of Keybase and used it primarily for validation & signing. The social identity verification was quite nice. It seems that's what most of the users here were using it for.

My suspicion is while we're not likely to see much new development from Keybase, the existing capabilities aren't likely to go away for some time.

The premise of validation/signing isn't a technically complex approach and I'm sure someone can create and FOSS it. The question however is - what features would you want integrated and what things did you find annoying?


You can do the PGP part in a decentralized way with notations and proof-specific posts - including HN: https://metacode.biz/openpgp/proofs

And then there is WKD if you have a hosted site: https://metacode.biz/openpgp/web-key-directory


Can someone ELI5 why an alternative is really needed here?


There needs to be a way to verify keys and identity when using encryption as well as when using public key operations as a method of authentication in general.

Keybase, a centralized service, provided this ability [1]. Now that it was acquired by Zoom who has a history of poor privacy policies [2], people are looking for an alternative. One suggested alternative is Handshake [3], a decentralized system.

[1] https://book.keybase.io/guides/proof-integration-guide

[2] https://www.theguardian.com/technology/2020/apr/02/zoom-tech...

[3] https://handshake.org/


Keybase was acquired by Zoom, and the statement from Keybase reflects that they'll mostly be focusing on Zoom products rather than Keybase product line, hinting it may get abandoned.


Hopefully something with Activitypub can be created... splitting up lots of independent Keybases connected using federation protocols would be rad.


The main thing I miss about keybase is the signing and verification of public resources like Github, mastodon accounts and personal websites.


upspin.io seemed like a strong decentralized alternative from the same people who maintain the Go language, but unfortunately it seems defunct, judging by it's GitHub activity. Anyone know if it has been forked and maintained elsewhere?


I host a git repo on Keybase. Is there a replacement specifically for this feature? I don't want to host the plaintext on any cloud, but I want the ciphertext to be highly available and easily re-encrypted in case of compromise.


A bit late, but I just wrote https://cryptologie.net/article/502/alternatives-to-pgp/


https://keys.pub


keybase is unfortunately one of those programs that combine many things into one - somewhat antithetical to the Unix philosophy of doing one thing well.

For kbfs, tahoe-lafs is a nice alternative. I don't know about the fuse interface as I haven't used it, but it has some solid fundamentals behind it, actively being developed and can be self hosted.

GPG still works! GPG also is a swiss army knife, unfortunately. There is OpenBSD signify (or minisign) if you want signatures.

There is also age - https://github.com/FiloSottile/age


GPG works, I don't know why anyone thought that anything else is needed.


See https://latacora.micro.blog/2019/07/16/the-pgp-problem.html.

I don't recommend it.


Bitrated is an interesting alternative for identity/reputation validation - wot based: https://www.bitrated.com


Can someone suggest an alternative for encrypted git?


git-remote-gcrypt: https://github.com/spwhitton/git-remote-gcrypt

It's available in most distro repositories and works with almost any underlying remote repos.


upspin? https://upspin.io/


Honest question: What function does a server perform in end to end encryption?

Because I see that the Keybase client is open source but not the server…


You have to exchange data (public keys and the actual encrypted content) and if you can't do that peer to peer, you need something that facilitates that. For example, webrtc clients can talk over an encrypted channel to each other p2p if they are inside the same network. If not they need a TURN server to relay that information and do NAT (firewall traversal). For obvious reasons no one wants to be the service provider of anonymous encrypted content, hence a business opportunity.


10 years ago I was able to get good result from ads, but now it is an absolute waste of money and it's not worth it anymore.


protonmail for mail/chat and protondrive (when it's released for kbfs) or tresorit


Ethereum.


What does Etereum have to do with keybase?


Okay and???


[flagged]


(Just to let you know I automatically downvote links to Youtube that have no description of what to expect. Nothing personal.)

That was weird, but not bad. But it doesn't have anything to do with this thread. (It's a funky dance video.) You seem to be spamming that link on HN. Please don't. You'll just get banned.


Unironically WhatsApp it has its own end to end encryption


https://pgp.mit.edu/ has been around before and will be around after Keybase is long gone.


I'd suspect this is jumping the gun a lot bit. Keybase was running a free service for years and has matured a lot in the last year (post crypto debacle). There's nothing stopping them from 1. Letting Keybase go into maintenance mode. 2. Donating the server to a foundation. 3. Open sourcing there server.

In all these scenarios Zoom gets better security which is a win for the world :)


> In all these scenarios Zoom gets better security

I'm more worried about the scenarios in which keybase gets worse security. Zoom's attitude to security is terrible.


I am even more worried about the scenarios in which the rest of keybase ceases to exist if Zoom decide its not worth keeping online!


I'm happy if any of those three options happen, but I'm preparing for that none of them will happen.


They will lost all the people working on it. The ship has sailed.


I would bet there’s enough community interest to make it a viable open source project if they open source the server code. It’s worth advocating to Keybase team for.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: