[bisq-network/proposals] Migrate from Slack to Keybase (#127)

wiz notifications at github.com
Wed Oct 16 07:21:43 UTC 2019

> Agreed Slack is bad for many reasons...we've been talking about migrating from it for many months now. But I'm not convinced Keybase is the right way forward.

Well, Keybase is the only chat app that offers an acceptable level of security, privacy, and cryptographic identity verification to be on par with Bisq itself. AFAIK nothing else really comes close, and users seem to agree, since our Keybase team is gaining more people every day. We're up to 150+ members currently.

It does use a centralized server instead of a P2P network, but this isn't a huge concern since everything is E2E encrypted and signed, and you also can use Tor to access Keybase. Censorship isn't a problem unless you're in China, where you'd have to use a VPN to use Bisq anyway.

> Keybase's main value _for us_, as I see it, is identity verification for avoiding scammers. But this can also be achieved (to a large degree) through other means like forcing unique usernames, permissions, new user restrictions, and other admin tools available on self-hosted team chat software.

Take a look at this impersonation scam on Telegram, can you tell me which user is the real person? https://twitter.com/duck1123/status/1178072100856373254

But more importantly, I feel your argument goes against the founding principals of Bitcoin and Bisq. We shouldn't have to **trust** a centralized server to tell me a person is who they claim to be, or to **trust** the centralized server not spy on my private conversations, even if that server is run by a well respected Bisq contributor. Bisq has worked very hard to avoid having trusted third parties, and migrating to Rocket Chat would be adding a trusted server.

We are cypherpunks. We should **verify** the identity of everyone ourselves, and we should **verify** the end-to-end privacy ourselves. As far as I know, Keybase is the only chat app that offers this functionality with a decent UX. I heard a rumor that eventually Keybase will offer a self-hosted solution as well, so we can migrate to that when it is released for the best of both worlds.

> * Chat is bare-bones

Really? You can do one-to-one chats, one-to-many chats, small groups, or large teams (with sub-teams, etc.), and the permissions are pretty straightforward. Their apps support Windows, macOS, Linux, Android, and iOS. You can even do headless mode for bots. They even have Dark Mode. What more do you want?

> * Integrations are difficult (GitHub, Travis, calendar, etc)

Slack is famous for its excellent third party integrations, but this is something we can improve over time. Since all keybase apps verify the authenticity of all messages, it's non-trivial to allow third party services to inject messages into our chat in a secure way. It's kinda like how the UX of Bitcoin and Bisq suffer from it being decentralized.

Currently the solution is to run self-hosted bots for integrations. I already got a GitHub bot working, and I'm also working on integrating monitoring alerts. So while we have to run some bots for integrations with our Keybase team, it won't be as hard as maintaining a rocket chat instance AND integrations for the rocket chat as well.

> * Signing up for Keybase in the first place is not trivial...it's unrealistic to expect people to set up a Keybase account just to chat

You can install the Keybase app on your desktop or phone and sign up in seconds. It's actually about the same as Slack, which requires that weird email invitation thing. But I'll use your own argument against you: "Signing up for Bisq in the first place is not trivial... it's unrealistic to expect people to set up a Bisq node, create offers, etc. just to trade Bitcoin."

Remember, the Bisq community is here mostly because we don't want to trust third parties, not even Bisq itself. If somebody is self-hosting the chat server, then I need to trust them, and I don't want to do that.

> I think it's important to keep the purpose of this communication medium in mind. It's meant to be a **public** collaboration space for contributors and users, where open discussion fosters a culture of transparency. Is E2EE nice? Yes of course. But I'm not sure it matters much in this particular scenario since there is no need for privacy (exception: private messaging).

Are you confusing privacy with security? Our Keybase team is public, that's not changing. By migrating to Keybase we're gaining **security**, specifically by **verifying** every message and every user's identity using **cryptographic proofs** and **open-source software**.

Our impersonator scammer already demonstrated why this is important. If "m52go" shows up in a public channel and says something, you want to be sure it's actually him talking, and you shouldn't have to trust anyone to tell you this, you should be able to verify it for yourself.

> I think the [original plan](https://github.com/bisq-network/proposals/issues/54) to use a self-hosted tool like Rocket Chat or Zulip is better.

Well, that proposal had 9 months to get implemented, and in the meantime somebody impersonated me on Slack and tricked other Bisq contributors into thinking it was actually me. On the other hand, since I recently kickstarted it about a month ago, our Keybase team now feels more active than Slack in many ways, and it's gaining more users every day.

So now that I think about it, I guess this proposal is already accepted by the community, indicated by all the new users who have recently started chatting on Keybase... so I guess I can close this proposal as it's basically implemented now. All that's left for me to do is delete the Slack app from my phone 😅

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20191016/9d4a5935/attachment-0001.html>

More information about the bisq-github mailing list