Scammy and spammy harassers are chasing veteran pros off crypto-collab platform Keybase

What happens when you throw your lot in with crypto-coin types

goodbye

Collaboration site Keybase, once touted for its encrypted meetup channels and robust developer features, is struggling to ward off an epidemic of harassment and spam brought about by its shift toward cryptocurrency.

Longtime users of the site who spoke with The Register have complained that Keybase, a multi-platform secure messaging and meeting service, has recently become inundated with bad actors and scammers who are bombarding them with unwanted messages, and there is no way to turn it off.

Launched in 2014, Keybase was soon enough pushed as a sort of secure, more capable version of collaboration tools like Slack.

"Slack is mainly for chat, so for a primary use case inside one company the chat is a little nicer I think," said Adam Alexander, a principal developer at Salesforce and longtime user.

"But Keybase gives you more guarantees especially when collaborating with customers or other outside partners. And Slack doesn't have anything like Keybase's file sharing and git repo sharing."

The encrypted communication, combined with file-sharing and support for GitHub, earned Keybase a devoted following, particularly with developers, security professionals, and other highly technical users.

However, things began to change. The cryptographic-centric Keybase threw its lot in with the other "crypto", teaming up with cryptocurrency Stellar to begin a series of free "drops" where the coins were distributed into users' wallets.

This, veteran users say, attracted a new type of crowd solely interested in cashing in on the currency.

Uptick in spam

"Cryptocurrency people tend to be just really scammy 'get rich quick' types. They're not much different than the multi-level-marketing people of the 'real' world," explains Noid, a hacker and Keybase user who has extensively chronicled the issue and its underlying causes.

"There was a huge uptick in spam, unsolicited messages, etc. right after the last round of Stellar coins being seeded out to those who are in the program."

Making matters even worse was a policy in Keybase that, depending on your viewpoint, was either a handy feature or a glaring shortcoming. Users cannot opt out of receiving a message from a follower or being added to a conversation.

A woman in the classic "black hoodie hacker" shot

In a world of infosec rockstars, shutting down sexual harassment is hard work for victims

READ MORE

This meant that any user could connect with, then message, anyone else on the site, or add them to a group chat. The result was a flood of unsolicited, unwanted communications from the new crop.

"It's always something like 'what's up?' or 'hello', or 'I see you are interested in <something>'," said developer Bert Regeer. "The users follow me, and leave a bunch of messages behind in the interface, notify me on my phone/watch/computer and it is something I have to deal with.

"Unfortunately there are no good settings on Keybase to help reduce this noise; there's no setting that forces people to go through a friending process; no way to filter all messages from people I don't follow into a 'message requests' bucket like Twitter. It is frustrating."

While many of those messages were of the annoying, shady business offer or coin scam variety, others were more personal and more disturbing.

Netizens report that, in some cases, they are inundated with sexually explicit advertisements, are propositioned for sex, or are otherwise harassed. And, what's worse, thanks to Keybase's policies, they have no way to block the initial messages.

Some have even snubbed the platform entirely. Aria Stewart, a Keybase user since 2014, quit the service over the relentless, prolonged harassment including numerous sexual propositions.

"The harassment has been off and on forever, any messaging platform that lets one be visibly a woman and allows unsolicited messages will get some," Stewart said.

"It has been increasing in seriousness and intensity, though, for several months, and a really notable uptick in the last month."

It has been increasing in seriousness and intensity for several months

Keybase, for its part, says it is working on a new interface with more controls for users, including the ability to block and report users directly to an administrator with two clicks. What's more, Keybase says in the coming weeks it will allow users to specify that they can only be contacted by users with whom they are directly connected, something the site calls "the nuclear option".

"These options will create a custom walled-garden experience," Keybase said. "It won't be necessary for most people – especially after the blocking features launch – but it will 100 per cent shut down all unwanted contact."

The changes are likely to alleviate the problems in the short term, but not everyone is convinced that addressing the harassment issue will be as easy as adding a handful of screening options.

As Stewart notes, Keybase is not unique in its struggles to connect people freely and easily while also protecting them from bad actors. "The problem is one of balancing hypergrowth with harassment. Growth incentives pervert everything," Stewart said.

"Social networks can probably survive organic growth. But VC funding in particular drives strong incentive to grow at all costs. ALL costs." ®

Sponsored: Detecting cyber attacks as a small to medium business

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER




Biting the hand that feeds IT © 1998–2020