Today we’re announcing that
Zoom acquired Keybase.
We’re thrilled with the match, and we’re excited to be working on security that affects everyone we know.
What “getting together” means today
For many weeks, everyone on earth has faced the same question: “How do we keep life moving forward if we can’t meet in person?” Teachers, small businesses, big businesses, local governments, and even our families: they’ve all turned to video communications. The world’s connections are
unbroken thanks to screens and cameras, and Zoom has exploded from an enterprise application to a household
name, helping to keep the economy alive and
Hundreds of millions of participants (free and paid) are using it every day. My neighbor, a
woodworking artist, carved and painted this:
Animals are using Zoom, night and day.
Securing the communications
Keybase has spent the last six years publishing tech to solve public key infrastructure. The crypto-devil is in these kinds of details:
- How do you know a server gave you the right keys?
- Is there some “trust on first use” (a.k.a TOFU)? If so, what happens when someone upgrades a device?
- How do you build a dynamic group or team, where a compromised server can’t inject someone extra, but admins still can?
- How do you know a server can’t lie by omission, say when a person loses a device or leaves a group, and the server doesn’t want to admit it?
This is just scratching the surface. These are not easy problems. Often, the right answers bubble up into user experience.
Beneath the surface, the correct solution usually requires auditable chains of signatures, likely dangling off a merkle tree. Sound familiar? This is what we’ve been working on.
A range of platforms
In our estimation, Zoom owes much of its success to its flexibility. You can use the Zoom app on just about any platform, but you can also dial in over a plain old copper phone line. You can also use their website, and in that case, you might be password-authenticated or even a guest. All of these cases work, and they work well. They must continue to work.
Also, Zoom calls can optionally be recorded and distributed by the host afterwards. This is great for classrooms and town halls. These features are critical to connect the world in such a dangerous time.
How do all these accommodations fit into the security story? This is what we’re excited to work on.
Still-functioning Zoom app, c. 1945 [for sale]
What the Keybase team will be doing
Initially, our single top priority is helping to make Zoom even more secure. There are no specific plans for the Keybase app yet. Ultimately Keybase’s future is in Zoom’s hands, and we’ll see where that takes us. Of course, if anything changes about Keybase’s availability, our users will get plenty of notice.
So, our shortest-term directive is to significantly improve our security effectiveness, by working on a product that’s that much bigger than Keybase. We can’t be more specific than that, because we’re just diving in.
Cryptography for everyone,
How in the world did you do an M&A deal during a pandemic?
So I can keep using Keybase?
Yeah, we’ll be in touch if anything changes with Keybase. There’s a pending release with much improved team management in it, which we’d been holding off on while distracted with this deal. That will ship shortly.
Oh, and make sure to install ZoomBot, which lets you start a Zoom meeting from your Keybase chat, if you’re a Keybase user. 🙂