I remember when Keybase first launched years ago. If you, like me, were anywhere near the intersection of privacy advocacy and software development in the mid-2010s, you likely had an account. It was the ultimate geek flex: a cryptographic identity platform that promised to finally make PGP – Pretty Good Privacy – accessible to mere mortals. Fast forward to today, and the platform is rarely mentioned. It still exists, hovering in the digital ether like a ghost ship. But what actually happened to the darling of the cypherpunk world?

The story of Keybase is a textbook example of what happens when open-source idealism collides with corporate crisis management.

PGP for Mere Mortals

To understand the tragedy of Keybase, you have to remember how revolutionary it felt at launch. Founded in 2014 by Chris Coyne and Max Krohn (the same duo behind OkCupid and SparkNotes) Keybase set out to solve a massive usability problem. Public key cryptography was incredibly secure but notoriously annoying to use.

Keybase bypassed the clunky “web of trust” by allowing you to tie your public keys directly to your social media profiles. You could cryptographically prove you were the actual owner of your Twitter handle, your GitHub account, your Reddit profile, and your own domain. Suddenly, you didn’t have to verify identities at a sketchy key-signing party. You could just look someone up on Keybase, trust the math, and send them an end-to-end encrypted message. Over time, the platform evolved into a robust ecosystem featuring encrypted chat, secure Git repositories, and a cloud storage system that felt like absolute magic.

The Magic of the Keybase File System

For developers, the crowning achievement was the Keybase File System (KBFS). It wasn’t just a Dropbox clone; it was a distributed filesystem with a global namespace. On Unix-like machines, it seamlessly mounted to /keybase, and on Windows, it mapped to your K: drive.

KBFS was divided into public, private, and team folders. You could throw a static website into your /public/username folder, and it would instantly be hosted on keybase.pub. If you created a private folder named /private/writer1,writer2#reader1, the system handled all the complex read/write permissions and end-to-end encryption in the background. It even had a built-in “time travel” feature via command line, allowing you to view exactly what a folder looked like at a specific date and time in the past. It was the anti-Slack: private by design, deeply technical, and heavily adopted by developers who wanted control over their data without giving up convenience.

Free Crypto, Spam Bots, and the NSA Conspiracy

When you build a platform entirely around extreme privacy and cryptography, your user base is naturally going to be highly paranoid. This hyper-vigilance came to a head in late 2019.

Keybase had accepted funding from the Stellar Development Foundation and announced a massive airdrop of 2 billion Stellar Lumens (XLM) – worth roughly $120 million at the time – distributed exclusively to Keybase users. While free crypto sounds nice in theory, the execution triggered absolute chaos. The platform was instantly flooded with bot networks farming the airdrop, ruining the signal-to-noise ratio in public chats and spamming the network with malicious phishing memos.

Worse, the integration of Stellar wallets sparked full-blown conspiracy theories on Hacker News and Reddit. Users who didn’t fully read the prompts suddenly found Stellar public keys attached to their pristine cryptographic identities. Because privacy advocates are inherently suspicious, the immediate leap in logic was that Keybase had compromised their security model. Wild claims circulated that Keybase had instituted a backdoor, coercing private keys or secretly working with the NSA to compromise the application. The truth was far more mundane: there was no NSA backdoor, just a clunky UX integration designed to heavily encourage crypto adoption. But in the world of security tools, perception is reality, and trust in Keybase took a permanent hit.

The Zoom Disaster and the Acquihire

Then came the spring of 2020. The COVID-19 pandemic forced the entire world indoors, and a relatively niche corporate video conferencing tool called Zoom experienced explosive, unprecedented growth. It also experienced unprecedented scrutiny. Security researchers quickly discovered that Zoom’s claims of “end-to-end encryption” were largely fictional; the platform was routing keys through its own servers, leaving meetings entirely exposed. The blowback was immediate, severe, and threatened to destroy Zoom’s reputation just as they were capturing the global market.

Zoom needed world-class cryptography experts, and they needed them yesterday. They didn’t want the Keybase app, the community, or the brilliant /keybase filesystem. They wanted the brains behind it.

In May 2020, Zoom outright acquired Keybase in a classic Silicon Valley “acquihire.” The Keybase team was immediately absorbed into Zoom. Max Krohn stated that it was an honor to bring their encryption expertise to hundreds of millions of users, and the stated goal was to fix Zoom’s glaring vulnerabilities. The Keybase engineers successfully built genuine E2EE for Zoom calls, but the cost was the lifeblood of the Keybase platform itself.

The keybase.io page is still up and “looks” active, but it is dead….

The Current State of the Cryptographic Zombie

Since the ink dried on that acquisition, Keybase has been a zombie. The servers are kept running, and you can still log in today. Your old chats are there, your encrypted Git repos still pull, and KBFS still mounts to your drive. But active feature development is completely dead.

The GitHub repositories show only the bare minimum life support – routine dependency bumps and critical bug fixes to keep the infrastructure from collapsing. Features have slowly started to rot; the beloved public web hosting service (keybase.pub) was abruptly taken offline in March 2023. The mobile apps frequently struggle with compatibility on modern iOS and Android updates because the underlying frameworks are no longer maintained.

Cannibalizing Innovation: The Dark Side of the Acquihire

The Keybase story is not an isolated incident; it is a textbook example of the acquihire – a Silicon Valley maneuver where a giant corporation buys a startup not to champion its product, but to harvest its talent. While it’s often framed by PR departments as a massive success story for founders securing a lucrative exit, the reality is far more parasitic. Acquihires are often the graveyard of innovation.

When dominant incumbents buy companies simply to pull them apart and leave their core products to die, the entire tech ecosystem loses. The acquirer neutralizes a potential future competitor while simultaneously hoarding top-tier engineering talent, effectively preventing those minds from building independent, disruptive tools. Years of passionate open-source development, community building, and product refinement are discarded, reduced to a mere stopgap measure for corporate negligence. We are left with a digital landscape where the most promising, boundary-pushing tools don’t grow up to challenge the tech giants – they are just cannibalized to become their cleanup crews.

The Digital Museum

If you have a Keybase account sitting dormant from years ago, it might be worth logging in one last time. Not necessarily to use it for active projects, but to walk through a digital museum of what could have been the foundational layer of a truly secure internet. Just don’t expect any new features – the developers are busy securing your next corporate standup.

I visited my account today – it weren’t pretty but it was a great trip down memory lane. Maybe it is time to redo what keybase was meant to do – make cryptography and secure communications avaliable for everyone.

References & further reading for the nostalgic ones