That is very cool! You don't need to "have" my public GnuPG key, or even know where to get it. Because Keybase provides and verifies it. On the other hand, there's the risk that the extension would also encrypt to a malicious key. Which would allow Keybase or another adversary to read messages. But then, Enigmail could also be going that Someone ought to check, in any case.
Truth Another advantage: You can not disclose which key(s) it's encrypted to. Code: --hidden-recipient name -R Encrypt for user ID name, but hide the key ID of this user's key. This option helps to hide the receiver of the message and is a limited countermeasure against traffic analysis. If this option or --recipient is not specified, GnuPG asks for the user ID unless --default-recipient is given. It's too bad this isn't an Enigmail option. You can set a particular hidden recipient in the GnuPG config file, but not (unless I've missed something) the use of hidden recipients generally, by default.
Keybase Browser Extension Could Allow Sites to See Messages https://www.bleepingcomputer.com/ne...-extension-could-allow-sites-to-see-messages/
Yeah, this is bad The Chrome/Firefox extension is labeled as "NEW" on the download page. If these allegations are correct, it ought to be clearly labeled as "insecure". I'm quite disappointed in Keybase. They have not handled this at all well And BTW, I also don't like the option of uploading private keys. I mean, no sane person would ever do that. It's not that hard to copy keys to multiple devices, if that's really necessary for your work flow. Me, if I used mobile devices, I'd use dedicated keys, because those things are so readily pwned.