- Keybase is a popular end-to-end encryption tool that offers a browser extension as well.
- AdBlock Plus developer Wladimir Palant discovered that the browser extension offers no real encryption capability.
- Although the problem can be technically addressed, Keybase is apparently not too keen on solving it.
Keybase is a popular collaboration tool used to encrypt messages from the sender to the recipient. The service also offers a browser extension that adds a ‘Keybase Chat’ button to the profile pages on social networking sites such as Facebook, Twitter, and Reddit. According to the FAQ section of the Chrome and Firefox Keybase addon, it works by sending the data to the locally installed desktop client, which then encrypts the message before sending it through the chat. Apparently, not all is well with the Keybase browser addon.
This defeats the whole purpose of having an end-to-end encryption in the first place. According to Palant, using an iframe in the webpage should be able to isolate the extension from the webpage and other installed extensions. But Keybase apparently is not interested in Palant’s suggestion and simply gave a nonchalant reply stating that there are issues in getting iframes to work.
Palant advises all those who use the Keybase extension to uninstall it at the earliest. While the actual desktop client itself might walk the talk, users should still be wary while sharing sensitive information.