I searched Keybase.io for a contact page, and then I raised this topic to @malgorithms who suggested I take my questions to GitHub, so I'm starting this thread.
I'm concerned about the open nature (and no option to close) access to both my chat and KBFS. There is no request and approve/deny flow.
Problem
Right now any Keybase user can create a shared folder with me, without asking first. This will send me a notification, and if I navigate to that folder on my machine, the files will automatically download.
(Update: As noted in a comment below simply lsing the directory won't download all the files in the folder. It would require an actual read of the file to do so.)
According to the documentation:
“Filesystem” means that there is no sync model -- files stream in and out on demand.
This is probably a fine process for people I know and trust. But the way Keybase is currently designed, any user can initiate this. This is a problem if a user wants to be malicious. What happens if a user wishes to fill a folder with malicious or abusive or illegal files?
Best case scenario: I resist the temptation to navigate to that directory on my machine. But there's now a folder with both my username and my access rights full of these hypothetical malicious or abusive or illegal files. I can use the UI to ignore the folder only as a reactionary action. I'm not convinced that's an adequate solution under a potential abusive situation, especially if there are multiple abusers (this is a problem Twitter has spent years trying to address, and is still working on).
Worst case scenario: I navigate to the folder and now these hypothetical malicious or abusive or illegal files are downloaded to my machine. I can then use the UI to ignore the folder, but as mentioned above, this solution seems problematic.
A similar issue arrises with chat: Anyone can initiate a chat with me. They can be abusive, spammy, or even send me illegal/offensive content. My only option is to ignore the user after the fact.
Furthermore, I'm concerned about Keybase's ability to help in an abusive situation. Since everything is encrypted end-to-end, how would Keybase step in?
Solution?
This is likely not a trivial solution to implement technically, but I think it's worth considering a "Friend" model. Keybase already has the concept of "following." As a user, I would like to be able to have a request and allow/deny flow when someone wishes to "follow" me. Or, perhaps a situation where we must be mutual followers in order to do certain types of communication.
Something like that would create an explicit social network of trust. Eg: "Since we both follow each other, it's reasonable to say we agree to receive files or message from each another."
Since my Keybase profile is public, (unlike email or other social networks) and since end-to-end encryption would prevent Keybase from implementing content filters for spam or abuse (again, unlike email or other social networks) it seems like giving users at least the option to gate access to their chats and files would be positive if not necessary.