The keybase client went from a small CLI to a persistently connected app that ties into a filesystem, cryptocurrency platform, chat ecosystem and more.
Nothing is free. Adding features takes up resources, adds complexity and errors and increases attack surface. Sometimes that's an OK tradeoff - I like being able to see images in my email client. Sometimes the tradeoff is not worth it - my text centric IDE has no business touching database files.
That's fair, my question was more about the cryptocurrency feature specifically. "General bloat" I can understand, if you only care about the keys.
It seems to me, though, that the key part is just the first step in an entire featureset: Once you have a reliable way to get trusted encryption keys for any person, you can build a whole lot of useful functionality on top of that, which is what they've been doing.
Personally, I wouldn't have much use for just the key exchange, and I really like the encrypted chat/repos/files/etc on top, but I can understand different preferences there.
The entire cryptocurrency airdrop thing has caused lots of noise, triggered campaigns to try and hack/social engineer accounts that would qualify the attacker to grab more cryptocurrency, ... It makes it vastly less likely I'll recommend Keybase with those associations, which diminishes the value of the "key part". (Not recommending it both because it makes me question the long-term priorities of the product and because I don't want to explain why I'm recommending "weird cryptocurrency-stuff", which is the impressions others could have)
Isn't Keybase built exactly for this though? To be able to look at the connected accounts/proofs, and know that a given Keybase user has proven control of those accounts? An attacker looking for crypto may have hacked someone's HN or GitHub. However, with Keybase, you can establish someone you want to talk to has linked their Twitter and their web domain and the like, whereas an attacker probably does not have access to all of their various identities around the Internet.
Keybase promised to give out free cryptocurrency to everyone who linked an existing Github and HN account, which lead to an attack wave on such accounts from people wanting to claim that: https://essays.suryad.com/hnhack/
If you are an identity service and do things that paint a target on others online identities, causing attackers to want to link my account with their fake accounts on your service for profit, you have an image problem. Similarly, that's not something I particularly want important services to be funded through long-term.
It would be possible to build an ignorable cryptocurrency feature, and if that had been the case, I probably wouldn't have noticed or cared. Instead Keybase tied into the launch of a questionable currency which involved giving the currency to people as a marketing tool and then resulted in a spree of attackers, disclosure attacks and other problems.
There's a difference between "Hey, we've built in a small wallet feature" and "Congratulations user, we've now given you 200 Lumens of tax liability and sent you marketing emails disguised as information, please prepare for a horde of hackers. Also we've fussed with your keys to make this new feature work. Thanks!"
I haven't found a use for it yet, but I'm not upset that they gave me money. It's the only crypto I've ever owned, but it's mine I guess?
Also, my understanding is (at least in the US) that you don't need to declare gifted cryptocurrency until/unless you realize it's value by either selling it or sending it to someone else as payment for a service.
Nothing is free. Adding features takes up resources, adds complexity and errors and increases attack surface. Sometimes that's an OK tradeoff - I like being able to see images in my email client. Sometimes the tradeoff is not worth it - my text centric IDE has no business touching database files.