Working on the Keybase Browser Extension

An adventure of iteration and some fun technical details.

Super quick: what is Keybase? Keybase verifies identities and provides secure chat and file sharing. Is shazow on Twitter the same person as shazow on Github? You can find out on Keybase.

In March, we brainstormed a bunch of ideas for a Keybase browser extension and we got to work.

The first idea: A “keybase chat reply” button in Reddit threads.

😂😂😂

Overall, it went okay. The scope of the idea was well-contained and it allowed me to instrument the pieces needed for interfacing between the browser and the Keybase service. We decided to use the browser’s Native Messaging API to speak with a small process which issued commands to Keybase (more details later).

Of course, the same week we were releasing this first version, Reddit announced that they’re working on a full rewrite of their web frontend which would inevitably break the extension. 😒

The next idea was to move the chat widget into a less fragile place, the Chrome extension menu:

Much less brittle, and pretty swanky. And while we’re at it, it also worked in places other than Reddit. Anytime you visit a profile on a site that Keybase supports, the icon will light up and you can click it to open a chat widget.

I’m a big fan of the Chrome extension menu, nasty rendering bugs aside. It lives in its own context so websites can’t hijack, interfere, or spoof it.

Building on top of the extension menu, I prototyped a feature which passively queried Keybase whenever a profile was visited. If the profile had a Keybase account then the extension icon would light up. The idea was to increase the social proof impression of profiles which are also verified on Keybase. It doesn’t feel quite right yet, so it’s not enabled by default for now.

Most recently, we launched a new version which adds “Keybase Chat” buttons to all profile pages in general—not just Reddit threads!

The tagline for this release is “a secure chat button for every profile.” A compelling premise. I liked Filippo’s take on it:

And that’s where we are today. As you can tell, this has been a very iterative process and we still have some ideas we need to try. For now we only support Chrome, but other browser support will come once things settle down a bit.

Do you use Keybase and Chrome? Grab the extension here.

Technical details for the curious

Source Code

The code for the extension (and all of the Keybase clients in general) is all open source under the BSD 3-clause license.

Native Messaging

We use the NativeMessaging browser API to safely communicate with the Keybase service that is running on your computer—this is why you need the Keybase app to use the extension. NativeMessaging works by running a whitelisted process (kbnm, written in Go) and communicating over STDIO. We whitelist the extension ID and binary path when the Keybase app gets installed. Other extensions can’t connect to it unless an explicit whitelist for their extension ID also is written to disk.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.