Type: Encrypted messaging and file sharing platform
Access: Tor Browser or desktop/mobile app
Account required: Yes — free
Clearnet version: keybase.io
Open source: Yes
Acquired by: Zoom — May 2020
Last verified: March 2026
What Is Keybase?
Keybase is an open-source platform that combines encrypted messaging, file sharing, team collaboration and cross-platform identity verification. Its defining feature — the one that distinguishes it from Signal, ProtonMail and other encrypted communication tools — is its ability to cryptographically prove that a Keybase account is controlled by the same person who controls specific accounts on other platforms.
If someone on Keybase claims to be a specific journalist, security researcher or public figure, you can verify that claim by checking cryptographic proofs they have published on their Twitter, GitHub, Reddit, personal website and other platforms. This makes impersonation significantly harder — an attacker cannot simply create a Keybase account with someone’s name and claim to be them without also controlling their other accounts.
Onion Address
Clearnet version: https://keybase.io
Verification: This address is published in Keybase’s official documentation and has been stable since launch.
How to Access Keybase via Tor
Option 1 — Via Tor Browser
- Download Tor Browser from torproject.org
- Set security level to Safer — Keybase requires JavaScript
- Paste the .onion address into the address bar
- Create an account or log in to your existing account
Option 2 — Desktop app via Tor
- Download the Keybase desktop app from keybase.io
- Configure Tor as a proxy in Keybase’s network settings
- All Keybase traffic routes through Tor
Recommendation: The desktop app provides a significantly better experience than the web interface. Configure it to route through Tor for the best combination of usability and privacy.
Key Features
| Feature | Details |
|---|---|
| End-to-end encryption | All messages and files encrypted by default |
| Identity verification | Cryptographic proofs linking Keybase to other platforms |
| Encrypted file storage | 250GB encrypted cloud storage — personal and shared |
| Team chat | Encrypted group messaging with channel organization |
| Git repositories | Encrypted private Git repos |
| Cryptocurrency wallet | Stellar (XLM) wallet built in |
| Open source | Fully auditable code on GitHub |
How Identity Verification Works
Keybase’s identity verification system is its most distinctive feature. Here’s how it works in practice:
- You create a Keybase account and generate a cryptographic key pair
- You prove ownership of other accounts — Twitter, GitHub, Reddit, your website — by posting a cryptographically signed statement on each platform
- Anyone can verify these proofs independently — they don’t need to trust Keybase, they can check the signed statements on each platform directly
- When someone looks up your Keybase profile, they see verified links to all your other accounts
The practical result: if a journalist publishes their Keybase username, you can verify that the Keybase account belongs to the same person who controls their verified Twitter, their GitHub commits and their personal website — without trusting any central authority to make that claim.
Keybase vs. Other Encrypted Communication Tools
| Feature | Keybase | Signal | ProtonMail | Session |
|---|---|---|---|---|
| E2E encryption | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes |
| Phone number required | ❌ No | ✅ Yes | ❌ No | ❌ No |
| Identity verification | ✅ Cross-platform | ❌ No | ❌ No | ❌ No |
| File storage | ✅ 250GB | ❌ No | ⚠️ Limited | ❌ No |
| .onion address | ✅ Yes | ❌ No | ✅ Yes | ❌ No |
| Open source | ✅ Yes | ✅ Yes | ⚠️ Partial | ✅ Yes |
The Zoom Acquisition — What It Means
In May 2020, Zoom acquired Keybase. This is the single most important fact to know about Keybase’s current state and its suitability for sensitive use.
Zoom purchased Keybase primarily to acquire its end-to-end encryption expertise for use in Zoom’s own products. Since the acquisition, Keybase development has slowed significantly — new features are rare, bug fixes take longer and the team that built Keybase has largely moved to Zoom-related work.
More significantly, Keybase is now owned by a company with a documented history of privacy problems. Zoom faced significant criticism in 2020 for routing calls through Chinese servers, falsely claiming end-to-end encryption and other security issues. Whether Zoom’s ownership of Keybase creates actual privacy risks for Keybase users is debated — the encryption architecture has not demonstrably changed — but the ownership change represents a meaningful shift in the trust calculus.
Practical recommendation: Keybase remains a technically sound tool for its specific use case — cross-platform identity verification and encrypted communication with verifiable contacts. For users whose threat model includes Zoom or US corporate data access, the acquisition is a meaningful concern. For lower-stakes use — verifying a journalist’s identity, coordinating with a known team — Keybase remains functional and useful.
Best Use Cases for Keybase
Verifying journalist or researcher identities. Before communicating sensitive information to someone claiming to be a specific journalist or researcher, verify their Keybase profile. If their Twitter, GitHub and personal website proofs all check out, you can be confident you’re talking to the right person.
Team coordination with encryption. Small teams that need encrypted group messaging, file sharing and collaboration without a commercial SaaS provider can use Keybase’s team features. The encryption is sound and the file storage is generous.
Encrypted file storage. Keybase provides 250GB of encrypted cloud storage that the company cannot access. For storing sensitive documents that need to be accessible across devices, this is a meaningful feature not offered by most encrypted messaging tools.
Secure code collaboration. Keybase’s encrypted Git repositories are useful for developers working on sensitive projects who need version control without exposing code to commercial Git hosting providers.
Keybase’s Limitations
Zoom ownership. As discussed above, the acquisition changes the trust model for users with strict threat models.
Slowing development. Keybase has not received significant new features since the Zoom acquisition. Long-standing bugs remain unfixed. The mobile apps in particular have received limited maintenance.
Account required. Unlike Session or Briar, Keybase requires account creation. This links your communication activity to a persistent identity — intentionally, since identity verification is the point, but this may not suit all use cases.
Stellar wallet integration. Keybase includes a built-in Stellar (XLM) cryptocurrency wallet. This feature has attracted spam and unsolicited cryptocurrency transactions from other users. It can be ignored but cannot be fully disabled.
Frequently Asked Questions
Is Keybase still maintained after the Zoom acquisition?
Keybase continues to function and receives security updates. Feature development has essentially stopped — the platform is in maintenance mode rather than active development. For most use cases this is acceptable, but users who need a actively developed platform may prefer alternatives like Signal for messaging or a self-hosted solution for file storage.
Can Keybase read my messages?
No — Keybase uses end-to-end encryption for messages and files. Keybase’s servers store only encrypted data and do not have access to the encryption keys needed to read content. This architectural guarantee is unchanged by the Zoom acquisition — changing it would require a fundamental redesign that Zoom has not attempted.
How do I verify someone’s Keybase identity?
Navigate to their Keybase profile — either via the app or the web interface. Click on each verified identity to check the proof on that platform. For example, clicking their Twitter proof navigates to a tweet from their Twitter account containing the signed statement. If you can see the tweet from the account you expected, the proof is valid. This verification can be done independently without trusting Keybase.
What is Keybase best for in 2026?
Identity verification and encrypted team collaboration for groups where members are known to each other and can be verified via cross-platform proofs. It is less suitable for anonymous communication — use Session or Cwtch for that — and less suitable for high-stakes source protection where the Zoom acquisition creates unacceptable trust concerns — use SecureDrop for that.
Are there alternatives to Keybase with similar identity verification?
The closest alternative is Keyoxide — an open-source, decentralized identity verification system that does not require a central platform. It is less user-friendly than Keybase but does not have a corporate owner with privacy concerns. For messaging specifically, Matrix/Element supports cross-signing for device verification but does not provide the same cross-platform identity proofs as Keybase.