The browser extension for the Keybase app fails to keep the end-to-end encryption promise from its desktop variant.
Keybase is a communication and collaboration application focused primarily on securing the traffic from source to destination through public-key cryptography.
Wladimir Palant, the maker of popular
AdBlock Plus content filtering tool, looked at how the web extension for Keybase works and noticed that the messages it sends are exposed to third-party JavaScript code.
The extension adds a "Keybase Chat" button into profiles pages for Facebook, Twitter, GitHub, Reddit, and Hacker News. Clicking on the button opens a chat window where users can type their message.
