Zoom aquires Keybase:
https://blog.zoom.us/wordpress/2020/05/07/zoom-acquires-keybase-and-announces-goal-of-developing-the-most-broadly-used-enterprise-end-to-end-encryption-offering/
You read that right! Now to find the list of all people who were badgering me to set-up a Keybase account...
Consider the following:
1. #Zoom, a company with bad security track record and murky ownership now has clandestine supply-chain-attack capability on #Keybase, and
2. Keybase is used by a lot of people to sign their #git commits and whatnot.
Therefore:
3. Zoom, a company with bad security track record and murky ownership now has potential supply-chain-attack capability on a lot of software whose git commits are signed using keys that touch Keybase.
@rysiek i'll do you one better: pretty much every single mac developer uses homebrew (which is spyware, but that's separate). homebrew gets its package database (including the hashes of the source tarballs it builds) from github. microsoft, a large us military contractor and eager participant in us hegemony/surveillance state/PRISM/et c owns github.
homebrew autoupdates.
the US military (via microsoft via github) has optional RCE on pretty much every mac developer's workstation if they want it
