2. I don't think nested anchors are valid HTML. Try injecting your links after the username link, not inside it. And the underline between each icon on hover (in Firefox on HN pages at least) looks horrible.
3. All those icons look messy. Why not collapse into a single keybase icon which maybe opens a tooltip with more details when you click on it?
You probably want these icons at 50% opacity to match existing styling of the block.
Also, as others have noted, it makes the page look overly busy with secondary items, so they are probably best kept hidden by default, shown on hover and fronted by a single (smaller) icon, like a checkmark. That is, you hover over the checkmark - you see it expand into the list of icons.
Nice job with the icons, but I'm seconding replacing all those icons with a single keybase icon and an on-hover / on-click popup. It really does get busy; my username has 8 extra icons next to it.
I'd still love if those icons/links were actually hidden in a popup and not removed altogether - they serve a nice discovery purpose for peoples' Github / FB / Twitter accounts and personal websites (inb4 privacy - this is already public info for HN users if you put a keybase proof in your profile, just usually requires extra two clicks to get to).
EDIT: just installed on mobile. Works great, but the clutter introduced by the icons is extra pronounced on the phone.
Awesome! And again, thanks for this project. It's great, and exposes a somewhat hidden aspect of this community - a slow Keybase infiltration :). I haven't seen any other project requiring you to put something in your HN profile that would get so much traction.
The site icon is redundant though. Keybase wouldn't appear if they weren't verified on the site. If you meant "website icon" then that doesn't resolve the "mess" for people with multiple site proofs - I already have two and might be getting a third one soon. I know a few people who have four or five.
The as-a-dropdown-from-Keybase is probably the best solution.
It looks like the manifest specifies permissions for https://keybase.io/_/api/1.0/*; you may want to make it a bit more general because if you ever need to bump the API version, Chrome will (sensibly) disable your extension until the users has accepted the new permissions.
Yeah, I agree it's definitely a good security practice of Chrome. On the developer side of this, though, it definitely can lose you a lot of users pretty quickly if you add new permissions at any point, so I think it's important to carefully consider permissions before launching an extension.
For my Chrome extension[1], a change[2] in the Airbnb URLs that it runs on caused a significant spike in uninstalls[3] just because it probably scared people a bit. Not a huge deal or anything. Just wanted to share my experience with this stuff.
Interesting. I'll probably add some form of github and/or reddit support in the future, and I don't feel comfortable adding those URLs unnecessarily, so at somepoint there will be permissions updates anyway ¯\_(ツ)_/¯
Being able to display a custom message along the permission update request would be great, just like how GitHub does it for apps.
Requesting additional permissions without an explanation accompanying it can cause confusion, users may think that the request is unwarranted, or that there is something wrong with the extension. They may also decline it out of habit, given how extensions are auto-updated during the browser session, and the request seemingly pops out of nowhere.
See the version adoption[0] for one of my extensions, 1.1.0 has requested additional permissions. This may be problematic when you are trying to deliver a critical update that requires new permissions.
I think chrome has an API for requesting permissions, instead of having them part of the extensions manifest. This means you can present custom prompts and such before the chrome prompt.
Yeah, I think that's the right way to do it. You don't really want to add entire domains that your extension does nothing with yet. Though in hindsight, I should have just found all the Airbnb subdomains, TLDs, etc. up front because my extension was intended to be used throughout all of Airbnb, if that makes sense.
I wanted a more pseudo-anonymous form of this, which is why the message board I built is invite only (still pretty new). I think if you prune bad inviters, you can build a really high quality user base that is still mostly anonymous (depending on their username).
Still very early stages, https://filigree.app if you'd like to check it out. Invite code kris-75c23bae7837 if you want to register.
Edit: quite a few people registered, so I'm deactivating that invite code.
Sorry if I wasn't clear, I think it can be fairly anonymous if you're careful. Keybase requires an email to register, which can of course be made anonymous but it's still a small hurdle.
Urbit has an identity hierarchy too, though I don't think they've implemented the related banning systems of getting rid of the bad 'inviters' along with their children invitees when too many people from that part of the network aren't good. You might find more inspiration from their system, in particular the scarcity aspects.
Hello. Would you happen to have another invite code that can be used? I just came across this and would love to register/check out what you have. Thanks.
I wasn't aware of keybase before seeing this. I really like this extension and keybase. Now I'm curious as to how difficult it might be to get my work to switch from slack.
The badges for dschep are not displayed on HN's homepage while petethomas' are. They are displayed correctly on the comments page and dschep's profile.
Edit: The issue is intermittent and it seems to be about displaying badges after the first user on every page; the first user will have their badges displayed correctly while the rest mostly won't.
Apart from that this is a great little extension. I especially like that it only asks for access to the sites it's known to work with, rather than blanket access.
The only thing preventing me from using this is it makes UI's very cluttered, especially in scenarios with a lot of verified users. I only care about the Keybase verification as from there I can check for the rest. Hovering Keybase would provide an interface to show the rest. I see there's an issue to change the UI so I look forward to that - so I guess I'll wait.
E: It's very cluttered in this thread, for example [0]. Also, in Chrome, a users' verified websites don't appear - they do in Firefox.
Since the biggest complaint has been about clutter, I've added an option to show only the keybase badge. Update to v2.3.1 once Chrome Web Store & Firefox Add-ons updates are pushed/approved!
Now, I wonder how Keybase decides which services to allow verification through, and if they plan to expand the list further. I've already verified everything except cryptocurrency stuff, and there are couple more things I'd love to (like Mastodon).
Social proofs will become more valuable (imho) as we move toward a Web3.0 hybrid identity model where the identity layer, data layer, and application layer are seperate and we have taken ownership of our personal data. Keybase, Blockstack and others working on the Web of Trust concept, are establishing the means for us to prove ownership of our social media accounts by cross posting uniquely identified tokenized messages which link back to provable account owners. This is one way towards solving "fake news", and introduced attribution and attestation across multiple identities. The more accounts you've linked and proved, the more trustworthy your communications through those channels.
I know someone with this scenario: they pissed off someone years back, and that someone made a twitter account pretending to be them, which despite lack of activity in years still ranks on the first page when searching their full name. Twitter does nothing about it. Friend doesn't even use Twitter, has an account that's "private" but not really anything in it. Solvable longer term with SEO/twitter participation but it's not ideal. Sometimes you just want to make clear that someone pretending to be you is not you, and if social media and search companies can take that into account, all the better.
Something like this happened to me. I couldn't think of anything else to do, and didn't have much on my resume at the time, so I changed my name to something common enough that there's hardly any chance Google will find me.
I don't care to prove to anyone who I am (hence pseudonymous) - however I do care to prove what I say. Being able to prove I am who I say I am allows me to also prove what I say is what I say. I'm not particularly famous - but in a few social circles I have authority. Enough authority that it is important that people are able to verify within good measure if it was really me who said something or not.
It's the other side of the equation that is more important to me. I want to know if someone who is claiming to be a well known person is actually that person. If someone comes in here and claims to be the inventor of redis, I want to know that they actually are.
One use case I can think of: someone claims to be the author of a well known library. With their github account proven, that's pretty easy to establish.
Having the Keybase link/proof in profile lets you prove identity without changing the site. It's worked fine so far. It's also how I found out about Keybase.
This is awesome - I was actually in the middle of building something similar (but not using Keybase for verification... that would have been so much better than rolling my own).
I have no idea how hard it is to build an extension for Safari, so I don't know if this is a huge request or a simple request, but: Will you have it available on Safari?
(Alternatively, anyone have a good guide on building my own safari extensions from a Firefox/Chrome extension? My two minutes of Googling yielded nothing useful.)
I guess it removes an extra step, but is it all that useful to have every icon appear everywhere?
For instance, instead of having the Facebook icon appear by a user's Twitter name, couldn't a single icon show they're Proven for Twitter and link to their Keybase where I can see all their Proven identities, including Facebook?
[Twitter account] being proven by [Twitter account] kinda defeats the point. You'd want, at a glance, to be able to tell that this account has been linked and proven to belong to all of these other accounts, on these other independent websites.
> * extensions are easy to unpack & view the source if you don't trust I'm not tampering the extension before upload
Surprised browsers plugin centers (stores?) don't let you just put your github repository and build your extension depending on a given branch (or tags) and then informs the user that the extension was directly pulled from GitHub or other version control sources (and provides a direct link) it would be a little more interesting.
1. Add rel="noreferrer" to the links you inject.
2. I don't think nested anchors are valid HTML. Try injecting your links after the username link, not inside it. And the underline between each icon on hover (in Firefox on HN pages at least) looks horrible.
3. All those icons look messy. Why not collapse into a single keybase icon which maybe opens a tooltip with more details when you click on it?