What's your background, and what are you working on?
I’m Max Krohn, CEO and co-founder of Keybase. I received a PhD in computer science from MIT in 2008, focusing on operating systems and security. Before grad school, I co-founded SparkNotes with my classmates Chris Coyne, Christian Rudder, and Sam Yagan. Then we started OkCupid while I was in grad school and sold it in 2011. A few years later Chris and I started Keybase.
Keybase makes public key cryptography streamlined and available to anyone. We provide easy-to-use public key management plus identity verification based on your social proofs. On top of this foundation, we’ve also built encrypted chat, file sharing, and Git on a single platform that works across all of your devices – so, you can think of us as Slack/Dropbox combined and encrypted (or Signal with support for large groups). Keybase is for collaboration and our users’ teams range in size from 2 to 5,788 (and counting). Our users are a diverse bunch: we’ve got engineers and programmers who value encryption, IT staff who have to share and protect sensitive data, journalists, cryptocurrency enthusiasts, academics, and regular internet users.
Our first round of funding was $10.8mm in 2015 from Andreessen Horowitz, led by Chris Dixon. In 2018, we entered into a partnership with the Stellar Development Foundation (SDF), the makers of the Lumens cryptocurrency. While I won’t say exactly how much revenue that partnership generates, I will say that it’s several years’ worth of our operating expenses and we expect it to carry us to the point of executing a long-term, sustainable revenue model. We also just began a long-term airdrop with SDF. As part of our partnership with them, we built a noncustodial Lumens wallet and we’re putting it to use now by helping SDF carry out their mission of distributing Lumens to humans.
To date, we’ve been fortunate to have steady growth based on word of mouth alone (with a nice boost from the airdrop so far).
What motivated you to get started with your company?
When my co-founder Chris Coyne and I were working on OkCupid, we were surprised by how willing our users were to entrust their most deeply personal data to the site. We had good reason to collect that data – so we could match people – but we spent a lot of time and effort thinking carefully about how to best protect it. We knew that privacy would be a growing concern because, at that time, people hypothetically knew that the internet wasn’t secure, but they also widely believed that individuals didn’t have the wherewithal or interest to exploit the insecurities. Fast forward to around the time of the Snowden revelations – a time when everyone began to realize that if it was hackable, it would be hacked – that’s when Keybase was officially conceived.
On a fundamental level, Chris and I believe that people have a right to their personal data and privacy - truthfully, I think many of us would care more if our data was made public than if our physical property was stolen – as well as the right to delete it. With unencrypted data in the cloud, it’s very hard for a company to guarantee that the data is gone forever because of the practical needs of software running a website or app. But for encrypted data, if you throw away the key, you have more certainty that the data is permanently unavailable.
What went into building the initial product?
After we left OkCupid in 2012, Chris and I rented space in General Assembly, a bootcamp-style academy which at the time was a co-working space. We spent about a year working on different programming projects, one of which was a PGP public key directory. We named that directory Keybase and made it live in early 2014. We got a lot of traction immediately – it went viral on Twitter for about a month or so because at that time, in order to use Keybase, you had to tweet about it. Keybase was especially popular in the tech community because it made PGP easier and more social, with a better interface. Start to finish, the initial prototype took about 3-4 months to make.
Post launch, we saw some initial VC interest but actually decided to put Keybase on the backburner to work on our other interesting projects for a few months. But during that break, we had this realization: the mechanism for advertising that your public key was owned by X user on Twitter and Y user on Reddit could be a lookup, and we could make it so that you could share content with other internet users via their usernames even before they had joined Keybase. When we had that realization, we knew Keybase would be interesting to work on and to build into a real company. So, we decided to raise an A round.
How have you attracted users and grown your company?
Almost all of our growth has been by word of mouth. We had a core group of early adopters who thought our key management system was useful and interesting. They signed up back in 2016 and 2017 when there wasn’t much to do on Keybase yet. Our newer users are largely drawn to our platform because of our chat product. They come individually and start or join teams for their work or personal lives.
So far, we’ve done no marketing, advertising or SEO, and we’ve done minimal social media – it’s similar to how we operated at OkCupid. It’s been our experience that the ROI on marketing and advertising spending is pretty low. The majority of our efforts go into our blog posts, and those usually attract attention on Hacker News.
The airdrop we announced with SDF earlier this month has brought a bunch of new users, as well as reengaged our early adopters, many of whom might not have known about our newer features. We hope they all stick around and bring their friends with them.
What's your business model, and how have you grown your revenue?
Our Series A was from Andreessen Horowitz in 2015. That money lasted us until about 2018, when we would have done a Series B. But instead of doing a Series B, we were lucky enough to enter into a multi-year partnership with SDF. We’ve been able to make our money last because we try to keep our expenses low on most fronts. For example, we’re in a WeWork instead of building our own space. We spend on hiring and supporting the best people we can find to build Keybase. Chris and I are still very much involved in the day-to-day engineering. *Fun fact: We have only one employee who’s not an engineer or designer.
Our future plan to monetize is based on a freemium model – similar to how we monetized OkCupid, except Keybase won’t have ads. For the time being, we’re really just focused on getting as many users as possible. When we reach a point when we need more revenue, we’ll start charging our corporate users for certain features.
What are your goals for the future?
When we started Keybase, the first thesis we were experimenting with was that people wanted to have a public way to advertise their cryptographic identity, and that hit a lot of traction really quickly. Some feedback we got from early adopters was that they weren’t comfortable doing this on the web because there was no “good place” on the web to store secrets. The whole security system was only as strong as people’s passwords. We made Keybase to be a foundational infrastructure that doesn’t exist on the web: a good public key directory for looking people up, and a good system for managing people’s private keys.
Our overarching goal is to have as many people as possible use Keybase. We want our users to talk about us, recommend us and bring their friends and family to us. But it’s always been our belief that when regular internet users choose Keybase, it won’t be because our security model is the best one available. It will be because we look and feel like the best chat and filesharing app out there. So, that’s what we’re becoming.
In truth, the majority of people today don’t realize they need this now, but they do. Right now, many of us take our most important documents and communications, and put them on the cloud in plaintext. Providers do the best they can to keep our information gated, but if there’s a bad actor inside the company, then all our important information can be made public. This true of Google, Facebook, Slack, etc. We believe everyone needs encryption in the same way they need a door lock and we firmly believe that over the next 10 years all our internet services will be built on something like Keybase. Anything that’s even remotely sensitive will be encrypted when it goes onto the cloud and decrypted only on the other side with the aid of a key management system like Keybase’s. That’s our grand vision of the future.
Because it’s not enough to explain why public key cryptography and key management are so crucial, Keybase is building useful applications on top of this E2EE infrastructure. We know people need chat and file sharing, so we’re starting with those.
What are the biggest challenges you've faced and obstacles you've overcome? If you had to start over, what would you do differently?
To date, the biggest challenge we’ve had at Keybase is probably a technical one: we need to make the security properties of Keybase work on all five of the major platforms (Windows, Linux, Mac, Android and iOS). The reason we have to support all these platforms is because Keybase is inherently a social product, so we’re never going to be successful if we only work for some computer users. Also, because what we do is cryptography, the software we’re building is very complicated. When you think about it, most apps are either glorified web browsers or are driven entirely by the server. Keybase isn’t like that. Our security posture is that your software should treat Keybase as though it could be corrupted at any time. We built Keybase so that your computer is able to discover and flag that if it occurs.
We hire engineers who are versatile and experienced, so we’ve managed to build for all 5 platforms. But we’re in the market for a Windows front end engineer right now if any of you reading are interested!
Have you found anything particularly helpful or advantageous?
For the most part, we learned how to build a company and make software before there was any industry around talking about it. When we started SparkNotes in 1999, for example, the consumer internet was really small and there weren’t any real resources for people building a startup. Along the way, we learned almost all our lessons the hard way. It felt a lot like the Wild West: nobody was doing any high-level thinking about methods and systems.
OkCupid, on the other hand, launched during a dark time for internet businesses. So many startups had been burned 2-3 years before. There just weren’t books or podcasts to help. But soon people like Paul Graham, founder of Y Combinator, started the conversation to educate people about the mechanics of building a company.
What's your advice for entrepreneurs who are just starting out?
Everyone likes to think of immediate success stories like Instagram, but virtually no startups are like that. In general, startups rarely succeed or fail within the expected timeframe, which means that you’re likely going to have a lot of setbacks that will cost you months, even years, when it’s not going that well. So, the project has to be something you love to work on – something meaningful to you. If you’re just doing it to make money, enduring the tough years is going to be really hard.
At Keybase, we’re happiest in small teams because that means Chris and I get to keep working on the product itself. We’ve never embraced the Uber model where you grow as big as you can as fast as you can and cycle through lots of funding rounds. When we sold OkCupid it was about 30 people, maybe half of them engineers. Keybase is a bit smaller and even more skewed to engineers.
Where can we go to learn more?
Here’s the Keybase blog and my personal Twitter if you’re interested in learning more, and please feel free to post any questions you may have in the comments!