In this current digital era, there is an obvious desire for the common person to protect their online activity. There are a lot of people in the crypto-building community who believe adding encryption to already existing software tools is the best solution for online protection. Cryptocat offers a simple interface, marketed towards people who want online security without having to understand the nuts and bolts of it.
Cryptocat is an open source web and mobile application intended to allow secure, encrypted online chatting. It encrypts chats on the client side, only trusting the server with data that is already encrypted. It is offered as an app for Mac OS X or as a browser extension for Google Chrome, Mozilla Firefox, Apple Safari, Opera and as a mobile phone app for iPhone. The developer of Cryptocat is Nadim Kobeissi, who began developing the software at the age of 20, while in college.
Even though the software is fairly straightforward, the history of it and its creator have been quite rocky. Kobeissi was trying to make security software that would be an easy tool for the masses to use, even though security software is known for being something that is almost impossible for non-experts to use. He used a simple site with 80’s themed icons to draw in users who had never been able to understand encryption software, and he was successful in that endeavour. But the software was still experimental and was filled with security problems, which Kobeissi received a lot of harsh criticism for.
Matthew Green, a cryptographer and research professor at Johns Hopkins Information Security Institute, comments “Early versions of Cryptocat really did contain some nasty things. Even the most recent versions took a minor beating in the recent security audits. You could do things like join a chat using the same name as a user who recently dropped off, and Cryptocat would happily let you take their place.”
Kobeissi admits that, in hindsight, the release of the software was probably premature: “I think the project could have spent more time in incubation, although since I was developing it as a curious university student at the time, that simply wasn’t a part of the process.”
Currently, he is dedicated to working on Cryptocat full-time. “The project has matured into something very different that what it was.” Matthew Green said, also giving credit to the abilities of Kobeissi, “Despite those issues [Kobeissi] is kind of a genius when it comes to solving the most important problem in our field: deploying usable crypto.”
Cryptocat on Facebook still has one large and undeniable flaw that Cryptocat doesn’t have on other plaforms. Facebook still has access to their users’ metadata such as when they are connected, where from, who they talked to, and how long they talked. On this topic of Facebook, Koebeissi says, “Traditional Cryptocat group chats are still supported. If you don’t want buddy lists, you can still use the traditional group chat mode…this encrypted Facebook chat feature is made for people who are already giving Facebook their contact list. If they’re already giving Facebook the list, what’s the harm with Cryptocat using it to grant you an extra layer of protection?”
It will be interesting to see how Cryptocat continues to develop, as well as other similar software, all with the aim of helping the people maintain their online privacy from the government and private corporations.