And, of course, that is the maximalist threat that informs the thinking of people in high-surveillance countries with civil rights issues, as well as cryptosec fundamentalists.īut there is another valid model for other people, along the lines of “my abusive ex-husband/boyfriend is trying to stalk me”. If your model is “the government is out to read your mail”, then no, of course you can’t rely on something like this. Stripping away the irrelevant gender-bias accusations at the beginning of Singal’s piece, I thought he was making a rather nuanced point that has been missed by much of the attending discussion: absent a realistic threat model, there can be no serious discussion of the security of a system like Cryptocat. More generally, your security in a host-based encryption system is no better than having no crypto at all.ĮDITED TO ADD (8/14): As a result of this, CryptoCat is moving to a browser plug-in model. This means that in practice, CryptoCat is no more secure than Yahoo chat, and Hushmail is no more secure than Gmail. I’ll detail it below, but the short version is if you use one of these applications, your security depends entirely the security of the host. Unfortunately, these tools are subject to a well-known attack. The most famous tool in this group is Hushmail, an encrypted e-mail service that takes the same approach. Ryan Singel, the editor (not the writer) of the Wired piece, responded by defending the original article and attacking Soghoian.Īt this point, I would have considered writing a long essay explaining what’s wrong with the whole concept behind Cryptocat, and echoing my complaints about the dangers of uncritically accepting the security claims of people and companies that write security software, but Patrick Ball did a great job:ĬryptoCat is one of a whole class of applications that rely on what’s called “host-based security”. After Wired published a pretty fluffy profile on the program and its author, security researcher Chris Soghoian wrote an essay criticizing the unskeptical coverage. Cryptocat is a web-based encrypted chat application. Someday they could make bypassing National Security Agency intrusion easy and difficult-to-enact legislative reform unnecessary.I’m late writing about this one. The hope is that privacy-centric technology would give consumers more secure options to choose from. A MIT researcher even proposes encrypting genetic information. Jeeves, a programming language in the making, accommodates built-in privacy protocols. The app comes hot on the heels of the Blackphone, which launched pre-orders for its cryptographically-secured phone last week. Innovative developers are feeding this hunger with an array of technologies. 'Two years ago not a lot of people cared,' he comments.
In an interview with Ars Technica last December, Cryptocat developer Nadim Kobeissi said: Privacy developments have been fueled by a newish hunger. Not to mention, Cryptocat has come a long way since repairing a "rookie" cryptographic mistake made last year. Private communications have come a very long way since cypherpunks organized an esoteric email group focused on discussing the technical aspects of encrypted communications in the 90's. Cryptocat has been a main player in this movement. Developers have been struggling to make secure communications, of all sorts, more user-friendly. One might think securing information would be a cinch, but secure communications require complex cryptography. It took Cryptocat a year to transit to a mobile app. According to The Verge, the servers are stored "in a Swedish nuclear bunker to protect them from government intrusion." Security measures extend beyond the cryptographic protocols. It utilizes Off-the-Record Messaging (OTR), a cryptographic protocol for secure instant messaging, and perfect forward secrecy, a system that constantly generates new user keys so snoops cannot decrypt older messages.
#Cryptocat iphone mac os x
Users of Mozilla, Chrome, Safari, Opera, and Mac OS X – and now iOS, can use the app.
#Cryptocat iphone for free
It's available for free from the Apple app store.
In a demo at RightsCon, a gathering in Silicon Valley that focuses on technology and combating human rights challenges, Cryptocat unveiled its chat-based cryptographically-based private mobile app, a tool they've been cooking up this past year.Ĭryptocat's mission, according to its blog, is "Making encrypted chat easy, fun, and accessible for everyone." While not as simple as using Facebook or GChat, it's easier to use than other encrypted instant messaging services. Cryptocat, a web application for private chatting, now functions on smartphones.
0 kommentar(er)
