Cryptocat
Original author(s) | Nadim Kobeissi |
---|---|
Developer(s) | Nadim Kobeissi and contributors[1] |
Initial release | 19 May 2011 |
Final release | 3.2.08[2]
/ 20 February 2017 |
Repository | |
Written in | Catalan, French |
Type | Secure communication |
License | GNU General Public License |
Website | crypto |
Cryptocat is a discontinued
Cryptocat was created by
History
Cryptocat was first launched on 19 May 2011 as a web application.
In June 2012, Kobeissi said he was detained at the U.S. border by the DHS and questioned about Cryptocat's censorship resistance. He tweeted about the incident afterwards, resulting in media coverage and a spike in the popularity of the software.[5]
In June 2013, security researcher Steve Thomas pointed out a security bug that could be used to decrypt any group chat message that had taken place using Cryptocat between September 2012 and 19 April 2013.[6][7] Private messages were not affected, and the bug had been resolved a month before. In response, Cryptocat issued a security advisory, requested that all users ensure that they had upgraded, and informed users that past group conversations may have been compromised.[7]
In February 2014, an audit by iSec Partners criticized Cryptocat's authentication model as insufficient.[8] In response, Cryptocat made improvements to user authentication, making it easier for users to authenticate and detect man-in-the-middle attacks.[9]
In February 2016, citing dissatisfaction with the project's current state after 19 months of non-maintenance, Kobeissi announced that he would be taking Cryptocat temporarily offline and discontinuing the development of its mobile application, pending a complete rewrite and relaunch of the software.[10] In March 2016 Kobeissi announced the re-release of Cryptocat, rewritten completely as desktop software instead of the original web application software, as a public beta and the resumption of the service.[11] The new desktop-centric approach allowed Cryptocat to benefit from stronger desktop integration, in a style similar to Pidgin.
In February 2019, it was announced that Cryptocat would be discontinued.[12] As of December 2019, the cryptocat domain is for sale and links to the site for the Wire messenger.[13]
Features
Cryptocat allows its users to set up end-to-end encrypted chat conversations. Users can exchange one-to-one messages, encrypted files, photos as well as create and share audio/video recordings. All devices linked to Cryptocat accounts will receive forward secure messages, even when offline.
All messages, files and audio/video recordings sent over Cryptocat are end-to-end encrypted. Cryptocat users link their devices to their Cryptocat account upon connection, and can identify each other's devices via the client's device manager in order to prevent man-in-the-middle attacks. Cryptocat also employs a Trust on first use mechanism in order to help detect device identity key changes.
Cryptocat also includes a built-in auto-update mechanism that automatically performs a signature check on downloaded updates in order to verify authenticity, and employs TLS
Originally in 2013, Cryptocat offered the ability to connect to Facebook Messenger to initiate encrypted chatting with other Cryptocat users.[14] According to the developers, the feature was meant to help offer an alternative to the regular Cryptocat chat model which did not offer long-term contact lists.[15] This feature was disconnected in November 2015.
Reception and usage
In June 2013, Cryptocat was used by journalist
In November 2013, Cryptocat was banned in Iran, shortly after the election of Iran's new president Hassan Rouhani who had promised more open Internet laws.[17]
Cryptocat was listed on the Electronic Frontier Foundation's "Secure Messaging Scorecard" from 4 November 2014 until 13 March 2016. During that time, Cryptocat had a score of 7 out of 7 points on the scorecard. It had received points for having communications encrypted in transit, having communications encrypted with keys the provider did not have access to (end-to-end encryption), making it possible for users to independently verify their correspondent's identities, having past communications secure if the keys were stolen (forward secrecy), having its code open to independent review (open-source), having its security designs well-documented, and having completed an independent security audit.[18]
Architecture
Encryption
Cryptocat uses a
Cryptocat uses the
For the transport layer, Cryptocat adopts the OMEMO Multi-End Message and Object Encryption standard, which also gives Cryptocat multi-device support and allows for offline messaging.[4]
Network
Cryptocat's network relies on a
Distribution
From March 2011 until March 2016, Cryptocat was officially distributed through the
See also
- Comparison of instant messaging clients
- Freedom of information
- GNU Project
- Hacktivism
- Internet privacy
References
- ^ a b Cryptocat. "Cryptocat Mission Statement". Archived from the original on 7 April 2016. Retrieved 22 April 2016.
- ^ "Cryptocat 3.2.08 Release Notes".
- ^ "Cryptocat". crypto.cat. Archived from the original on 18 July 2016. Retrieved 29 March 2016.
- ^ a b c "Cryptocat - Security". crypto.cat. Archived from the original on 7 April 2016. Retrieved 29 March 2016.
- ^ "Developer's detention spikes interest in Montreal's Cryptocat". Itbusiness.ca. 8 June 2012. Archived from the original on 29 January 2013. Retrieved 28 July 2012.
- ^ Steve Thomas. "DecryptoCat". Archived from the original on 26 July 2015. Retrieved 10 July 2013.
- ^ a b Cryptocat Development Blog. "New Critical Vulnerability in Cryptocat: Details". Archived from the original on 5 July 2013. Retrieved 7 July 2013.
- ^ https://isecpartners.github.io/publications/iSEC_Cryptocat_iOS.pdf Archived 12 November 2020 at the Wayback Machine [bare URL PDF]
- ^ Cryptocat. "Recent Audits and Coming Improvements". Archived from the original on 15 October 2014. Retrieved 22 June 2014.
- ^ Paletta, Damian (22 February 2016). "How the U.S. Fights Encryption—and Also Helps Develop It". The Wall Street Journal. News Corp. Archived from the original on 19 June 2018. Retrieved 24 February 2016.
- ^ "Cryptocat Release Announcement". crypto.cat. Archived from the original on 22 December 2016. Retrieved 22 April 2016.
- ^ Cryptocat (5 February 2019). "We are discontinuing the Cryptocat service starting tomorrow. The software is no longer maintained". @cryptocatapp. Archived from the original on 12 December 2021. Retrieved 5 February 2019.
- ^ "crypto.cat". 7 November 2019. Archived from the original on 7 November 2019. Retrieved 5 December 2019.
- ^ Norton, Quinn (12 May 2014). "Cryptocat Creates an Encrypted, Disposable Chatroom on Any Computer with a Web Browser". The Daily Beast. Archived from the original on 19 June 2014. Retrieved 22 June 2014.
- ^ Cryptocat. "Cryptocat, Now with Encrypted Facebook Chat". Archived from the original on 11 November 2014. Retrieved 22 June 2014.
- ISBN 978-1627790734. Retrieved 22 June 2014.
- ^ Franceschi-Bicchierai, Lorenzo (21 November 2013). "Iran Blocks Encrypted Chat Service Despite Claims of Internet Freedom". Mashable. Archived from the original on 22 June 2014. Retrieved 22 June 2014.
- ^ "Secure Messaging Scorecard. Which apps and tools actually keep your messages safe?". Electronic Frontier Foundation. 4 November 2014. Archived from the original on 15 November 2016. Retrieved 21 April 2016.
- ^ "Cryptocat Axolotl Implementation". github.com. Retrieved 22 April 2016.[permanent dead link]
- ^ "Cryptocat Cryptographic Primitives". github.com. Retrieved 22 April 2016.[permanent dead link]
- ^ Cryptocat. "Cryptocat Download Server". Archived from the original on 18 January 2019. Retrieved 22 April 2016.
Further reading
- Greenberg, Andy (27 May 2011). "Crypto.cat Aims To Offer Super-Simple Encrypted Messaging". Forbes.
- Curtis, Christopher (17 February 2012). "Free encryption software Cryptocat protects right to privacy: inventor". Montréal Gazette. Archived from the originalon 19 February 2012.
- Dwyer, Jim (17 April 2012). "Using His Software Skills With Freedom, Not a Big Payout, in Mind". New York Times.
- Knowles, Jamillah (3 March 2012). "Raspberry Pi network plan for online free-speech role". BBC News.
- Kirk, Jeremy (14 March 2012). "Cryptocat Aims for Easy-to-use Encrypted IM Chat". PCWorld. Archived from the originalon 17 December 2012.
External links