“Even the most recent versions took a minor beating in the recent security audits. “Early versions of Cryptocat really did contain some nasty bugs,” said Matthew Green, a cryptographer and research professor at the Johns Hopkins Information Security Institute. Kobeissi stated that the software was experimental, but came under repeated harsh criticism aimed at his age and lack of previous involvement with the tight-knit information security community. But Crypto.cat was riddled with security problems. His simple and idiosyncratic website and its ’80s-themed icons were a success, drawing in users who had never been able to get a grip on encryption software. He was trying to make security software-something that’s notoriously impossible for non-experts to use-into a tool for the masses. Kobeissi started the project at 20 as a lark in college. Cryptocat, with its simple and clean interface, has attracted those users more interested in security than security software.įor being such a straightforward piece of software, Cryptocat, and its young creator, have had a rough history. Many in the crypto-building community believe adding encryption to existing tools is likely to be the best answer. In the post-Snowden era, more non-techies around the world are looking for ways to secure their regular conversations from mass surveillance. Kobesissi and other security-minded computer experts have referred to this as opportunistic encryption-getting non-geeks to add some security to their existing communications, rather than have to learn new and difficult tools with user bases that number closer to thousands than billions.įrederic Jacobs, a Switzerland-based developer of encryption software for Open Whisper Systems, tweeted, “You can now send me encrypted messages on Facebook with Opportunistic encryption at its best”-along with a screenshot of a chat. But if a Facebook friend is also using Cryptocat, the program automatically exchanges keys and becomes “end-to-end”-unreadable by Facebook or anyone else not participating in the chat. All Facebook will see is cyphertext-the mathematical gibberish computers generate to thwart spying eyes.Ĭhatting with Facebook friends who aren’t using Cryptocat is the same as using the standard Facebook interface-secure to the server, and then readable by Facebook. Only the participants in any given chat have the keys to decrypt and read their own chats. It’s called “end-to-end” encryption, and it doesn’t allow Facebook or any other server, including Cryptocat’s own, to see plain text messages. But the security feature Cryptocat ultimately offers is different. But Facebook itself can see, store, or even turn over all the messages their users send to each other.Īfter installing a browser plug-in for Cryptocat, the program connects to Facebook using the same SSL Facebook uses, and shows people their available Facebook friends. No one on the open Internet can read Facebook chat messages without breaking the SSL encryption Facebook uses, denoted by “https” and a lock icon in the browser. On Facebook, chats are encrypted between users and Facebook’s servers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |