![]() ![]() Just looking at what Facebook can provide, versus what Cryptocat can says a lot from a privacy perspective. How about data retention? While in the past Facebook has said messages are cleared after 90 days, it’s not clear how long they retain the information today, or how much could be produced under subpoena – it’s clearly more than what Cryptocat can produce (as Facebook produces a lot). So, if you just look at SSL/TLS, Cryptocat is better – assuming nobody else has access to the ciphertext, which happened (at least) when they used Cloudflare. While the bug was bad, how does it compare to other consumer chat systems, even with that flaw in mind? From what I’ve seen, it’s still a better option than Facebook.įirst, let’s ignore encryption and just look at what we get from SSL/TLS:įirst thing that I can point out is the use of forward secrecy – something Facebook isn’t using ( yet). ![]() Let’s look at it from another perspective though: Compared to Facebook Chat. If you understand encryption, the protection afforded was far less than expected. The most recent flaw was bad, very, very bad. Though I will note, the initial feeling seemed to be a bit different: This is not what Cryptocat is, it is wrong for the media to say that, and we have never said anything to that effect ourselves. We have realized that due to some (perhaps well-meaning) media coverage of the Cryptocat Project, our work has been labeled by the media as something that can aid activists in overthrowing governments or help save someone’s life. He then pointed me to a quote on their blog: That isn’t the intention, and he acknowledged that it’s not safe for that use. When I asked about Cryptocat’s reputation as a tool for activists, he was clearly agitated and made his position on the matter very clear. I asked Nadim at one point what his goal was, he responded without hesitation: to provide a safer alternative to Facebook Chat, Google Talk, etc. The second sentence is the one that I find interesting, in light of the conversation I had yesterday primarily this part: an accessible privacy alternative that they already know how to use. Cryptocat is currently available for Chrome, Firefox and Safari. We want to break down the barrier that prevents the general public from having an accessible privacy alternative that they already know how to use. It aims to make encrypted, private chat easy to use and accessible. So, what it the true goal? Here is a snippet of their readme, which (kinda) lays out the goal:Ĭryptocat is an experimental browser-based chat client for easy to use, encrypted conversations. is a crucible in it we burn away irrelevancies until we are left with a pure product: the truth, for all time. The topic of goals led to an interesting discussion – to what standard is Cryptocat being held? Perhaps, just perhaps – the unforgivable security failures of Cryptocat are only so unforgivable because of the bar it’s being measured against. Yesterday I talked to Nadim Kobeissi for about an hour about Cryptocat, its policies, practices, successes, failures, and goals. What is the measure of a man what makes one great, and another lesser? What separates success from failure? We all recognize light from dark, but at which point does it go from one to another? If we ask if a person (or company, or product) is successful – do we measure them against their closest competitor, their nearest neighbor, or perhaps the most successful person we know? Where, and how, do you set that bar to measure against?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |