Cryptocat made the news recently when its lead developer, Nadim Kobeissi, was detained and interrogated one week ago at the US-Canadian border. The tactic of harassing individuals who are involved in suspicious cryptography-related activities is not a new one; Nefario, the China-based founder of the Global Bitcoin Stock Exchange, was detained for hours as interrogators questioned him about Bitcoin and ultimately denied him entrance to the US last August. This time, the Streisand effect kicked in; Cryptocat saw the highest level of interest since the project’s inception, and its inventor was forced to cautiously tweet: “It’s important that my interrogation doesn’t blow confidence in Cryptocat out of proportion. It’s still an experiment that needs work.”
But what is this software that has attracted so much attention these last few days? Essentially, it’s a browser-based, open source alternative to traditional instant messaging and chat programs like Skype. Messages are encrypted in the browser with Javascript, sent encrypted across the internet to the client, and then decrypted in the client, using public key encryption to ensure that Cryptocat itself has no way of knowing what is sent, although its developer is careful to point out that Cryptocat, and third party observers, know that something is sent, and, unless the client is also using Tor (Cryptocat offers a hidden service at xdtfje3c46d2dnjd.onion), who is sending and receiving. To join a chat with someone else, simply go to a URL like “https://crypto.cat/?c=bitcoin”, substituting bitcoin with whatever name you want to give the chat, and tell someone else to go to the same page.
Even beyond its encryption, Cryptocat is superior to its traditional alternatives, like Skype, in some respects. No accounts or setup are required, so you can immediately set up a chat with anyone around the world without asking them to download a program first. There is no need to invite individual users to a large group chat; simply putting the URL in a common location will suffice. The program also has a certain charm to it that strictly professional services like Skype lack; it uses the names of animals as default usernames and its interface features imagery reminiscent of classic arcade games of the 1980s.
However, the program does have its drawbacks. It has a smallar array of features, offering no voice or video chat and limiting its file transfer service to only images and zip archives up to 600 KB. The fact that it’s a browser-based program is a disadvantage as well as an advantage; there is no way for the program to tell when someone’s online or offline as there is in Skype, limiting its utility as a program for chatting with friends or coworkers whenever they are online. It has a Chrome extension and an Android app, but neither of these have any kind of notification functionality that allows them to remain useful without being the dominant application on the screen.
Browser applications, even ones that securely encrypt everything on the client side, do have a weakness in terms of security. While a desktop app with equivalent functionality only needs to have its code evaluated once, web applications essentially re-download the entire code to the user’s browser each time the program is loaded, so backdoors can be introduced at any time. Fortunately, however, the chrome extension and Android application solve this problem, as both types of software are downloaded and kept locally on the client.
Another inconvenience is speed. A message takes a few seconds to make its way from one party to another, partially because of the encryption and partially because the software relies on both clients communicating through the centralized server rather than the semi-decentralized globally distributed network that Skype uses. Of course, this fault is excusable; an individual with Nadim Kobeissi’s limited resource does not have the capacity to make the types of physical networking optimizations that corporations like Microsoft and Google can set up. But this is nevertheless a hurdle that may drive users who do not need encryption away from Cryptocat, as typical users tend to evaluate services by a combination of their quality and how many of their friends and coworkers already use them, not their estimation of the creator’s merit under his particular circumstances.
Cryptocat is still a work in progress, so these issues may be resolved as time passes and the software continues to be developed, although the hurdle of speed is one that is difficult to solve without the resources of a large corporation. Its ease of use and lack of setup is a strong advantage; for applications like one-time interviews it is arguably the best chat application available already. On the whole, the program is off to a good start, and it has lots of potential to become even better.
