Encrypted IM project, Cryptocat, looks to mobile this year

Several improvements are in the works for the encrypted instant messaging application
  • Jeremy Kirk (IDG News Service)
  • — 15 January, 2013 03:08

Cryptocat, a project building an instant messaging platform that provides more privacy and security for activists, plans a host of improvements this year, including developing an application for mobile devices.

An open-source program, Cryptocat is the brainstorm of Nadim Kobeissi, who launched the project in his spare time between his studies at Concordia University in Montreal. It fell under a fair amount of criticism last year, not for its intent but skepticism over the technical challenge of building an encrypted instant messaging product that would be impervious to spying.

The somewhat negative attention did increase awareness of Cryptocat, which has gained momentum and laid out a roadmap for development this year.

Kobeissi wrote in a report outlining Cryptocat's goals that while the project does not use in-depth methods to track usage due to privacy reasons, as many as 8,000 people were using the application daily in December.

"Cryptocat is being built so that anyone can chat on the Internet without being surveilled, even if they're not a computer scientist," Kobeissi wrote.

In May, Cryptocat plans to release mobile applications for the iPhone and Android mobile platforms. The applications will allow multiple people to chat at the same time and also have push notifications and message delivery confirmation amongst other features, Kobeissi wrote. The project also expects to begin testing Cryptocat on Mozilla's Firefox operating system for mobile phones later this year.

Also on the technical side, Cryptocat would like to employ the so-called "Socialist Millionaire Protocol" (SMP) within the application, which is a way for two people to confirm each other's identity. Cryptocat currently uses public key fingerprints.

Kobeissi wrote Cryptocat would also like to implement permanent storage of encryption keys. The application now does not store keys on the client side, so those keys must be regenerated, which is a time-consuming process that also requires users to authenticate themselves again.

Cryptocat is translated into 32 languages, including obscure ones such as Tibetan, which is unpaid work that sometimes results in unreliable translations. Kobeissi wrote that they'd like to establish a translation fund to ensure that translations are reliable and on-time with coming product releases.

Other goals include developing a "field guide" for new users in order to train the target audience for the application, such as journalists and human rights workers, as well as create a field training program. Cryptocat notably does not have a privacy policy yet, either, so "formulating and publishing a legally valid privacy policy is necessary," Kobeissi wrote.

Cryptocat received about US$100,000 in funding last year, with 95 percent coming from Radio Free Asia's Open Technology Fund and the remainder from Open Internet Tools Project, which supports various open-source secure communications projects.

"We are infinitely thankful for the serious and necessary support our sponsors have given us," Kobeissi wrote.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Tags: applications, security, Cryptocat, software

The risks of sticking with Windows XP

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

AVG Internet Security 2011 Business Edition

Ultimate protection for your small or medium-sized business

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.