Cryptocat is really, really cute. The encrypted-chat program’s logo is a pixellated cat, and its homepage is colorful but uncluttered. The chatroom that you enter to start a new chat looks and sounds like something out of a videogame from the 1980s.
This nostalgic and friendly vibe isn’t just an artistic whim of its lead developer, Nadim Kobeissi, who started the project three years ago as a 21-year-old college student in Montreal and recent émigré from Lebanon. The aesthetics of the program were his starting point, he said, as he set out to make an encrypted communication program that was accessible to everyone, regardless of technical know-how. The aesthetics will be just as inviting when Cryptocat’s mobile version launches in a few days, too.
“This cuteness is a security feature,” Kobeissi explained in a recent TED talk. “You’re making accessibility and ease-of-use security processes—if those fail, it’s just the same as having encryption failure.”
In other words, it doesn’t matter if an encryption program is safe if no one wants to use it. The encryption program Pretty Good Privacy (PGP), is as pretty-good as its name suggests (it is in fact excellent), but there’s a learning curve involved, and it only works when both the sender and receiver are using it. Journalists and others who are less technically-inclined—or just more impatient—will often jump on a less-safe platform if it seems like it will save them a lot of time and headache in the process.
This is not an abstract scenario. Edward Snowden was only able to communicate with Glenn Greenwald and other journalists after Laura Poitras taught Greenwald how to implement encryption and other operational security measures. Not every journalist waiting for the next big scoop has a Laura Poitras on his or her side; likewise, not every potential source happens to be an incredibly capable former national security contractor. That said, not every story involves a Snowden-level leak, either; sometimes journalists just need a safe, quick way to chat in a way that the text won’t be intercepted or read later by, say, a source’s boss.
“Some people can’t use PGP, but at the same time they want to access an alternative that is at least safer than Facebook chat or Skype—and those are very unsafe options,” said Kobeissi in an interview this week. “It’s very crucial to offer a solid, respectable middle ground to those people.”
And people are flocking to the service in this Snowden-Greenwald era; he says that about 100,000 people have downloaded the web app so far, and there are about 16,000 people using it each day. The total number of Cryptocat users will surely increase when the mobile version launches, too; the iPhone version is expected some time this week, followed by an Android version by the end of December.
Cryptocat succeeds because it’s as intuitive and accessible as Facebook, Skype, or Gchat, but it’s much safer. Unlike with these services, the server facilitating the chat doesn’t read or record the communications; messages are encrypted on each end of the conversation, with a new key pair generated for every new chat session. Cryptocat doesn’t require users to make accounts or contact lists, either. (He also recommends TextSecure, an encrypted SMS texting app for Android phones that works in a similar way.)