Update, January 6, 2014: As of the end of December 2013, the Cryptocat app for iPhone had been rejected by Apple, but Kobeissi was optimistic the problem could be resolved.
Original Story:
Cryptocat is really, really cute. The encrypted-chat program’s logo is a pixellated cat, and its homepage is colorful but uncluttered. The chatroom that you enter to start a new chat looks and sounds like something out of a videogame from the 1980s.
This nostalgic and friendly vibe isn’t just an artistic whim of its lead developer, Nadim Kobeissi, who started the project three years ago as a 21-year-old college student in Montreal and recent émigré from Lebanon. The aesthetics of the program were his starting point, he said, as he set out to make an encrypted communication program that was accessible to everyone, regardless of technical know-how. The aesthetics will be just as inviting when Cryptocat’s mobile version launches in a few days, too.
“This cuteness is a security feature,” Kobeissi explained in a recent TED talk. “You’re making accessibility and ease-of-use security processes–if those fail, it’s just the same as having encryption failure.”
In other words, it doesn’t matter if an encryption program is safe if no one wants to use it. The encryption program Pretty Good Privacy (PGP), is as pretty-good as its name suggests (it is in fact excellent), but there’s a learning curve involved, and it only works when both the sender and receiver are using it. Journalists and others who are less technically-inclined–or just more impatient–will often jump on a less-safe platform if it seems like it will save them a lot of time and headache in the process.
This is not an abstract scenario. Edward Snowden was only able to communicate with Glenn Greenwald and other journalists after Laura Poitras taught Greenwald how to implement encryption and other operational security measures. Not every journalist waiting for the next big scoop has a Laura Poitras on his or her side; likewise, not every potential source happens to be an incredibly capable former national security contractor. That said, not every story involves a Snowden-level leak, either; sometimes journalists just need a safe, quick way to chat in a way that the text won’t be intercepted or read later by, say, a source’s boss.
“Some people can’t use PGP, but at the same time they want to access an alternative that is at least safer than Facebook chat or Skype–and those are very unsafe options,” said Kobeissi in an interview this week. “It’s very crucial to offer a solid, respectable middle ground to those people.”
And people are flocking to the service in this Snowden-Greenwald era; he says that about 100,000 people have downloaded the web app so far, and there are about 16,000 people using it each day. The total number of Cryptocat users will surely increase when the mobile version launches, too; the iPhone version is expected some time this week, followed by an Android version by the end of December.
Cryptocat succeeds because it’s as intuitive and accessible as Facebook, Skype, or Gchat, but it’s much safer. Unlike with these services, the server facilitating the chat doesn’t read or record the communications; messages are encrypted on each end of the conversation, with a new key pair generated for every new chat session. Cryptocat doesn’t require users to make accounts or contact lists, either. (He also recommends TextSecure, an encrypted SMS texting app for Android phones that works in a similar way.)
Kobeissi is quick to point out, both in conversation and on every page of the website, that Cryptocat is not a perfect solution for every scenario. The goal has always been to strike a balance between easy user experience and security. He has been transparent about the bugs that have been discovered along the way as the Cryptocat project has grown, and he invites more people to check his open-source code for errors, plying them with T-shirts, stickers, and credit. The warning on the Cryptocat homepage is worth quoting in full, as it shows both how high the stakes are for some internet users around the world and how seriously Kobeissi takes his responsibility:
Cryptocat is not a magic bullet. Even though Cryptocat provides useful encryption, you should never trust any piece of software with your life, and Cryptocat is no exception.
Cryptocat does not anonymize you: While your communications are encrypted, your identity can still be traced since Cryptocat does not mask your IP address. For anonymization, we highly recommend using Tor.
Cryptocat does not protect against key loggers: Your messages are encrypted as they go through the wire, but that doesn’t mean that your keyboard is necessarily safe. Cryptocat does not protect against hardware or software key loggers which might be snooping on your keyboard strokes and sending them to an undesired third party.
Cryptocat does not protect against untrustworthy people: Parties you’re conversing with may still leak your messages without your knowledge. Cryptocat aims to make sure that only the parties you’re talking to get your messages, but that doesn’t mean these parties are necessarily trustworthy.
To mitigate those potential gaps in Cryptocat’s security scheme, Kobeissi suggests that people can use Cryptocat in conjunction with Tor, which will provide IP anonymity and a censorship-workaround, and secret-question authentication, which can help assure them that they’re talking to the right people behind the usernames.
At a recent journalism-security workshop at Columbia’s Tow Center, several trainers jokingly referred to Cryptocat as “the gateway drug of encryption,” saying that it was an easy way for people to start understanding safe communication before moving on to even more complex and secure channels. When asked what he thinks about that characterization, and what “drug” he thinks users should move on to after they’ve gotten the hang of Cryptocat, Kobeissi laughs but then offers a different take.
“Honestly, I think it should be the other way around. I think the services themselves should move towards the user, not the user towards the services,” Kobeissi says. “People aren’t willing to move into these technologies that are essentially, at their very core, inaccessible. So the smarter thing to focus on would be for the services themselves becoming more accessible to the people.”
Lauren Kirchner is a freelance writer covering digital security for CJR. Find her on Twitter at @lkirchner