Cryptocat an encrypted private chat alternative
If you don't trust companies such as Google, Microsoft or Facebook when it comes to communication, for instance because of the recording of your chat conversations on said networks and possibility that those records are made available to third parties or used for user profiling, you may prefer a secure solution instead.
Cryptocat, available as a browser extension for Firefox, Google Chrome and Safari, may be that alternative. Probably the biggest difference to existing secure communication services is the ease of use with which you can get started. Instead of having to generate and exchange keys before you can even get started, you simply select the name of a chat room and a user name to connect.
The service creates an encryption key for you during set up. The chat room looks like all other chat rooms you may have come across. You see users who joined it on the right, and the actual messages on the left. Options are available to either chat privately with a select user, or publicly to the whole group of users.
It feels a bit strange that there is no option to password protect a chat room, considering that anyone guessing the name could enter it. While you'd then see the new user in the user list, it may happen that you overlook that at first, or have troubles locating the user if there are lots of users in that chat room.
It also needs to be noted that while chat is encrypted, your IP address is not. The developers suggest TOR to overcome this issue. Any non leaking VPN or proxy connection should suffice though.
The developers have used the following algorithms and technologies to secure communication between users:
- AES-CTR-256 for encryption and decryption
- Curve25519 for Elliptic Curve public key generation
- SHA-512 for generating 512-bit message authentication codes, shared secrets and key fingerprints
- Off-the-Record encryption support
- Cryptocat now uses the standard XMPP-MUC protocol for multi-user Instant messaging transport.
I suggest you read the full protocol specification here [pdf] if you are interested about the technical implementation.
Here is the rather unorthodox promo video:
Cryptocat is an easy to use solution which that requires no initial setup, like account creation or public key exchange, to function. The developers note that it is still an experimental service and that it should be used with that in mind.Advertisement