The Cryptocat Project is developing a means of easily accessible and free communications similar to those found in Facebook, Google or Yahoo but is encrypted and free from government and corporate interception.
Cryptocat has the potential to provide a safe way for people to communicate when such communications could put their lives at risk, reports Lisa Vaas in the online security publication NakedSecurity. “Examples include communications between those who participated in the uprisings of the Arab Spring,” she said.
Earlier this week Cryptocat developer, Nadim Kobeissi tweeted that he was detained at the US-Canada border.
Out of my 4 DHS interrogations in the past 3 weeks, it’s the first time I’m asked about Cryptocat crypto and my passport is confiscated.
Kobeissi said his interrogator asked him which algorithms Cryptocat used and about its “censorship resistance”.
After the incident Kobeissi said interest in Cryptocat spiked.
“Cryptocat usage has sizably gone up in the past 24 hours,” Kobeissi said in an email to Vass.
Kobeissi also hopes users not put themselves at risk when using Cryptocat. The program has limitations, he said.
According to the project site, here are some of the things Cryptocat can’t do:
- Cryptocat does not anonymize you: While your communications are encrypted, your identity can still be traced since Cryptocat does not mask your IP address. For anonymization, we highly recommend using Tor. Cryptocat even offers a Tor Hidden Service at xdtfje3c46d2dnjd.onion.
- Cryptocat does not protect against key loggers: Your messages are encrypted as they go through the wire, but that doesn’t mean that your keyboard is necessarily safe. Cryptocat does not protect against hardware or software key loggers which might be snooping on your keyboard strokes and sending them to an undesired third party.
- Cryptocat does not protect against untrustworthy people: Parties you’re conversing with may still leak your messages without your knowledge. Cryptocat aims to make sure that only the parties you’re talking to get your messages, but that doesn’t mean these parties are necessarily trustworthy.