Dear Cryptocat Users (opens in new tab)

A usable, secure messenger is a pretty important niche to fill. Cryptocat is a good concept (usability is important), but its implementation is flawed enough that it's worse than useless. With some TLC, better ground-up design, and through auditing? Pretty sweet. There isn't one messenger that fills every niche reasonably well (eg. Tox is fragmented and hasn't been audited as far as I'm aware, Jitsi is clunky and relies heavily on outside services, Retroshare requires an intricate knowledge of GPG, several other messengers sit over Tor which requires education, and libpurple is garbage, etc.).

Just to play devil's advocate for the sake of discussion I'll say, the main benefit is "education" for designers of actual secure messaging apps such as those from Open Whisper Systems.

I remember Moxie writing about intentionally using insecure messaging apps that have great UI for the purpose of learning what non-technical users want, and he then built stuff that was both secure and usable.

I think it's interesting how apps like Cryptocat (on one side) and those from e.g. Open Whisper Systems (on another) play off each other. Some secure messaging apps were pressured to up their UI game, and now some "usable" apps are pressured to up their security game or shut down. Whatsapp got X25519 via the TextSecure protocol, and now Cryptocat is shutting down. It sends a message that designers of new apps will be competing against successful deployments of messengers that are both secure and usable.

There are still things like Telegram that are apparently big, but I think the trend is clear.

Agreed. There must be a cryptographic aphorism along the lines of John Gall's famous saying about the provenance of complex systems that work.

Something like: "Usable secure systems are created by iterating from secure unusable systems, not by iterating from insecure usable systems." Someone must have said something like this before, and put it more eloquently.

See: "but the execution was flawed."

> Security at the expense of usability comes at the expense of security.

It got the usability part down, it just wasn't secure. And I wasn't claiming it was.

It at least set a bar in UX that other projects aiming to do it right will try to match.

Secure from whom? A school IT admin? An abusive spouse? A kiddie with a wifi packet sniffer? From hackers going after email accounts? There are lots of threat models that CryptoCat was useful against; and in the long run, CryptoCat was right about usability.

What's it matter if it's secure but not usable? That problem, aside from demand, is why almost everyone uses insecure messengers. Usability is more important if one is targeting the masses. Especially if the alternatives they find cool and usable are horribly insecure.

That leads to other side: what is a secure messenger? Secure against WHO? If it's hackers, then Cryptocat is entirely inappropriate as it will be smashed. Yet, average person's threat model includes all kinds of snoops that might not have hacking skill not to mention the service host. Especially in high school & college. Cryptocat would protect them from many of those while its own problems would be found and improved over time. Widespread adoption of Cryptocat over services like Facebook Messenger stashing & analyzing the messages would be a win in privacy.

So, the question is use case. I gave it a positive review for potential to get insecure crowd on something a little better. It was also fun thanks to good art. I just said they should clearly indicate it's not for stopping hackers, governments, etc. Plus keep links to good products that are. If people want those, they'll use them. If not, Cryptocat wasn't a bad fallback compared to straight-up invasive apps they were likely using.

Is using a server for discovery and key exchange so terrible? The messages will still never touch it.

The protocol and crypto are also open source. The only thing about Telegram that isn't open source is the server. They've hinted that they might open the server and allow federating in the future, but they have no timeline for doing so.

DOH! - Yes, thats what I was thinking of... Thank you.

One of the Cryptodog devs here - no Chrome 0days in our possession (yet).

The code's all on Github: https://github.com/Cryptodog/cryptodog. No signed extensions or apps yet, but you can clone and run locally for testing purposes, or use the hosted client linked there.

So far, we've been focusing on refactoring, fixing surface bugs, and making the UI more attractive and intuitive -- none of the underlying cryptography has been touched. It also performs slightly faster than stock Cryptocat. Since Nadim took down his XMPP server, we've had to create our own, but the backend is identical to his setup.

Of course, Cryptodog is by no means the best solution for E2E chat, just as Cryptocat wasn't. The best we can hope to achieve without a complete codebase overhaul is a reasonable level of security (https://leastauthority.com/static/publications/LeastAuthorit...). However, it's still a fairly usable app that can afford casual users protection against basic threats, like corporate data mining.

Issue postings, pull requests, and other miscellaneous contributions are all welcome.