I'll be grateful for you taking the time to read on what we're doing and I am more than happy to discuss with you and answer your questions. Read what we're doing to improve the security of accessible encryption and our reasoning for publishing these audits. The blog post's last section ("On the Significance of Audits") discusses why it is that Cryptocat has seen more audits published about it than other encryption projects. ![]() ![]() Again, please, read the blog post for context (and also for the results of another audit we comissioned in parallel.) We've done our best to address these issues and are working towards an open discussion on how to improve accessible encryption. I'd appreciate it if you could please upvote this comment and help me contextualize this audit. It's very unfortunate that this audit is being taken out of context like this and used to attack our effort. While this audit definitely does find some vulnerabilities and room for improvement, none of the critical bugs in this audit ever made it to Cryptocat for iPhone's release. Many of the bugs it found are due to the fact that it was reviewing a prototype with debugging features (such as NSLog) turned on. This audit was commissioned by us and concerns a pre-release version of Cryptocat for iPhone. This audit document alone does not give enough context. I strongly urge you all to please read our blog post regarding this audit. "We are infinitely thankful for the serious and necessary support our sponsors have given us," Kobeissi wrote.Hi, I'm the lead developer for Cryptocat. Cryptocat notably does not have a privacy policy yet, either, so "formulating and publishing a legally valid privacy policy is necessary," Kobeissi wrote.Ĭryptocat received about US$100,000 in funding last year, with 95 percent coming from Radio Free Asia's Open Technology Fund and the remainder from Open Internet Tools Project, which supports various open-source secure communications projects. Other goals include developing a "field guide" for new users in order to train the target audience for the application, such as journalists and human rights workers, as well as create a field training program. Kobeissi wrote that they'd like to establish a translation fund to ensure that translations are reliable and on-time with coming product releases. The application now does not store keys on the client side, so those keys must be regenerated, which is a time-consuming process that also requires users to authenticate themselves again.Ĭryptocat is translated into 32 languages, including obscure ones such as Tibetan, which is unpaid work that sometimes results in unreliable translations. Kobeissi wrote Cryptocat would also like to implement permanent storage of encryption keys. Cryptocat currently uses public key fingerprints. The project also expects to begin testing Cryptocat on Mozilla's Firefox operating system for mobile phones later this year.Īlso on the technical side, Cryptocat would like to employ the so-called "Socialist Millionaire Protocol" (SMP) within the application, which is a way for two people to confirm each other's identity. The applications will allow multiple people to chat at the same time and also have push notifications and message delivery confirmation amongst other features, Kobeissi wrote. ![]() In May, Cryptocat plans to release mobile applications for the iPhone and Android mobile platforms. "Cryptocat is being built so that anyone can chat on the Internet without being surveilled, even if they're not a computer scientist," Kobeissi wrote. Kobeissi wrote in a report outlining Cryptocat's goals that while the project does not use in-depth methods to track usage due to privacy reasons, as many as 8,000 people were using the application daily in December.
0 Comments
Leave a Reply. |