Use Cryptocat for true secure communication

aNewDomian.net  Cryptocat brings together the two best things of the internet: People’s love of cats and communication. What is Cryptocat and why should you care?

Cryptocat is a free and open source software (FL/OSS) browser extension that makes use of web technologies in order to provide easy-to-use, accessible, encrypted instant messaging to the general public. I like how they have a focused on accessibility. Let’s face it: If normal, everyday people can’t figure out how to use your software, it isn’t going to be used. It says in its blog post, “Accessibility and ease of use must be treated as security properties.” I couldn’t agree more.

Image Courtesy: Cryptocat

How would you communicate on the Internet securely, or at least as securely as possible with the current technology? Of course, if you want complete communication security, nothing beats a good old face to face meeting. But let’s assume that’s not cost effective or even possible given everyone’s busy schedules these days.

For example, if you need secure a conversation with another business partner without a competitor listening, you could make sure both parties are using text secure or some other SMS encryption tool, but the fact is those messages were still sent – and given enough time and computing power they can eventually be encrypted. Plus, how do you know the device you are messaging hasn’t fallen into the wrong hands?

Image Courtesy: Cryptocat

You could set up a secure Internet relay chat (IRC) that’s encrypted, invisible and password protected for all its worth, but speaking as someone who has done it, it’s a complicated pain, especially if the person you are communicating with doesn’t know IRC.

This of course depends on the level of the target and how badly the competitor wants your information. For everyday people it’s not that big of a deal, but in principle, we should all be encrypting our communications and as much of our data as possible, considering most of that data ends up coursing through the veins of the internet at some time or another, and it’s a rudimentary task to tap that data. Not saying it happens a lot at the normal user level, but when it does, you’ll be glad your data was encrypted before it left your PC. Pre-Internet encryption (PIE) is key, and should be a main aspect of any computer user’s security routine.

The point? Cryptocat uses the Off the Record (OTR) protocol and implements perfect forward security in a way that makes setting up two-way encrypted communications secure and seamless. All you need is a browser. Cryptocat is written in JavaScript and HTML5. It works on Chrome, Firefox, and Safari.

Just install the plugin, give yourself a name and title the discussion so someone else can join. From there you’re ready to have secure chats.

Image Courtesy: Cryptocat

The more accessible to the public open source security tools like Cryptocat become, the harder the bad guys will have to work to get their hands on our communication and information. Regardless of who that bad guy might be at any given time, the idea is still the same. Unless you are a specific target, they will go for the low hanging fruit. Encrypting your information and communication with a secure implementation of really outstanding hardened cryptography instantly removes you from that low hanging fruit category.

For more information on Cryptocat and OTR, check out Security Now, episode 406. There is also a lot of great information on the Cryptocat blog and the Cryptocat Wiki.

Mat Lee

Mat Lee

Contributor at Tech Page One
Based in Kalispell, Montana, Mat Lee is a Senior Editor and Podcaster at aNewDomain.net. Email Mat at [email protected]
Mat Lee
Tags: Business,IT Security,Technology