Encrypted IM project, Cryptocat, looks to mobile this year
Several improvements are in the works for the encrypted instant messaging application
By Jeremy Kirk
January 14, 2013 — IDG News Service — Cryptocat, a project building an instant messaging platform that provides more privacy and security for activists, plans a host of improvements this year, including developing an application for mobile devices.
An open-source program, Cryptocat is the brainstorm of Nadim Kobeissi, who launched the project in his spare time between his studies at Concordia University in Montreal. It fell under a fair amount of criticism last year, not for its intent but skepticism over the technical challenge of building an encrypted instant messaging product that would be impervious to spying.
The somewhat negative attention did increase awareness of Cryptocat, which has gained momentum and laid out a roadmap for development this year.
Kobeissi wrote in a report outlining Cryptocat's goals that while the project does not use in-depth methods to track usage due to privacy reasons, as many as 8,000 people were using the application daily in December.
"Cryptocat is being built so that anyone can chat on the Internet without being surveilled, even if they're not a computer scientist," Kobeissi wrote.
In May, Cryptocat plans to release mobile applications for the iPhone and Android mobile platforms. The applications will allow multiple people to chat at the same time and also have push notifications and message delivery confirmation amongst other features, Kobeissi wrote. The project also expects to begin testing Cryptocat on Mozilla's Firefox operating system for mobile phones later this year.
Also on the technical side, Cryptocat would like to employ the so-called "Socialist Millionaire Protocol" (SMP) within the application, which is a way for two people to confirm each other's identity. Cryptocat currently uses public key fingerprints.
Kobeissi wrote Cryptocat would also like to implement permanent storage of encryption keys. The application now does not store keys on the client side, so those keys must be regenerated, which is a time-consuming process that also requires users to authenticate themselves again.
Cryptocat is translated into 32 languages, including obscure ones such as Tibetan, which is unpaid work that sometimes results in unreliable translations. Kobeissi wrote that they'd like to establish a translation fund to ensure that translations are reliable and on-time with coming product releases.
Cryptocat received about US$100,000 in funding last year, with 95 percent coming from Radio Free Asia's Open Technology Fund and the remainder from Open Internet Tools Project, which supports various open-source secure communications projects.
"We are infinitely thankful for the serious and necessary support our sponsors have given us," Kobeissi wrote.
Send news tips and comments to email@example.com. Follow me on Twitter: @jeremy_kirk