[liberationtech] What I've learned from Cryptocat
Jacob Appelbaum
jacob at appelbaum.net
Tue Aug 7 16:40:55 PDT 2012
Nadim Kobeissi:
> OKAY!
> I just came back from a long, incredibly intense dinner with Jacob, Ian
> Goldberg and a few other people. Believe it or not, we have actually
> managed to agree on a conversation model that both answers the concerns of
> people like Jacob while remaining easy to use and accessible! Hard to
> believe, but we actually came to it.
It was a good discussion.
>
> *A non-technical, one paragraph summary: *There will be no logins. Instead,
> you will enter a chat room just like the current Cryptocat. Inside the
> room, you can either have a group conversation (via mpOTR) or start private
> conversations with individual members (via OTR.) Clicking on each chat
> member opens a separate tab in which a conversation may be maintained.
To be clear - this means that Cryptocat won't change much from a user's
perspective. It won't have new legal issues or data retention requirements.
>
> As I hope you'll agree, this model is indeed simple, and yet the inner
> workings are actually very interesting, innovative and promise some cool
> security properties. Jacob and I are in the process of writing a formal
> description that we hope to post soon.
>
We'll open a bug about it.
> Issues such as browser plugins/web versions were comparatively barely
> discussed. But this is still an excellent issue to be resolved. A lot of
> progress was made today! I also want to say that I strongly appreciate the
> conversation being had here. My personal view is that browser plugins
> should definitely be the main form of delivery for Cryptocat 2. I believe
> the debate is still open on whether a "demonstration" web version should
> exist. If it does, however, I must stress that it will be very minimal, and
> chock-full of blaring, inescapable warnings everywhere.
I think the best warning would be to tell others that the user has made
that security choice. But I think this is hard to get right as it might
encourage people to attack those users to get at the "more secure"
users. This is a good thing to talk about at Toorcamp, I bet.
All the best,
Jake
More information about the liberationtech
mailing list