Protect Your Data and Communications with Cryptocat

Written by Mat Lee

Protecting your privacy online is gold these days. Mat Lee reviews Cryptocat, a plugin that can help keep your data and communications safe. — Cryptocat takes the two best things on the Internet and brings them together: communication and people’s love for cats. Here’s what Cryptocat is and why are so many people are jazzed about it.

Technically, Cryptocat is a free and open source software (FL/OSS) browser extension. More simply, it exploits various web technologies to provide easy-to-use, accessible and encrypted instant messaging to the general public. I like how they focus on accessibility. Let’s face it: If people can’t figure out how to use a software program, it isn’t going to be used. According to a post on the Cryptocat blog, “Accessibility and ease of use must be treated as security properties.” I couldn’t agree more.


Image credit: Cryptocat

Using current technology, how would you communicate on the Internet securely? That’s a big question. Naturally, if you want complete communication security, nothing beats an old-fashioned face-to-face meeting. But let’s assume that isn’t cost effective or even possible given everyone’s busy schedules these days.

For example, if you need to ensure a totally secure conversation with another business partner without a competitor listening, you could make sure both parties are using text secure or some other SMS encryption tool. The fact remains, however, that your messages were sent. And given enough time (and computing power), those messages can eventually be encrypted. Plus, how do you know the device you are messaging hasn’t fallen into the wrong hands?


Image credit: Cryptocat

You could set up a secure Internet relay chat (IRC) that’s encrypted, invisible and password protected for all its worth. But speaking as someone who has tried it, it’s a complicated pain — especially if the person on the other end doesn’t know IRC.

This of course depends on the level of the target and how badly the competitor wants your information. For normal people it’s not that big of a deal, but in principle, we should all be encrypting our communications and data as much as possible. After all, most of that data ends up streaking through the Internet at some time or another, and it’s a rudimentary task to tap that data. I’m not saying it happens a lot at the normal user level. But when it does, you’ll be glad your info was encrypted before it left your PC. Pre-Internet encryption (PIE) is key, and should be a main aspect of any computer user’s security routine.

The point? Cryptocat uses the Off the Record (OTR) protocol and implements perfect forward security in a way that makes setting up two-way encrypted communications secure and seamless. All you need is a browser. Cryptocat is written in JavaScript and HTML5. It works on ChromeFirefox, and Safari.

Just install the plugin, give yourself a name and title the discussion so someone else can join. From there you’re ready to have secure chats.


Image credit: Cryptocat

The more accessible to the public open source security tools like Cryptocat become, the harder the bad guys will have to work to get their hands on our communication and information. Regardless of who that bad guy might be at any given time, the idea is still the same. Unless you are a specific target, they will go for the low hanging fruit. Encrypting your information and communication with a secure implementation of really outstanding hardened cryptography instantly removes you from that low hanging fruit category.

For more information on Cryptocat and OTR, check out Security Now, episode 406. There is also a lot of great information on the Cryptocat blog and the Cryptocat Wiki.