Some context, if you don't know what cryptocat is, or why the lead dev is shutting it down:<p>Cryptocat Considered Harmful (2013) <a href="https://datavibe.net/~sneak/20130717/cryptocat-considered-harmful/" rel="nofollow">https://datavibe.net/~sneak/20130717/cryptocat-considered-ha...</a><p><pre><code> Except: Today, Cryptocat is not for everyone.
Cryptocat is under active development, and is suitable only for
debugging and software experimentation. It is not suitable for
those who desire communications privacy. (This may change 2-5
years in the future, following sufficient peer review.)
Cryptocat has had myriad errors in implementation, spanning the
entire time it has been under active development. Note well that
this is not a criticism: cryptosystems are notoriously difficult
to get right, and it takes a very long time, significant
experience, much peer review (on top of that significant
experience), and lots of sweat and iteration to build systems
that are safe to use.
</code></pre>
(HN thread on that post: <a href="https://news.ycombinator.com/item?id=6990602" rel="nofollow">https://news.ycombinator.com/item?id=6990602</a> )<p>Schneier post on the adoring media coverage of cryptocat (2012) <a href="https://www.schneier.com/blog/archives/2012/08/cryptocat.html" rel="nofollow">https://www.schneier.com/blog/archives/2012/08/cryptocat.htm...</a>
This is a good thing, though I think it should have happened more than 19 months earlier. Cryptocat wasn't just unmaintained†, but also gravely flawed and insecure.<p>† <i>Despite looking like this yesterday: <a href="https://web.archive.org/web/20160205030908/http://crypto.cat/" rel="nofollow">https://web.archive.org/web/20160205030908/http://crypto.cat...</a> </i>
Cryptocat was a good concept (i.e. it was USABLE!), but the execution was flawed. It grew a lot of criticism and Nadim made mistakes in handling some of his critics, creating a schism between him and the cryptographers who might have been able to help him. (Not all of this was his fault, of course.)<p>I hope that not only will this new product of his be developed with "A pure vision of democratized, pleasant secure messaging", but also that he has matured significantly. I hope that Cryptocat v3 will come out after it has been thoroughly audited by several reputable third parties.<p>Most importantly, I hope their crypto is boring.<p><a href="https://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase/6116#6116" rel="nofollow">https://security.stackexchange.com/questions/6095/xkcd-936-s...</a><p><a href="http://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf" rel="nofollow">http://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf</a>
"There is a design decision that is not open for negotiation: it will be desktop-only. This is due to the my belief that the mobile space has been elegantly solved by other well-written open source software, while the desktop/laptop space could still use an alternative for usable, fun and secure messaging software, developed in the spirit of general purpose computing."<p>By this logic, why even compete in the web/desktop space? Telegram has mobile, desktop and web clients.
Is end-to-end encrypted messaging really that hard? Assuming you simply forgo all the features that require a server and just send messages peer-to-peer using TLS, isn't this pretty straightforward to do?
Cryptocat is one of those awesome projects I'd love to support, but I just don't have the time or expertise to help. I hope Kobeissi finds some good devs to help him keep the project going.
Good day! People on Cryptoca/Cryptodog will probably recognize me, but I would like to say. I think Cryptocat, no matter how good or bad it is, it is still a very good tool. Cryptodog is just an extension to that, and a good one, too. That is all I have to say.
Hey guys,
I am an avid user of Cryptocat and have been using it for over a year. I am sad to see Cryptocat will be down for the foreseeable future, but I have found an alternative which is even better. Cryptodog is looking to take off where Cryptocat left off and is constantly being worked on. It's still a work in progress, but I highly recommend it for everyone who wants to have private conversations