8/26/2023 0 Comments Cryptocat ios review![]() ![]() He used to proudly call himself the "lightning rod of the crypto community." Now he's a victim of it. That means you can help us make it better. Please understand that we really are doing our best, and that this is very difficult and demanding work. ![]() I was miserable, and I almost quit the project, I really did. When I came back home from this whirlwind in September, I suffered from a huge, guilt-driven anxiety attack due to all the stress mitigating this vulnerability has caused. This is the kind of personality driven stuff I find with /u/Kaepora: Unfortunately he knows just enough to be dangerous. He does have a flair for presentation and media, which many uber geeks do not. Personally I view /u/Kaepora somewhere between a tech journalist and a serious security professional. This isn't a technical observation, but it does explain a bit about why "Cryptocat looked at badly in the crypto community." Instead of putting his broken tech into the curio cabinet and going back to crypto basics so he can develop something actually secure, he insists on defending Cryptocat until, maybe, all its users are arrested or something. He's attracted to media attention, isn't or wasn't sufficiently skilled in the domains he was preaching in, and endangered lots of people with half-baked tech back-stopped by half-hearted disclaimers. But he burned most or all of them out with his antics. Being young and ambitious, he attracted a lot of attention from crypto community experts who tried to take him under their wing. Yes, that sounds like ad hominem -hell, it is ad hominem- but the fact is, the dev is prone to childish public rants and can't take criticism. One major problem not addressed here is the failed personality of Cryptocat's developer, /u/Kaepora. I just hope that the community will at least try to learn from the Cryptocat experience, and help to make it secure. Even with the past history of bugs (which is not something unique to Cryptocat, all software is plagued with bugs), I don't think Cryptocat deserves the hatred it has received. I don't understand why everyone rails against Cryptocat so hard. It's certainly better than Facebook chat and Skype. If you're talking about the chats being safe from the average computer criminal, marketing companies wanting to read your chats to learn more about you, or parents trying to read their teen's chats, then I think Cryptocat does a good job. Even PGP isn't unless you take extreme precautions and use an air-gapped machine to do all your encryption. ![]() That said, is cryptocat secure enough to use? If you're talking about being secure against state-sponsored adversaries like the NSA, then no, certainly not. Again, the fact that Cryptocat is so very usable makes it experimental, and that has lead to some problems. ![]() Cryptography that doesn't get used is completely useless. Cryptocat is pushing that forward.Ĭryptocat is also pushing usable security forward. It's impossible to deny how important the browser is becoming as a platform. It's only getting better.Ĭryptocat is providing a testing ground (and motivation) for crypto features in the browser, too. The project is completely transparent, and that's exactly the way it should be. There have been lots of problems, but Nadim has consistently handled each one in the best way I can imagine. Regardless of whether it's secure or not, I think Nadim and team have been doing a great job. That's good, and we're learning a lot from it, but there's a potential for users to be at risk. Cryptocat is pushing cryptography into an area it's never been before. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |