Latest posts.

Summer KickStarter for Android App and More!

We’ve been giving private, encrypted chat to everyone for three years. Help us do more by giving back. Contribute to the Cryptocat KickStarter to help fund Cryptocat for Android, encrypted video chat, and more!

Cryptocat is one of the world’s leading encrypted instant messaging platforms. It is renown for its ease of use and accessibility, serving around 300 individuals at any given moment. Cryptocat is available for Google Chrome, Mozilla Firefox, Apple Safari, Opera, Mac OS X, and iPhone — with your help, we want to bring Cryptocat to Android, significantly improve our iPhone app, and also working on exciting features like encrypted video/audio chat!

Cryptocat focuses on treating ease of use as a security property. We want to make encrypted chat fun and accessible, because we know that anything else just can’t work with the general public. Cryptocat has managed to bring encrypted chat to 35 different languages and to more than 200,000 individuals around the world.

People all over the world who, for some reason or another, want to simply afford themselves private communications are discovering Cryptocat and relying on it. We have met people in war zones who rely on Cryptocat to talk to their families. Activists who rely on Cryptocat to organize. Middle school teachers who used Cryptocat to teach Internet privacy to children. Canadian sex clinics deploy Cryptocat to discuss private matters with their clients. Journalists from Reporters without Borders who hold workshops specifically to teach their colleagues and related individuals how to protect themselves using Cryptocat. In Lebanon, secular movements are using Cryptocat to avoid being harassed by sectarian militias. Even in Tibet, individuals in isolated mountains use Cryptocat to communicate in privacy.

Since 2012, the amount of different situations we have seen Cryptocat deployed in is truly hard-hitting. Hundreds of people are connected to the Cryptocat network at any given time, and it is surreal for us to even try to imagine all the stories we haven’t heard of how Cryptocat has helped. In Russia, Croatia, and all around the world, we hear stories regularly involving Cryptocat. Cryptocat’s impact has been strong enough to make it the only encrypted instant messaging software to be completely banned in Iran (since November 2013).

Encrypted video/audio chat:

As part of this fund-raiser, we want to make it possible for Cryptocat’s browser clients of setting up end-to-end encrypted audio and video chat within the browser. We want this to be a drop-in replacement for Skype and other services that would have you risk your privacy.

Mobile apps for Android and iPhone:

Cryptocat is already available for iPhone — but we need your help to bring it to Android and to improve the features of our iPhone app. With your donations, we can hire new engineers to get this done, and fund our existing team.

More details on planned research goals:

Unit Tests The three main components of Cryptocat mobile applications are the OTR component, the mpOTR component, and the XMPP component. Those components handle the critical feature of the app: the encryption of the communications, and the connection with the chat server. It is important to make sure we do not break the security or the connectivity of the app across releases. Writing test code will help us to preventively detect bugs and avoid regressions in upcoming releases. It is particularly important in an open-source project where lot of different contributors might help improve the codebase. Using existing frameworks, we’ll have to setup a test environment and adapt the existing code so it’s easier to test. After the test environment has been properly set up and the main functionalities have been tested, it will be easier to write more tests as we discover bugs and add new functionalities. Projected time needed for development: 8 weeks

Quality Assurance Into Maturity This deliverable allows us to maintain the quality of Cryptocat’s mobile releases over the course of their release in 2014 as the applications go through their first year in production. Projected time needed for development: 2014

Identity verification In the context of a secure conversation, both parties should be able to verify their identities. The OTR protocol uses SMP to detect impersonation or man-in-the-middle attacks. SMP will have to be implemented at the protocol level, and the app user interface will have to be adapted. We should present the user with an interface that allows him to ask a secret question to his recipient and to answer to his recipient’s secret question. On top of this, Cryptocat’s user interface must be expanded to enforce and encourage authentication much more clearly to end-users. Projected time needed for development: 8 weeks

Secure file transfer for mobile apps In order to allow recipients to exchange files securely, we’ll use our OTR encrypted file transfer specification. We will have to implement it both at the protocol level and at the UI level. The recipients will have to be presented an interface to pick a file to send, and to be notified when a file is being received. Projected time needed for development: 8 weeks

File preview We will adapt the user interface to allow the user to preview received files (e.g: images, videos, sounds) and to open them with other applications. Projected time needed for development: 8 weeks

Multiple Conversation Rooms For now, Cryptocat for iOS allows you to join a conversation room and chat with the people connected to this room. In order to allow the user to connect to multiple conversation rooms and talk with people in those rooms, we’ll adapt the way the XMPP connection is handled and adapt the user interface to allow the user to switch between multiple rooms. Projected time needed for development: 8 weeks

Tablet compatibility In order to provide the user with an optimal experience while using the app, we’ll adapt the user interface to take advantage of the screen extra space provided by tablets. This will mean modifications on top of the existing Cryptocat for iPhone and Android codebases. Projected time needed for development: 8 weeks

Improve Translations For now, Cryptocat for iOS is available in English and French. We need to make it available in as many languages as the Cryptocat web application (35 languages.) Projected time needed for development: 8 weeks

Tor Integration Investigate the possibility to use the Tor anonymity network with Cryptocat’s mobile application, bundling it similarly to how Tor is currently bundled for Cryptocat for Mac OS X. Projected time needed for development: 12 weeks

Timestamps in Chat and other User Interface Improvements Currently, Cryptocat’s mobile interface remains relatively undeveloped. One example of a mobile user interface improvement would be adding timestamps. In the chat view, we will add the timestamp for each message, localised accordingly to the user’s system locale. In order to keep the UI clean, we’ll hide the timestamps by default, and show them when the user swipes a chat bubble cell. Projected time needed for development: 10 weeks

Send Chat Invitation (potentially iOS only due to technological restrictions) When a user is connected to a conversation room, they would be able to send an invitation link to another person using the iOS app. The invitation link will be sent by email or SMS, and when taped, the link will launch the app with the conversation name pre-filled. We know we can do this on iOS but we haven’t investigated its technical possibility on Android or other platforms yet. Projected time needed for development: 8 weeks

Documentation Cryptocat for mobile needs documentation to help others compile and install the app and to explain the best way to contribute to the code, documentation, translations, and so on. We have no funding for any kind of mobile documentation at present. Projected time needed for development: 6 weeks

Finally, a bit about the team:

Nadim Kobeissi: Nadim created Cryptocat. He designed Cryptocat’s current multi-party protocol and has experience with real-world cryptography uses cases. Nadim has four years of experience in designing cryptographic specifications and systems and in implementing secure software. Nadim will be responsible for keeping liaison between all teams and the users Nadim will also author reports and documentation, and organize meetings. Under Nadim’s direction, Cryptocat has won multiple awards and has garnered over 200,000 regular users and millions of downloads.

Arlo Breault: Bio pending.

Thomas Balthazar: Thomas is an iOS developer living in Brussels. He has worked as a software engineer for Cryptocat, Kickoff and the European Parliament. He is currently the development lead for Cryptocat for iPhone.

Encrypted File Transfer Returns to Cryptocat

Last November, encrypted file transfer was temporarily disabled in Cryptocat pending peer review of the code and specification by the talented people over at Least Authority. Least Authority collaborated with the Cryptocat team to conduct a thorough review of the file transfer functionality, and the plan was, in order to ensure the best security for our users, to disable encrypted file transfer until we received the full results of their review and implemented their recommendations.

We’re now happy to re-introduce encrypted file transfer into Cryptocat for Chrome, Firefox, Mac, Safari and Opera with the Cryptocat 2.2.2 update. Here’s how it works:

First, open your buddy’s context menu and click “Send Encrypted File…”


Once you select your file, encrypted file transfer will immediately commence, and a progress bar will appear:


Once the file transfer is completed, the receiver will see their progress bar turn into a “Download” button.


It’s important to note that encrypted file transfer will not work over Encrypted Facebook Chat, due to a limitation from Facebook’s end. Otherwise, Cryptocat 2.2.2 is already available for Chrome, Safari and Opera. We expect the Firefox and Mac updates to be rolled out automatically to all users within a week’s time.