Cryptocat 2: Deployment Notes

As we get closer to the deployment of the first Cryptocat 2 beta, we’d like to announce the deployment strategy and the major differences Cryptocat 2 will have from Cryptocat. Some of these differences change some fundamental parts of Cryptocat and we encourage our users to familiarize themselves with them. Cryptocat 2′s Beta release date is tentatively August 18th, 2012.

Changes Coming with the release of Cryptocat 2:

  1. Cryptocat 2 will only be accessible as a local browser extension (or app.) Extensions will be available for Google Chrome and Mozilla Firefox. We understand that pushing this change strongly lowers immediate accessibility to those who don’t have the Chrome or Firefox extension installed, but we do believe that the security benefits outweigh the accessibility disadvantages in this case. Installing a Chrome or Firefox extension is a one-minute process in most cases and affords the user protection against a variety of threats. Visitors of the Cryptocat website will be greeted with a friendly notification asking them to install the extension, based on their browser and locale.
  2. Cryptocat 2 will be an XMPP client with a new interface including buddy lists and tabbed conversations. This means Cryptocat users will be required to log in with a username and password. This change means that Cryptocat will be able to connect to any XMPP-BOSH server worldwide and to federate across servers, including Google Talk and servers. We will be running a default XMPP server, but also encourage users to connect to their favorite XMPP servers. We understand that the requirement of a username and password destroys the capacity to use Cryptocat to set up instant chat rooms, but we also believe that standardizing Cryptocat into an XMPP client is worth it.
  3. Cryptocat 2 will use the OTR protocol for two-party conversations. Cryptocat 2 includes an implementation of the popular, standardized OTR protocol which will be used to maintain two-party conversations. The protocol has been picked due to its popularity with other XMPP clients (such as Pidgin or Adium) with which Cryptocat will be able to inter-operate, and also due to its security.
  4. Cryptocat 2 will not have group chat immediately upon release. This is because we are still researching the implementation of the mpOTR protocol and whether it will be feasible to efficiently implement it in a browser context. There is still debate in this issue on whether the mpOTR protocol will be efficient enough to work in a browser context — group chat is unlikely to exist in Cryptocat 2 until this issue is resolved.

We welcome the community’s thoughts on the above changes that we’ll be pushing with Cryptocat 2. Let us know what you think.