Cryptocat, the encrypted chatting service has just released their iPhone app in the App Store. The developer has indicated in aÂ blog postÂ that the Electronic Frontier Foundation (EFF) helped in resolving the issues with Apple.Â It isnât clear why it was rejected but according to the developers, Apple specifically had a problem with group chat encryption.
Cryptocat has became quite popular in wake of the NSA controversy, where the agency was found to intercept and snoop on communications. Cryptocatâs end-to-end encryption by design doesnât allow for anyone in the middle to read your messages.
According to the developer, Cryptocat depends on native iOS APIs instead of web cryptography which has been used by other Cryptocat clients. The iPhone app usesÂ the OTR protocol for private conversations, and multiparty protocol for group conversations.Â Cryptocat is also available forÂ Mac, and also offers browser extensions forÂ Chrome, Firefox, Safari and Opera.
Hereâs how it works:
Cryptocat is different from other encrypted chat tools in that it doesnât require usernames or accounts. Users enter a conversation using a one-time nickname. There are no buddy lists or account activity or account history to link back to the user. This way, Cryptocat offers a unique ephemerality that makes setting up encrypted conversations immediate and without any lasting history that can be traced back to users.
” I was really excited to see this app hit the app store, but unfortunately the iOS version does not appear to have been written with privacy / security in mind. The app leaves behind a treasure trove of forensic artifacts that can be lifted from your device if it is ever stolen, hacked, or seized by law enforcement. The most notable of which is that all your past typing is logged into Appleâs keyboard cache, so that previous conversations, including word counts, can be extracted from the device. Cryptocat could have prevented this by turning off auto-correct or writing their own. The app also intentionally stores the userâs private key, room name, nick, buddies, and other identifying information in the configuration file. This can all be used to identify you, past conference rooms, and other information that could expose you. And sadly, if I could figure this out in just a couple of minutes, Iâm sure bad guys / feds / etc. are figuring it out too. This can be recovered forensically from most commercial forensic tools on devices of any model.”
by Jonathan Zdziarski
So if youâre looking to chat with privacy, download Cryptocat from the App Store using thisÂ iTunes link.