No.553779
Hey /tech/ are you excited for the return of Cryptocat?
https://crypto.cat/news.html
Since the rewrite, Cryptocat moved from a browser extension to a desktop app. Atm the features are sparse but I think Cryptocat still provides the best UI when it comes to secure chat program and probably our best bet for adoption by the normies once it moves out of beta.
What do you think /tech/?
No.553797
CC is far from invulnerable but it's a good effort. It's not going to be easy to convince people to install shit tho.
I, for one, welcome our new cryptographic overlords.
No.553876
Hmm. I've been studying Ricochet lately, which also defends against metadata attackes. Not sure why I should care about Cryptocat.
No.553884
Maybe people in Hamburgerland will care. But not in Europe. No NSA.
No.553912
>>553884
Lol you are lying to yourself if you think the NSA isnt spying on you
If they did it to Merkel they can do it to anybody
No.553939
>>553884
>Swedish teacher tweets about how the Muslim kids in his class were celebrating the Brussels attack
>3 cops at his door the next day
>Merkel teaming up with (((Zuckerberg))) to find nationalists and take their kids away from them
Yeah, no one in Europe is looking at your internet activity.
No.553979
No.554007
I remember hearing Cryptocat implemented mpOTR, can anyone confirm that?
No.554017
>>553884
One of the major controversies of the NSA is that it spies on domestic citizens. Spying on other countries is basically a given.
No.554039
>>553884
Haha, good one. Let us guess which of the five I's posted this one.
GCHQ
No.554077
>elliptic-curve diffie-hellman
>SHA-256, the NSA designed hash algo, for security
>no RLWE-KEX
>no multiple block/stream-ciphers randomly chained for encryption
at least it isn't skype
No.554109
>>554077
> multiple block/stream-ciphers randomly chained for encryption
Yeah, all with the same key.
No.554168
no... I think it's fucking garbage
No.554210
>>554109
hash some subkeys from the original keys and there is no problem.
No.554224
No.554234
>>553939
>>553979
I'm too lazy to find the picture right now but the guy was Dutch/Flemish, not Swedish
No.554264
>accounts
yay more metadata
No.554305
File: 1459371924232.jpg (80.94 KB, 600x732, 50:61, dontstopmuslimscelebratingā¦.jpg)
No.554307
>>554305
Was meant to quote >>554234
No.554333
>>553779
another worse-than-tox IM that tries to appeal to normies using memes
kys fam
No.554490
>>554007
Since the rewrite it uses OMEMO to send out message. Which is basically a multicast OTR or at least based on OTR. The original version of Cryptocat had something in the works to be a mpOTR but it was never audited I believe.
>>554333
>worse than tox
Tell me when Tox stops leaking your IP
>>554264
From the network, all messages look exactly the same and impossible to determine who sent without having one of the parties key in the process. By definition, this doesn't make account names metadata. At this point, the only metadata generated from sending messages is the time they were sent if someone was snooping on the network. But that true for every chat protocol.
No.554508
>>553884
You're right. You don't have the NSA.
You have your own version. It's basically the same, it just goes by a different name. It even works together with the NSA.
No.554652
>>554490
>Since the rewrite it uses OMEMO to send out message.
I see, thx for clarifying.
No.554677
>>554490
>Tell me when Tox stops leaking your IP
Tell me when bittorrent stops leaking your IP.
No.554679
>>554677
I torrent over TOR, I iz safe. :)
No.554700
>>554677
I use i2p bittorrent, no ips to leak :^)
No.554701
>>554333
> worse than tox
I find it hard to believe that anything can be worse than tox,
sell it to me.
No.554705
why not make a jabber client with sane defaults i.e. opportunistic otr and connections over tor / i2p ?
No.554706
>>554701
I've been afraid of tox since a friend of mine demonstrated an exploit on me by crashing tox and opening up a random application a few months ago.
No.555172
>>554305
>>554305
he's dutch, not swedish and he later said it was just a rethorical question not something that actually happened.
and Zuckerberg doesn't own Twitter
No.555173
>>554490
>Tell me when Tox stops leaking your IP
Tell me when you get that netbios-over-ethernet IM client working, kid :^)
No.555187
Why not just use tox?
Also don't fucking tell me the IP thing, even with crypto cat you might not give your friend the IP but you give it to the cryptocat site.
No.555188
>>555187
>trusting /g/ with your crypto
Jesus.
No.555199
>>554706
Did he at least try reporting it as a bug? That's kinda what you should do when you discover a security problem.
No.555258
>>555188
>>trusting /g/ with your crypto
>trusting wizardchan PHP coders with your metadata
If crypto strength matters that much in a shitposting application, you shouldn't use a third-party system to do it at all.
No.560305
>>554039
it's "five eyes", like eyes that look out for you.
No.561032
>>554705
The Tor Project is on it, look up Tor Messenger, it's currently in beta.
No.561033
>>554705
The Tor Project is on it, look up Tor Messenger, it's currently in beta.
No.561034
>>554705
The Tor Project is on it, look up Tor Messenger, it's currently in beta.
No.561037
HOTLWHEELS FIX YOUR GODDAMN SITE
No.569731
>>561034
Or if you want something non-beta, I find https://ricochet.im/ quite impressive.
Haven't really used Tor Messenger though, I'd personally be interested in a comparison with Ricochet. (I think we're all agreed that CryptoCat and Tox are shit.)
No.569737
no, it's fundamentally broken - you can't do proper crypto in a browser
No.569779
>>569737
that's true and nadim kobeissi is a dangerous dipshit to even try it in the first place but it's not a browser app any more
No.570119
>>569779
>not a browser app
>Cryptocat is also powered by Electron
https://crypto.cat/mission.html
kill yourself