Cryptocat for iPhone and Android – Call for Review
blog.crypto.catYou know that using a .cat domain for something not related to Catalan culture or language is not allowed by the conditions established by ICANN and Fundació puntCAT?
You have only translated the main page (with Google Translator...) to make it look like you have some Catalan content there. That's naughty.
"In order to be granted a .cat domain, one needs to belong to the Catalan linguistic and cultural community on the Internet. A person, organization or company is considered to belong if they either:[4]
1. already have content in Catalan published online.
2. have access to a special code (sometimes called ENS), issued during special promotions or by agreements with certain institutions.
3. develop activities (in any language) to promote the Catalan culture and language.
4. are endorsed by 3 people or 1 institution already using a .cat domain name."
Cryptocat's website and the Cryptocat app itself are both fully translated into Catalan, and we maintain a very communicative and open relationship with PuntCAT.
The only page I have found in Catalan so far is the homepage, and it is translated 50% by Google and 50% by someone who probably did not even finish high school.
I'm happy that the app is translated into Catalan. I hope the translation is better than the one on the website.
Just wanted to make sure you know what this domain is actually used for.
I'd gladly accept your help with improving our Catalan translations! :-)
I can surely help you translate the homepage. Just give me a contact mail.
nadim@crypto.cat
Would you consider making the APK for Android available? I'm on Cyanogenmod without Gapps (including Google Play). You teaming up with https://f-droid.org/ would be even better. Cheers!
Please do, please help Android users to be Play-Store-indipendent!
Are you offering to help with more Catalan translations?
I'm offering to translate the homepage :)
This thread ended way more positively and constructively than I would've imagined. Should be bookmarked for future discussions of "HN is turning into [insert negative thing here]"
Reminds me of Reddit's /r/bestof subreddit.
I've always wondered what is so special about catalan? Why do they deserve a special three letter domain nobody else has?
Who should I address a letter to request for the wayuu culture to have a .way tld?
The thing is, the Catalan community has a very strong presence on the Internet.
As an example, the Catalan version of Wikipedia currently has +400.000 articles, being the 17th biggest.
To make clear what this means, you have to know that Catalan isn't even under the 100 most spoken languages worldwide (it has about 7 million speakers). So there is 1 article for every 17.5 people. Compared to the English version (4.4 million articles, 700 million speakers = 1 article every 159 people), or the Spanish one (1 million articles, 460 million speakers = 1 article every 460 people!), it is quite impressive.
So why would they want an own .cat domain? Because as a non-independent country / nationality, they are not allowed to have a two letter domain. Still, they wanted to be represented on the net so there was the PuntCAT foundation which did a huge effort in order to obtain the three letter .cat domain, but as it was sponsored, I imagine that they decided to restrict the usage of it to websites that have something to do with Catalan culture, or at least are written in Catalan.
I must say the Catalan culture and political movement is a pretty interesting topic itself, but I didn't want to make this post political, but rather interesting for "teh techies".
For curiosity. Does Valencia and Balearics use the .cat domain?. They seem to call their Catalan "Valenciano", even if it is the same language.
Provinces can get ccTLDs - Taiwan has .tw.
Sponsoring and getting .cat is a pretty cool workaround, though.
Can provinces really get ccTLDs? I thought .tw existed because Taiwan has an ISO country code: http://www.iso.org/iso/country_names_and_code_elements
Having said that, I'm not sure why the UK (whose country code is GB) uses .uk
Because GB Is "Great Britain" (England, Scotland, Wales)[1] which does not include Northern Ireland.
UK is "United Kingdom of Great Britain and Northern Ireland" which is all four.
It was a politically motivated move basically.
[1] Lets not get pedantic here.
IANA considers .tw to be "Taiwan, Province of China", as does that ISO link. As I understand, China pretty much bullied everyone else into not recognizing Taiwan so the rest of the world (like the UN) agrees Taiwan isn't a country. That's why one reason Microsoft asks for your Region, not country.
There appear to be other ccTLDs like .IO and .AQ that aren't countries. (Probably more.)
And I'm just being pedantic.
Both IO and AQ are ISO country codes as well. I'm not sure why.
Hong Kong has a ccTLD (and an ISO country code, and a currency) but is not a country, while still mostly working like one.
Whether Taiwan is a province or a country is a contentious issue, and will depend heavily on who you ask.
Well as far as IANA concerned (which I suppose is the only relevant view for .tw), it's "Taiwan, Province of China"[1]:
https://www.iana.org/reports/2010/taiwan-report-07jun2010.ht...
I would love for the Appalachian culture to apply for the .app TLD.
What culture?
Maybe this will help: http://en.wikipedia.org/wiki/Talk%3ACountry_code_top-level_d...
Summarizing, we might not have qualified for a two-letter domain because we are not an independent country.
As a man married to a Catalan girl. Be careful where you are going :-).
ICANN.
Right, shadow.cat's approach to solving this was to talk to Barcelona's perl mongers group and get them to translate some introductory perl documentation; they eventually decided they'd prefer to take payment in books rather than money if memory serves, but the point basically is "your community should allow you to find enthusiatic and affordable translators with very little difficulty." I was, frankly, pleasantly amazed by how well it went for us.
Easy to be snarky about this. But I admire their persistence.
In the face of the extensive criticism they could have just given up.
Instead they have acknowledged making mistakes, didn't give up, learnt from the mistake and changed their subsequent behavior. This is admirable.
Thank you very much for that comment.
I believe that we've been truly open source, transparent and accountable for our code since day one. There are other projects who are currently similarly open and transparent (I respect TextSecure for this,) but I can't say this is the standard in this field.
We've always solicited and compensated feedback from security enthusiasts, hobbyists and world-famous cryptographers alike. Over the past year, we've had the opportunity to grow into a product that examined what is fundamentally responsibly possible in the browser, and we've even landed ourselves as a primary use-case for the W3C's Web Cryptography working group. We've produced a true, responsible alternative for people who just don't know how to use anything more complicated than Facebook Chat, and we've made it clear that we are not trying to replace PGP or other iron-clad 30-year old solutions. We're trying to help mom and pop users.
Regarding our past vulnerabilities, I can't think of a fuller disclosure than dedicating an entire talk to detailing every single one of them: https://blog.crypto.cat/2013/11/documenting-and-presenting-v...
We also carried out a study to verify whether users were indeed clicking on the security warnings on our website: https://blog.crypto.cat/2013/11/yes-cryptocat-users-are-read...
We want to do things right. We are truly open source, truly honest, transparent and we take immediate steps for mitigation every time. We will continue to solicit audits and feedback for our more experimental browser client, but also hope to have a more grounded product in our upcoming Objective-C (iPhone) and Java (Android) apps.
Overcoming a bad reputation is extremely more difficult than keeping a good one. We have been less lucky than other projects. The fact that we used experimental platforms and coupled that with overly loud disclosure of all the failures those platforms lended us meant that we couldn't keep face as easily as other projects.
But that said, I can't but resent the continued accusation that after three years at this, myself and all other volunteers (a wide range) working on this haven't matured enough to know what we're doing, and haven't proven that we care very much to do it right. It's very relieving to hear that the community at HN can understand this and see that we have been proceeding responsibly for quite some time now.
> I can't but resent the continued accusation that after three years at this, myself and all other volunteers (a wide range) working on this haven't matured enough to know what we're doing, and haven't proven that we care very much to do it right.
The thing is, in the case of a significant percentage of people attempting crypto, it's not that they don't care, it's that they simply aren't capable of it. Jumblefucks like the telegram launch (which was too disorganised to be a clusterfuck, frankly) keep that fact fresh in everybody's mind.
What's interesting to note, though, is that people are now largely complaining about the fact that vulnerabilities have been found, rather than your response to them. I think maybe that's a more useful metric for how competently you're dealing with it than pure positive/negative response is, under the circumstances.
Compare them to underground dentists -
Bob has no medical training, but has a dremel and practiced on a pig head. He offers to do a filling for his pal. He makes a bit of a botch of it, but he larns from his mistake and carries on. Dentistry is important so it's admirable that Bob ignores the criticism. Bob's first pal is currently fighting off a severe infection, but Bob uses that as a learning experience.
Bob will get there one day!
If a growing portion of the dentistry industry was discovered to have been weakening people's teeth at the government's request, I'd start to buy Bob a beer a little more often.
It turns out Bob was actually receiving radio transmissions from the ADA through his fillings. He's a sleeper in the underground dentist community, waiting for the call to turn his xray machine on when the TSA releases its ruling on the need for back-scatter surveillance to prevent the next tooth-bomber from hijacking civilian aircraft. Be careful what you say around Bob.
Except, this is software.
My favorite expression when things get heated: "Nobody is going to die."
There are exceptions, of course, but a vast majority of the work we do just doesn't matter in the context of life and nature.
Unfortunately, I don't think the 'Nobody is going to die' statement holds up for software like cryptocat. If it is promoted as secure, then it could be used in areas with hostile regimes. For example, members of the Arab Spring uprising might have trusted cryptocat, but what if their governments were intercepting and decrypting those messages due to a flaw in the software?
Bottom line, explaining away problems by saying 'nobody is going to die' is a downright dangerous statement IMO.
> "Nobody is going to die."
This isn't accurate, e.g. http://cryptome.org/2012/07/chile-comments.htm .
Bad crypto is actually much more dangerous than a single rogue dentist.
Bad crypto doesn't kill, people/organizations with a fucked up agenda do.
I thought this past year taught us that no information is safe. To expect that any system is entirely secure and ever will be is pure egotism.
Then what's the point?
And one of those exceptions is people trying to use bad crypto to avoid persecution...
Normally, yes, but this is crypto. It's not medicine, but it's pretty close to a bullet-proof vest. It's important that it does its job.
That's true. Market software accordingly and everything is fine.
I am glad to see cryptocat being much more careful with their wording.
Except if the flawed software is a company's core product, the company might fail.
As we all know, corporations are people, my friend.
Are there any other dentists around who would work on Bob's pal? If so, are they actually better dentists than Bob? If so, is it possible for Bob's pal to find, enter, and understand their places of business, well enough to receive the care she requires?
Cryptocat would never be used by Glenn Greenwald, but that's because he is privileged to have access to better crypto.
> but that's because he is privileged to have access to better crypto.
That's the first time I've heard of using PGP to be a privilege.
Agree , I really believe they are commited to security and openness. They should be a model for a lot of security focused companies out there. Security is a process.
I know, it's like they never heard of the term "security through obscurity"
I will say from skimming over the source tree the amount of code in CryptoCat(android) is surprisingly light. This is very refreshing compared to other chat applications which are unnecessarily huge.
Will be definitely going over this later.
Cryptocat for Android is particularly unfinished so far. I would be surprised if you don't find bugs inside. Cryptocat for iPhone is currently a lot more mature, but similarly still needs peer review.
We have a commissioned audit for both apps, but it won't be starting for another two weeks. Thanks SO MUCH for your interest. We rely on security enthusiasts for comments and advice.
If your multiparty protocol is actually something you want scrutinized, why not follow the accepted model and make a c library reference implementation and release a research paper outlining the basis for your design decisions?
"Hey guys, here's the code, file some bugs for software that is of no use for you to spend time auditing" is pointless.
Adium has an incentive to read the libotr sources. Every user has a small incentive to read kernel sources.
Nobody has any meaningful incentives to read the cryptocat homebrew multiparty cryptosystem except the few you've paid to do so. This is cargo cult peer review; it looks like you're doing it but it doesn't actually yield the intended results.
PS: glad to see you switched to OTR for two party. You should have done that years ago, but at least you wised up in the end. Hopefully nobody got killed or tortured in the process.
It's true that we don't have a research paper per se for the multiparty protocol, but we do have a specification document [1] as well as implementations in Objective-C, Java and JavaScript. The specification, as well as the implementations, have received both professional audits (from cryptographers) as well as community audits. The reason we don't have a research paper published is simply because we're working on one right now — a redesign of the multiparty protocol based on OTR. We have cryptographers on board from various Canadian universities and are organizing an internal forum to get them to collaborate on this. We expect publishable results by June 2014.
Regarding OTR, we actually switched to that 16 months ago — it's not exactly like we recently wisened up.
[1] https://github.com/cryptocat/cryptocat/wiki/Multiparty-Proto...
> as well as implementations in Objective-C, Java and JavaScript.
Factor the ObjC version out to plain C, and call into it from your Objective C implementation. Make the plain C version the canonical version. (Things like Emscripten may be useful here for your JS use-case.) This is how libotr does it, and for good reason.
Then, others can use it, and perhaps you will get meaningful free auditing. What you're doing now probably won't attract that because unless your bug bounty is six-figures, nobody competent will spend any significant amount of time auditing it because they have no incentive to do so.
Everything you've said in your comment is good advice. Once the paper I've mentioned is ready, we will have this kind of implementation.
And why the hell should i use a app that is written by know poeple that prooven they have no clue about crypto? Why shouldn't i use one of the many apps that support OTR?
Cryptocat's private chat uses OTR. Our group chat function uses an open and studied multiparty protocol. Generally, our security bugs have been implementation errors much more than protocol design errors.
Surely, the best we can do as a community project is open up our code for more volunteers and experts to help and take a look. :-)
It's fine that you have faith in your product but I will believe what you say when other people outside the project confirm it, otherwise is just marketing.
I do not use gnupg because the creators say it's nice, I use it because everybody including their competitors says it's OK.
Great to hear that you switched to older and audited code. Could you explain what relationship this app has to the javascript version?
There are currently three Cryptocat clients:
* Cryptocat: The original client. It's a signed browser extension that you download and install in your browser. It offers OTR implemented in JavaScript in a friendly chat interface. We take every precaution to make JavaScript more secure, such as using a signed browser extension to prevent code delivery MITM, using native cryptographically secure random number generation, and so on. More info on our JavaScript approach at my personal blog: http://log.nadim.cc/?p=33
* Cryptocat for iPhone: No JavaScript here! This is an app written in Cocoa Touch/Objective-C that implements OTR and our multiparty group chat protocol. It's really quite a simple app compared to what we had to do to put encrypted chat in the browser. It's new and needs review! Find bugs! Help a cool open source project! We'll send you rewards!
* Cryptocat for Android: No JavaScript here! This is an app written in Java that implements OTR and our multiparty group chat protocol. It's really quite a simple app compared to what we had to do to put encrypted chat in the browser. It's new and needs review! Find bugs! Help a cool open source project! We'll send you rewards!
All three clients are made to be 100% inter-operable.
I guess the third one should be the android version.
Derp. Fixed. Thanks!
Please tell me something that even approaches these conditions:
1. Implements OTR / Isn't a roll your own flawed cryptosystem like telegram?
2. Can be used by non technical users
3. Can be used on linux, osx, windows, ios and android?
4. Does not crash all the time (ios's chatsecure)
5. Is open source?
So far, unable to find it. It's easy to be a critic. Cryptocat and textsecure are the only two contenders, and right now cryptocat is the closest one to meet all of those conditions.
I'm the primary developer of this. I feel like it fulfills a lot of the points that you argue, please feel free to take a look :)
Doesn't have mobile integration and push notifications. I can't use it as a chat client on my iOS or Android device. There are many mature OTR chat clients for the desktop. Cool product although.
Glad that they're taking security seriously. It's a sharp difference from how they used to do things[1]. However, I'd still like to see either an explicit bug bounty (there's one implied here) or a paid audit.
[1]: http://blog.cryptographyengineering.com/2013/03/here-come-en...
From my perspective, we've been taking security seriously a year+. Our first commissioned audit was in November 2012, and we've had a bug bounty since then as well: https://crypto.cat/bughunt/
This isn't, of course, to say that there haven't been vulnerabilities. But I have to stand behind our mitigation and disclosure policy as being very highly responsible and transparent.
So far, we've had three paid audits, with two more lined up, and regularly reward community bug-finders. We're planning more competitions for Cryptocat Mobile in March and April, with prizes such as iPhones and Nexus Phones. :-)
Hi, I am working on a security-focussed startup. We have a rough cut of our initial product offering due in the next month and are trying to get initial trial users and customers on board to help us demonstrate interest.
How do you manage to afford to finance the audits and bug bounties? We have found that some potential customers want to see us get security audited before trusting our solution, but from what we can tell this is a multi-hundred thousand dollar cost and requires us to freeze development while it takes place. We currently have zero day-to-day budget and runway for 6 months. How have you afforded it?
> How do you manage to afford to finance the audits and bug bounties?
Public donations from our website and funding from public institutions and NGOs. Currently, our audits are funded by the Open Technology Fund: https://www.opentechfund.org
Generally, our funding tends to be very limited though, so sometimes we have to ask someone to do an audit for cheaper than they usually would, seeing as we're an open source project with no source of revenue.
EDIT: Forgot to mention, we have no funding for bug bounties. I pay all bug bounties out of my own pocket. I don't mind, I feel the money is very well-spent.
Good luck with your startup!
Ah, so basically, as a for-profit company aiming at a B2B enterprise product, we are screwed in this regard until we have the capital to absorb the audit cost through either revenue or investment. Oh well.
None of your incentives are sufficient to get large adversaries to drop their non-obvious zero day on you.
can you give some screenshots or videos of the fingerprint showing mechanism?
My biggest concern with cryptocat is that this info is kind of hidden and not bubbled up to the user.
In the web version, the way its handled makes it possible for the server operator to replace who you are talking to mid-conversation without warning unless you click a fingerprint button before and after every message you send which nobody is going to do
I know there is an issue for this on the web version ( https://github.com/cryptocat/cryptocat/issues/463 ), just wondering if the mobile ones take a different approach.
How are you guys going to get Cryptocat on the iPhone app store? Apple rejects GPL-licensed apps.
If they own the copyright they can also release it under the 'whatever terms are appropriate for the app store licence'.
I thought the GPL automatically gives all rights to the code to the FSF.
Is that a joke, or do/did you honestly think so?
GPL is a copyright license, which people who receive it can use as permission when redistributing the copyrighted work.
The GPL do not give FSF anything. Same is true for example that Massachusetts Institute of Technology do not get all the rights when some code is licensed under MIT license.
Is that the case? I thought it was more that the GPL rejects distribution on the App Store.
Are you seriously saying that it is the FSF's fault? It's Apple's fault. They didn't have to make the iPhone a closed platform.
So there's a DC hackathon[0] taking place this weekend, and Cryptocat is on the list of projects to work on.
I imagine the Android and iOS apps would be ripe targets for bug finding adventures, but are there any places specifically that could use the kind of scrutiny that such an event could provide?
[0] - http://www.eventbrite.com/e/dc-internet-freedom-hackathon-ti...
Yup! I'm leaving for D.C. tomorrow and will be at that hackathon. Please come and help!
Man they are a glutton for punishment.
I like to think that the Cryptocat team and myself have matured beyond the point where we consider security disclosures to be punishment, but rather something to be expected when handling a project that wields experimental technology. We're trying to be adults by adopting principles of full disclosure, mitigation, transparency, public involvement, and making sure our process is tweaked to prevent the repetition of past mistakes.