In Plain Sight

05.12.14

Crypto for the Masses: Here’s How You Can Resist the NSA

It used to take serious nerd ninja skills to secure your communications. But a browser plug-in that encrypts Facebook messages could change all that.

As revelations of the NSA’s mass surveillance have poured out over the last year, we’ve all been told that we have to encrypt our communications to keep them safe from prying eyes. The trouble is, crypto programs are still too hard for normal people to use.

That may be changing. Cryptocat, the web-based encrypted chat program, has just opened up to a new set of users: the roughly 1.2 billion people of Facebook. By taking advantage of Facebook’s open APIs, Cryptocat allows anyone using their software to chat on their normal Facebook account with one more layer of protection.

Nadim Kobeissi, Cryptocat’s 23 year-old founder, started the project about two months ago, to give people already using lists of contacts in standard Facebook chats a way of adding their own layer of encryption. “We already have a ton of users that use Facebook as a list of their contacts. So why not take their Facebook friend list and use it to enable them to have encrypted chat with their friends?”

No one, including Kobeissi, would call Cryptocat “NSA proof.” If a powerful entity like the NSA is after you, no software is likely to save you. But tools like Cryptocat could be perhaps described more gently as "mass surveillance resistant.”

On Facebook, chats are encrypted between users and Facebook’s servers. No one on the open Internet can read Facebook chat messages without breaking the SSL encryption Facebook uses, denoted by “https” and a lock icon in the browser. But Facebook itself can see, store, or even turn over all the messages their users send to each other.

After installing a browser plug-in for Cryptocat, the program connects to Facebook using the same SSL Facebook uses, and shows people their available Facebook friends. But the security feature Cryptocat ultimately offers is different. It’s called “end-to-end” encryption, and it doesn’t allow Facebook or any other server, including Cryptocat’s own, to see plain text messages. Only the participants in any given chat have the keys to decrypt and read their own chats. All Facebook will see is cyphertext—the mathematical gibberish computers generate to thwart spying eyes.

“No one would call Cryptocat 'NSA proof.' If a powerful entity like the NSA is after you, no software is likely to save you. But tools like Cryptocat could be perhaps described more gently as 'mass surveillance resistant.'”

Chatting with Facebook friends who aren’t using Cryptocat is the same as using the standard Facebook interface—secure to the server, and then readable by Facebook. But if a Facebook friend is also using Cryptocat, the program automatically exchanges keys and becomes “end-to-end”—unreadable by Facebook or anyone else not participating in the chat.

Kobesissi and other security-minded computer experts have referred to this as opportunistic encryption—getting non-geeks to add some security to their existing communications, rather than have to learn new and difficult tools with user bases that number closer to thousands than billions.

Frederic Jacobs, a Switzerland-based developer of encryption software for Open Whisper Systems, tweeted, “You can now send me encrypted messages on Facebook with @cryptocatapp. Opportunistic encryption at its best”--along with a screenshot of a chat.

In the post-Snowden era, more non-techies around the world are looking for ways to secure their regular conversations from mass surveillance. Many in the crypto-building community believe adding encryption to existing tools is likely to be the best answer. Cryptocat, with its simple and clean interface, has attracted those users more interested in security than security software.

For being such a straightforward piece of software, Cryptocat, and its young creator, have had a rough history. Kobeissi started the project at 20 as a lark in college. He was trying to make security software—something that’s notoriously impossible for non-experts to use—into a tool for the masses. His simple and idiosyncratic website and its ’80s-themed icons were a success, drawing in users who had never been able to get a grip on encryption software. But Crypto.cat was riddled with security problems. Kobeissi stated that the software was experimental, but came under repeated harsh criticism aimed at his age and lack of previous involvement with the tight-knit information security community.

“Early versions of Cryptocat really did contain some nasty bugs,” said Matthew Green, a cryptographer and research professor at the Johns Hopkins Information Security Institute. “Even the most recent versions took a minor beating in the recent security audits. You could do things like join a chat using the same name as a user who had recently dropped off, and Cryptocat would happily let you take their place.”

In other words, infiltrating this supposedly secure system was alarmingly easy.

Looking back, Kobeissi thinks his release of Cryptocat was probably premature: “I think the project could have spent more time in incubation, although since I was developing it as a curious university student at the time, that simply wasn’t part of the process.” He wasn’t ready for, or expecting, the attention the project got.

Now, three years later, Kobeissi works full time on Cryptocat. “The project has completely matured into something very different than what it was,” he said. He has gotten better at rolling with the punches, at once point deleting many old tweets to make a new, more professional start in his social media life.

“Despite those issues [Kobeissi] is kind of a genius when it comes to solving the most important problem in our field: deploying usable crypto,” Green said.

The cryptographer added that after a rocky start, Cryptocat has much better track record. “He’s got a working system that tackles all of the major platforms that users want. He’s got support for one of the most popular chat networks [Facebook] and Cryptocat is downright pleasant to use,” Green said. “He’s doing this all in a time when the popular competitors are either paid services or don’t have as much support.”

Kobeissi credits the commentary, both harsh and gentle, with making the security of the software better, and moved it from being served by a website to being a downloadable browser plug-in in September 2012. Making Cryptocat a download answered the strongest criticism of software: that it could be interfered with when a user first connected to the server, and malicious code could be injected into the browser.

This flaw, and others that have come up both from the information security community and software audits, have been fixed by Kobeissi and other Cryptocat coders, but every new feature adds the likelihood of new bugs.

Kobeissi hasn’t just taken criticism. He’s dished it out, too. In January 2013—when Kim Dotcom’s new startup, Mega, announced it was using the browser for end-to-end encryption—Kobeissi criticized Mega for offering a pure website app, just as he had been until he moved Cryptocat into a browser plugin. “It’s a nice website, but when it comes to cryptography they seem to have no experience,” Kobeissi said, reflecting the same language used at him. Mega responded as Kobeissi has four months before—by offering browser plug-ins and stand-alone applications to use their encryption effectively. 

Kobeissi still gets criticized as an outsider, and it still smarts. Last Thursday, Chris Soghoian, principle technologist for the ACLU, and a longtime critic of Kobeissi, took a swipe at Cryptocat on Twitter:

To which Kobeissi responded:

In the meantime, Kobeissi is looking to expand and is considering connecting to other services that could benefit from Cryptocat’s protection. “For example GTalk could be a possibility,” he said. For experts, tools already exist for encrypting all these services’ chats, such as Pidgin and Adium with the OTR plug-in. But for people who experience the Internet from their browsers, like most of Facebook’s 1.2 billion, those tools will never be an answer.

Cryptocat on Facebook has one major inescapable flaw that Cryptocat outside of Facebook doesn’t. Facebook still has access to all of their users’ metadata: when they connected, where from, who they talked to, and how long they talked.

“Traditional Cryptocat group chats are still supported,” said Kobeissi. “If you don’t want buddy lists, you can still use the traditional group chat mode… this encrypted Facebook chat feature is made for people who are already giving Facebook their contact list. If they’re already giving Facebook the list, what’s the harm with Cryptocat using it to grant you a layer of encryption?”

Green agreed. “I think there are huge benefits to providing encrypted chat on ‘walled gardens’ like Facebook or Twitter. For better or for worse, a lot of people use these platforms… In all these systems messages get logged at the server and it’s not clear for how long they stay there,” he said.

Green’s main worry is that if Facebook decided it didn’t want Cryptocat to encrypt user chats, it could easily shut down or alter its API. “That makes it a bit risky for Cryptocat to throw a lot of development time into. On the bright side, the trend among Silicon Valley post-Snowden has been positive when it comes to user privacy. Private chats are [by definition] private, so it isn’t like there’s a strong case for Facebook to scrape them for user data. I think Cryptocat has decent odds here.”