Over the past couple days, I have been watching a fair number of videos about hacking, intelligence, privacy. Fortunately, I ended up watching Nadim Kobeissi's presentation for SigInt 2013: "The Social and Technical Challenges of Making Crypto Accessible to Everyone." I'm not a hacker, I'm not a crypto guy, and I'm not a coder, so some parts of this presentation went over my head. The most important point--as a user, crypto newbie, and citizen--is that Nadim's emphasis is on making sure normal people finally have access to easy-to-use tools that encrypt our messages and information.
Finally.
Okay, yes, CryptoCat has been cracked, and much of the above presentation discusses those issues. Instead of blaming others, Nadim owns the errors and apologizes. And he moves forward. Far more important than any of the failures is, as he indicates, that this experiment in making accessible cryptography keeps going forward.
Again, finally.
As an outside watching this, it felt like someone was finally inviting us non-tech, non-coder, non-hacker folks to the discussion. As users, we have a lot to offer the crypto and hacker communities--if they are interested.
To support my ongoing interest, I've located a couple other CryptoCat related videos.
Here is Nadim's September 2013 presentation at TEDx in Montreal. This seems to be a collection of his core positions.
RT interviews Nadim about CryptoCat.
Tekzilla's Brief Overview of CryptoCat.
Further SigInt13 Q&A with Nadim re: CryptoCat issues. Check out 15:00 where he discusses the balance between usability and bullet-proof encryption.
CryptoCat at Google Internet at Liberty 2012
David Solomonoff interviews Nadim
What I find fascinating is that people get upset about the software not being perfect. It's been in development a short amount of time and, from what I can tell, nobody claimed perfection. It seems to work much of the time and they continue to improve it. This is what is important. Plus, CryptoCat even explains in their opening windows and in all their information that only using CC does not guarantee privacy. Instead, it seems that more education about layering security procedures would be useful. Of course users want a one-stop-shop solution, but with a bit of education, that might change.
The more people that use CC, spot errors, share those, and try to break it, the better. Only when put through multiple trials can the weaknesses or problems be found. Once this has been done enough, perhaps CC will be able to shift from encryption for non-critical or life-threatening uses to use by anyone needing encryption.