Chatting online is easier than ever; chatting securely, not so much. The chat clients built into Facebook and Gmail emphasize ubiquity and ease of use over encryption. Cryptocat is one chat client that says you can have both security and convenience, and made quite a splash upon arrival.
Cryptocat demonstrates an important lesson about security software: Newer rarely means better. Following a glowing profile piece Wired published on Cryptocat and its developer, 21-year-old Nadim Kobeissi, security guru Bruce Schneier published a cautionary post in his blog letting readers know Cryptocat wasn't as safe as it seemed. At the time, the problem was that Cryptocat handled security host-side, rather than locally. This has since been addressed, and Cryptocat now runs as a browser extension and handles encryption locally. Still, this is an important example to keep in mind: Encryption software, even when it's open-source, can't be considered secure until it's been thoroughly audited and battle-tested (preferably for years).
While I wouldn't use Cryptocat for mission-critical secret communications, it does add a modicum of security and privacy over the features built into Google and Facebook, and is just as easy to use. After installing a Chrome or Firefox extension, all you have to do is pick a nick (a handle) and a title for your chat room, and presto--you can chat with any other Cryptocat user who joins the room. The aesthetic is decidedly old-school 8-bit, but that only adds to Cryptocat's charm. It's a nice way to chat with friends, and can serve as a reminder that it's important to use other forms of security, too.
Note: The Download button on the Product Information page takes you to the vendor's site, where you can download the latest version of the software.
This story, "Review: Cryptocat chat client includes encryption" was originally published by PCWorld.