Open source tool encrypts Facebook chats
Cryptocat can now pull a person's buddy list from Facebook
IDG News Service - Facebook's messaging application doesn't support encryption, but an open-source chat program, Cryptocat, has made it possible to chat with friends there over an encrypted connection.
The program's founder, Nadim Kobeissi, wrote Monday that the latest 2.2 version of Cryptocat can log a user into Facebook and pull his contact list in order to set up an end-to-end encrypted conversation.
"Effectively, what Cryptocat is doing is benefitting from your Facebook Chat contact list as a readily available buddy list," he wrote.
The move could augment Cryptocat's user base since new users won't have the chore of building a new contacts list, although they would need to download Cryptocat's browser extension or iPhone application to benefit from encryption.
The security of emails and messages was brought sharply into focus by secret documents leaked by former U.S. National Security Agency contractor Edward Snowden revealing sophisticated online surveillance techniques used by the spy agency.
Facebook has said it could enable end-to-end encryption between users exchanging data, but said such technology is complicated and makes it harder for people to communicate.
Messages exchanged using Facebook are protected by SSL (Secure Sockets Layer) encryption, but that only encrypts data between an end user and Facebook. The social networking service would have access to the clear text of those conversations, which potentially could be surrendered to law enforcement under a court order.
If two people are using Cryptocat, Facebook will know an exchange occurred between the two users and the time of their chat. But the messages themselves will only say: [encrypted message].
The fact that Facebook knows two people are chatting, a type of information known as metadata, should not be a deal breaker, Kobeissi wrote. Users presumably know they're divulging that information already to Facebook by using their service.
"There's no harm in Cryptocat using this already-given metadata to allow these users to set up encrypted chats," Kobeissi wrote. "The usability benefits of being able to quickly see which friends are online and ready for an encrypted chat remain overly substantial for those users."
Facebook will know, however, that the people are using the application due to the use of a Cryptocat relay to transfer the contacts list, he wrote.
Kobeissi wrote that if a person's Facebook friend logs into the service and is using Cryptocat, the conversation is automatically upgraded to an encrypted one. If one party does not have Cryptocat installed, the two people may chat, but the text will not be encrypted.
- Warning: Cloud Data at Risk Experts agree that relying on SaaS vendors to backup and restore your data is dangerous. Yet that's exactly what huge portions of the...
- Where You Mitigate Heartbleed Matters Read this article to learn more about why customers must choose the most strategic point in the network at which to deploy their...
- Do More With Less: How CARFAX Consolidated Their Security Solutions Through a consolidated F5 solution, CARFAX cut site downtime to zero, secures its data, and deployed a high-performance infrastructure to support its rapid...
- Fight Malware, Malfeasance and Malingering Every year brings more extreme sets of threats than the last. The good news is that there are a range of mitigation options....
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Encryption White Papers | Webcasts