Open source tool encrypts Facebook chats
Cryptocat can now pull a person's buddy list from Facebook
IDG News Service - Facebook's messaging application doesn't support encryption, but an open-source chat program, Cryptocat, has made it possible to chat with friends there over an encrypted connection.
The program's founder, Nadim Kobeissi, wrote Monday that the latest 2.2 version of Cryptocat can log a user into Facebook and pull his contact list in order to set up an end-to-end encrypted conversation.
"Effectively, what Cryptocat is doing is benefitting from your Facebook Chat contact list as a readily available buddy list," he wrote.
The move could augment Cryptocat's user base since new users won't have the chore of building a new contacts list, although they would need to download Cryptocat's browser extension or iPhone application to benefit from encryption.
The security of emails and messages was brought sharply into focus by secret documents leaked by former U.S. National Security Agency contractor Edward Snowden revealing sophisticated online surveillance techniques used by the spy agency.
Facebook has said it could enable end-to-end encryption between users exchanging data, but said such technology is complicated and makes it harder for people to communicate.
Messages exchanged using Facebook are protected by SSL (Secure Sockets Layer) encryption, but that only encrypts data between an end user and Facebook. The social networking service would have access to the clear text of those conversations, which potentially could be surrendered to law enforcement under a court order.
If two people are using Cryptocat, Facebook will know an exchange occurred between the two users and the time of their chat. But the messages themselves will only say: [encrypted message].
The fact that Facebook knows two people are chatting, a type of information known as metadata, should not be a deal breaker, Kobeissi wrote. Users presumably know they're divulging that information already to Facebook by using their service.
"There's no harm in Cryptocat using this already-given metadata to allow these users to set up encrypted chats," Kobeissi wrote. "The usability benefits of being able to quickly see which friends are online and ready for an encrypted chat remain overly substantial for those users."
Facebook will know, however, that the people are using the application due to the use of a Cryptocat relay to transfer the contacts list, he wrote.
Kobeissi wrote that if a person's Facebook friend logs into the service and is using Cryptocat, the conversation is automatically upgraded to an encrypted one. If one party does not have Cryptocat installed, the two people may chat, but the text will not be encrypted.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Market Overview: Digital Customer Experience Delivery Platforms Forrester states that businesses today struggle to understand and use the tools necessary to create and manage unified, multichannel digital customer experiences across...
- The Growing Demand for Rich Media This white paper discusses how IBM Customer Experience Suite Rich Media Edition can automate rich media workflows, from collaborating with creative agencies and...
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success!
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt. All Encryption White Papers | Webcasts