Search Mailing List Archives
[liberationtech] Comments from Chile
nadim at nadim.cc
Tue Jul 31 18:03:03 PDT 2012
I am a lead developer from the Cryptocat Project. Responding to the claim
that Cryptocat chats have been transcribed:
- It is overwhelmingly likely that local spyware/keyloggers would be
responsible for the transcription. This scenario is rendered highly
plausible due to the mention that the computers were previously
confiscated, allowing for spyware to be installed to capture
screenshots/keystrokes/etc. While this is outside of Cryptocat's threat
model, it is still an unfortunate threat to many, and we will be responding
by including a tutorial on how to use Tails <https://tails.boum.org/> in
conjunction with Cryptocat in order to mitigate this threat.
- As an ancillary measure, and even though a non-spyware compromise is
relatively unlikely in this scenario, we will be rotating all of our keys
(SSL and otherwise) within 48 hours.
- As an ancillary measure, we will be studying our network for evidence
of compromise, and we will be migrating our servers to Iceland simply
because we can and it's likely to be a good idea in the long-term.
Furthermore, I would like to mention that the Cryptocat Project's next
major release, Cryptocat 2, which is scheduled this month, will be deployed
in a largely decentralized fashion, getting rid of the server as a possible
compromise point. More information can be found at the Cryptocat
Development Blog: https://blog.crypto.cat.
Given the circumstances of this particular incident, I believe that this is
very likely a local spyware compromise. However, due to it being easily
within our capacity to take thorough measures, we will.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech