I’ve been experimenting with Cryptocat with a few friends for several months now. For those of you who haven’t heard of it, Cryptocat is an Off-the-Record (OTR) messaging client that runs as a browser plugin. I’m a fan. Cryptocat has undergone and passed at least one security audit, which makes the developers’ claims of security far greater than many other clients. More importantly, as somebody who is trying to convince people to use secure communication systems, Cryptocat is easy to use. After spending some time trying to convince people to use security methods of communication I’ve learned that the primary barrier is effort; the more effort a system requires the less apt people are to use it. Of course there are downsides to everything that the biggest downside to Cryptocat has been it’s lack of a mobile client.
Fortunately that issue has been partially resolved with the introduction of Cryptocat for iOS. I’ve been playing with it for roughly one week now and am impressed. The interface is straight forward, the client has no issue logging into Cryptocat conversations, and you receive iOS notifications when a new messages appears in a conversation. Unfortunately, due to Apple’s restrictions, Cryptocat is only able to run in the background for a few minutes before it’s unceremoniously killed. Since Cryptocat rooms don’t maintain a history of posted messages (by design) you can’t catch up on any message sent between the time your client is killed and you log back in. But when you’re working on Apple’s system you have to play by Apple’s rules.
I’m hoping an Android client will be released soon. Once that’s done a vast majority of smartphones will be able to access Cryptocat rooms, which will make the system more viable. Who knows, someday OTR may become commonly used for text communications.