News

Help Cryptocat Pay Infrastructure Costs in 2017

February 20, 2017

Ever since Cryptocat's re-write and re-release in March 2016, the software has grown to serve more than 20,000 users weekly, providing state-of-the-art encrypted desktop messaging, file sharing and video messaging. At any given moment, at least 500 Cryptocat users are active in a conversation.

While Cryptocat, as a project, avoids accepting funding for its software, serving these users comes at a cost. Therefore, we are currently paying infrastructure and monthly server fees out of our pocket to keep the service running. We are announcing a fundraiser to help us pay back our infrastructure costs for 2016. Click here to donate now, or keep reading for details.

Infrastructure Costs for 2016

2017 Fundraiser Pie Chart

Here's a breakdown of our infrstructure costs, which for this year totals €754. As you can see, Cryptocat does not cost too much to run. However, it would be nice to have a bunch of users pool their resources together to offset the cost, instead of having a single software developer keep paying for everything year after year.

None of these costs are within our control: we rent an affordable but reliable server infrastructure to ensure our high reputation for service availability, update delivery and file sharing. We pay yearly fees to renew code signing certificates so users can guarantee the authenticity of our Windows, Mac and Linux releases. We also pay for some miscellaneous services, such as GitHub, to host private repositories and for QA testing.

Fundraiser Progress

€7 out of €754

This progress bar is updated manually but at least once a day. Help us fill it up, and contribute today!


Cryptocat 3.2.08 Release Notes

February 20, 2017

Cryptocat 3.2.08 is now available and brings the following improvements:
  • Security Update! A bug which could allow the person you're chatting with to obtain your IP address by sending a specially crafted audio file has been resolved. Please update immediately in order to benefit from stronger privacy while using Cryptocat. We thank Jason Donenfeld for filing his report.
  • Cryptocat for Windows's installer has been improved.
  • Cryptocat for Linux is now distributed as an AppImage, which should improve compatibility and ease of use across Linux distributions.
  • Cryptocat for Mac's menus and OS integration has been improved.
  • Bug fixes and performance improvements.
In order to obtain the update, open the Help menu and click on Check for Updates.

An Open Letter to The New York Times

December 17, 2016

Dear The New York Times newsroom and information security staff,

On December 15, 2016, nytimes.com published a new tips page that offers individuals who want to blow the whistle on newsworthy issues ways to do so without risking their security and privacy. There is no question that this commendable decision, taken by a newspaper of record, is a significant asset towards a more effective free press.

The New York Times makes itself available to tipsters via cutting-edge privacy technologies such as SecureDrop and Signal. SecureDrop has been deployed in many of the world's most important newsrooms and has almost certainly aided in the publication of the most ethically significant leaks of this decade. Signal's parent company, Open Whisper Systems, has indirectly allowed more than a billion people access to indisputably strong encryption. Cryptocat's own development was strongly influenced, and has influenced, these tools: we adopted a variant of Signal's encryption protocol in March 2016, which was clearly superior to our own, and our early research on client-side web encryption in 2011 set the stage for SecureDrop and Mailvelope (another recommended tool) to follow in using similar engineering fundamentals, oftentimes by learning through our own early engineering mistakes and thereby avoiding them.

Cryptocat was also funded by the same primary backer as SecureDrop, Signal and Mailvelope: the Open Technology Fund, an institution financed by public U.S. taxpayer dollars which supports independent efforts towards a more secure and private Internet. As a side-note, Cryptocat was even featured in a The New York Times article back when it (and myself) were quite young and starting up.

Cryptocat does not offer the services of either Signal or SecureDrop: it does not run on mobile devices and its user experience is not directly focused on the anonymous leaking of documents. Cryptocat is desktop software that offers a service similar to Google Talk or Yahoo Messenger: desktop chat with the ability to send large files, video messages, and offline messages. Unlike those services, Cryptocat couples these features with strong encryption, support for multiple devices and advanced security features such as certificate pinning, forward secrecy and future secrecy. When you use Cryptocat, the aim is that we cannot ever decipher the messages and files you communicate.

However, The New York Times's tips page also recommends a third tool, PGP, implemented through the Mailvelope browser extension, which allows users to send encrypted emails to The New York Times.

The goal is of letter is to petition for Cryptocat's inclusion instead of PGP. PGP does not offer a standard of security that merits its inclusion, while Cryptocat does provide a clearly higher standard of security and privacy than PGP when used under the same use-case. Here is the reasoning behind this claim:

Cryptocat vs. PGP: On History

It is best to start with the obvious: in the case that Cryptocat was ever considered by The New York Times for their tips page, it was likely almost immediately dismissed due to its history of critical vulnerabilities in different aspects of its engineering during its early development. In 2012 and 2013, Cryptocat fell to regrettable lapses in engineering practices that led to a well-deserved weakening of its reputation. Cryptocat clearly failed its users on multiple occasions, and for the past three years, I have been deeply sorry and regretful for these mistakes and I have dedicated all the effort that is within my capacity to mitigating them and preventing them in the future.

Nevertheless, every time these vulnerabilities were reported, Cryptocat responded with full disclosure, immediately issuing security updates and publicly thanking and crediting the security researchers responsible for their discovery.

PGP, on the other hand, is a well-studied protocol, owing largely to its initial release in 1991, a clean two decades before Cryptocat's inception. The PGP protocol's maturity notwithstanding, it should be noted that Mailvelope is actually younger than Cryptocat and still uses some of the engineering practices that Cryptocat was often criticized for, such as working inside the web browser and even going further than Cryptocat ever did, by injecting code into web pages that it does not control. Cryptocat recognized these engineering practices as fundamentally unsafe and completely moved away from them in its rewrite this year as a pure desktop application.

The truth is that since its complete rewrite in March 2016, Cryptocat has simply adopted engineering fundamentals that are known to be undoubtedly safer than those used by Mailvelope, and has been able to integrate encryption technologies that the ossified PGP protocol cannot hope to accomplish. Furthermore, Cryptocat's new rewrite as a desktop application was undergone during my graduate studies, in an environment where I had the resources to produce dependable software. Cryptocat's rewrite was in fact largely informed by the research I participated in for an upcoming academic publication (Automated Verification for Secure Messaging Protocols and their Implementations: A Symbolic and Computational Approach) that studies secure messaging in detail.

This is a stark difference from the first Cryptocat, which was developed as one of my very first programming projects when I was twenty years old. Judging the new Cryptocat desktop application on the basis of the older Cryptocat browser extension is as legitimate as judging a Boeing 747 on the basis of the performance of the Wright Brothers' first functioning aeroplane. This sort of comparison must not be the benchmark with which security software is evaluated.

It is true that PGP remains more aged than Cryptocat. But we are not in the business of fine wine here; Signal, SecureDrop and any other tool worth using is not only younger than PGP but younger than Cryptocat itself. We should judge based on engineering merit, not on age. And when past reputation is concerned, I believe that Cryptocat has honestly done the work to obtain full merit for its excellence in moving past its early blunders into dependable software.

Cryptocat vs. PGP: On Cryptographic Security

In PGP, all emails ever sent by a tipster are encrypted with one single private key, which is kept indefinitely on the user's computer. This private key can only be changed or reset via a manual and relatively obscure process. Whenever this is done, the user's new public key must be communicated manually to all of its contacts. If this single private key is ever compromised, all of that user's prior communications, emails and attachments are forever compromised. If a user wants to use their same PGP identity on multiple devices, the compromise of one device compromises all of their past communications from all of their devices. In "What's the Matter with PGP?", Matthew Green writes:

“For all the good PGP has done in the past, it’s a model of email encryption that’s fundamentally broken. It’s time for PGP to die. [...] A PGP critic is just a PGP user who’s actually used the software for a while. At this point so much potential in this area and so many opportunities to do better. It’s time for us to adopt those ideas and stop looking backwards.”

Cryptocat is cryptographically superior to PGP in almost every respect:

  • No Long-Term Encryption Key: By basing its cryptography on the innovative Double Ratchet algorithm, Cryptocat's chat encryption generates a fresh encryption key for every message. The theft of a device therefore only compromises the last small handful of messages, and only allows the user to impersonate the victim's device until that key is disassociated from the user's account.
  • Forward and Future Secrecy: If, at any point, the state of the encryption keys for a conversation is compromised, the conversation's security will self-heal with fresh key material, preventing the compromise of any past or future messages.
  • Multi-Device Support: Cryptocat supports linking multiple devices to a user's account through its implementation of the OMEMO standard. Cryptocat extends this to allow recipients to authenticate contacts on a per-device basis and to see which device was used to send a particular message. If a device's identity keys are stolen, only that device may be impersonated, and the owner may unlink it from their Cryptocat account using any other device.

To be clear, no one is claiming that Cryptocat is invincible. But all empirical analysis of the current cryptographic protocol indicates that it stands a better chance than PGP in terms of surviving a compromise or an active attacker.

Cryptocat vs. PGP: On Metadata

Let's assume a scenario in which someone is listening on the tipster's Internet connection. If the tipster uses PGP, the following information will be leaked:

  • Email Address: The tipster will need to sign up for an email account. This is more likely than not to be a semi-permanent indentifer, since obtaining an email account without some kind of SMS verification is becoming increasingly restricted by major providers such as Gmail and Microsoft. The email service provider will then log IP addresses used to log into that email, which email addresses sent tips to a The New York Times email address, and more. If the tipster uses their regular email address, they are almost certainly in trouble.
  • Key Metadata: PGP keys carry a significant amount of metadata, including the PGP version used to encrypt the message, the date the key was created, and much more. In order to correctly authenticate a PGP key, more identifying information might have to exist in order to convincingly correlate a key to an owner.

With Cryptocat, users can create random, one-time-use usernames without needing to provide a phone number or email address, or anything really. The only metadata the Cryptocat server sees is that a random username was used to send a message to The New York Times's account. The Cryptocat server does not retain any other information, including account creation time, IP addresses used to login, or anything else. Someone spying on the tipster's network will only be able to see that the tipster at some point used Cryptocat, but cannot identify which username the tipster used, or with whom the tipster communicated. Once the tip is communicated, Cryptocat users may choose to delete their account, which completely erases any trace of the account on Cryptocat's servers.

Once again, the hard, concrete facts indicate that Cryptocat is superior to PGP in terms of metadata. However, it should still be noted that Cryptocat, PGP and the other softare recommended by The New York Times still leak substantially more metadata than SecureDrop: tipsters with a strong metadata-related concern should consider using SecureDrop instead.

Cryptocat vs. PGP: On Usability

PGP is notorious for how painful it is to use. Cryptographers almost unanimously consider its usability to be the source of mistakes that can jeopardize user security within the first email they attempt to send. Aside from Matthew Green's above-quoted post on PGP, Signal's original programmer also had this to say:

When I receive a PGP encrypted email from a stranger, though, I immediately get the feeling that I don’t want to read it. [...] PGP is a technology dead end [...] In the 1990s, I was excited about the future, and I dreamed of a world where everyone would install PGP. Now I’m still excited about the future, but I dream of a world where I can uninstall it.

When using PGP, users must manually set up email clients and PGP plugins, all of varying degrees of quality and dependability. They must sign up with an email provider that might not respect their rights to privacy. They must manually generate PGP key pairs and communicate them to their third party, or upload them to a "key server" for out-of-band authentication. Finally, they must manually download and import the recipient's public key.

In comparison, using Cryptocat involves downloading the client, signing up, registering your device, adding your recipient as a buddy and sending a message (after optionally verifying their device list via a friendly user interface). Unlike PGP, the workflow is almost exactly similar to that of popular applications such as Skype, therefore, there is crucially less room for the user to make a mistake.

Aside from having less room for failure, Cryptocat also simply offers more features: support for multiple devices, each with a separate identity. Online and offline messaging. File sharing with file sizes of up to 200MB, which is far beyond what email attachments allow. And while this might be less useful for tipsters, Cryptocat also allows users to record video messages right from within their chat window.

Cryptocat: Not Perfect but the Clear Better Choice

All software will have bugs. No solution is bulletproof. All of the tools currently mentioned on the tips page of The New York Times has had vulnerabilities of varying severity, and security updates are, therefore, a fact of life for any software that we use and that matters.

However, when we dare to discern, when we judge based on fact and science, we can clearly understand that Cryptocat is a better choice than PGP. In line with the Cryptocat Mission Statement, Cryptocat will strive to be dependable software that deserves to be the conduit between some of the world's best journalists and stories that might change our lives. I ask the staff at The New York Times, with the most sincere good faith and the most serious intent to replace PGP with Cryptocat. Over its six years of development, it has matured into dependable software. It is the better choice.

Signed,
Nadim Kobeissi
Cryptocat software programmer


Cryptocat 3.2.07 Release Notes

August 30, 2016

Cryptocat 3.2.07 is now available and brings the following improvements:
  • Hovering your mouse cursor over a cat sticker will now show a timestamp indicating when it was sent.
  • File transfer performance has been improved on slow Internet connections.
  • Improved chat session reliability.
  • Fixed a bug that would display stickers over a user's avatar in the chat window.
  • Fixed a bug that would sometimes make the buddy list filter/search function stop working.
  • Fixed a bug that would sometimes render file transfer progress bars incorrectly.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.2.06 Release Notes

August 21, 2016

Cryptocat 3.2.06 is now available and brings the following improvements:
  • File sharing size limit has been doubled from 100MB to 200MB.
  • Added a warning when sending a message to a contact with no trusted devices, when "send only to trusted devices" is enabled.
  • Bug fixes and performance improvements.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.2.05 Release Notes

August 20, 2016

Cryptocat 3.2.05 is now available and brings the following improvements:
  • New feature! Avatars! Choose from thirty-eight cute, ferocious and mysterious animals as your Cryptocat avatar. Which avatars will your buddies choose?
  • Fixed a bug where timestamps would appear incorrectly at 12am hours, appearing instead as 00am.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.2.04 Release Notes

August 18, 2016

Cryptocat 3.2.04 is now available and brings the following improvements:
  • New feature! Your buddy list now shows at what time an offline buddy was last online.
  • Small usability improvements.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.2.03 Release Notes

August 2, 2016

Cryptocat 3.2.03 is now available and brings the following improvements:
  • Bug fixes and performance improvements.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.2.02 Release Notes

July 24, 2016

Cryptocat 3.2.02 is now available and brings the following improvements:
  • Important! We recommend downloading this update soon: older versions of Cryptocat may no longer be able to automatically update after October 2016.
  • File transfer reliability over poor Internet connections has been improved.
  • Chat windows no longer scroll down if a user types a message when scrolled up to read previous messages.
  • Buddy list windows now remember their positions correctly even on computers with multiple displays attached.
  • Update reminder message has been reduced in frequency from once every 8 hours to once every 24 hours.
  • Bug fixes and performance improvements.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.2.01 Release Notes

July 20, 2016

Cryptocat 3.2.01 is now available and brings the following improvements:
  • Bug fixes and performance improvements.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.2.00 Release Notes

July 18, 2016

Cryptocat 3.2.00 is now available and brings the following improvements:
  • Out of Beta! Cryptocat is no longer beta software. Bugs will certainly still occur in the upcoming history of the project, but we are reasonably confident in the reliability of the current client. Thanks to everyone who contributed to our more than 150 reports with bugs, feedback and enhancements!
  • A new PGP key is now being used in order to sign source code commits and Linux releases. Its fingerprint is:
    94B8 4193 A00C FA50 F4DC 7475 8457 F623 8453 F85F
  • Message sending has been improved: sent messages will appear as semi-transparent until they are properly encrypted and sent. Messages that cannot be sent to all of a recipient's linked (and, if applicable, selected) devices will not be sent at all.
  • Improved file sharing reliability on unreliable Internet connections.
  • Fixed a bug that prevented files larger than 64MB from being sent.
  • Fixed a bug that would sometimes show message time as sent during the AM instead of PM.
  • Fixed a bug that would make the file sharing drag and drop overlay sometimes get stuck.
  • Fixed a bug that would incorrectly handle session reconnection in Cryptocat for Windows.
  • Cryptocat for Mac is no longer requires administrator privileges for installation.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.26 Release Notes

June 21, 2016

Cryptocat 3.1.26 is now available and brings the following improvements:
  • For the first time in five years, we are proud to announce a new logo and icon for the Cryptocat software.
  • Cryptocat now checks for updates in the background automatically, once every eight hours.
  • File sharing size limit has been increased from 50MB to 100MB.
  • Fixed a bug that would sometimes mark buddies as red when they should be orange.
  • Bug fixes and performance improvements.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.25 Release Notes

May 17, 2016

Cryptocat 3.1.25 is now available and brings the following improvements:
  • Bug fixes and performance improvements.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.24 Release Notes

May 11, 2016

Cryptocat 3.1.24 is now available and brings the following improvements:
  • New and improved cat stickers!
  • Bug fixes and reliability improvements.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.23 Release Notes

May 9, 2016

Cryptocat 3.1.23 is now available and brings the following improvements:
  • Improvements to certificate pinning.
  • Fixed cat sticker alignment in chat windows.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.22 Release Notes

May 8, 2016

Cryptocat 3.1.22 is now available and brings the following improvements:
  • New feature! Mark which of your buddy's devices you trust, and choose to send messages only to these devices.
  • New feature! Messages from your buddies will show which device they were sent from.
  • The Add Buddy, Change Password, Device Manager and Update Downloader windows can now be closed by pressing Ctrl+W in Windows and Linux. Previously, this was only true for Mac (with ⌘+W).
  • Chat windows will now no longer auto-scroll upon receiving new messages if the user is currently scrolling up to read previous messages.
  • Improved file sharing reliabilty.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.21 Release Notes

May 6, 2016

Cryptocat 3.1.21 is now available and brings the following improvements:
  • Bug fixes and reliability improvements.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.20 Release Notes

May 5, 2016

Cryptocat 3.1.20 is now available and brings the following improvements:
  • Fixed a bug that would sometimes fail to decrypt messages received when offline.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.19 Release Notes

May 4, 2016

Cryptocat 3.1.19 is now available and brings the following improvements:
  • Various minor bug fixes and improvements.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.18 Release Notes

May 3, 2016

Cryptocat 3.1.18 is now available and brings the following improvements:
  • Fixed a bug that would cause Cryptocat to consume more network resources than strictly necessary.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.17 Release Notes

May 3, 2016

Cryptocat 3.1.17 is now available and brings the following improvements:
  • Fixed a rare bug that would sometimes prevent the Cryptocat window from appearing immediately on launch.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.16 Release Notes

May 3, 2016

Cryptocat 3.1.16 is now available and brings the following improvements:
  • Improved file sharing performance.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.15 Release Notes

May 2, 2016

Cryptocat 3.1.15 is now available and brings the following improvements:
  • Various bug fixes.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.14 Release Notes

May 2, 2016

Cryptocat 3.1.14 is now available and brings the following improvements:
  • Improvements to connection reliability.
  • Small bug fixes and improvements.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.13 Release Notes

May 1, 2016

Cryptocat 3.1.13 is now available and brings the following improvements:
  • New feature! Cryptocat can now remember your login and login automatically in the future. Only enable this feature on computers you trust, as your login will be saved in the clear in your user profile on your computer.
  • Small improvements.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.12 Release Notes

May 1, 2016

Cryptocat 3.1.12 is now available and brings the following improvements:
  • New feature! Shared video and audio files can now be previewed immediately from within chat windows. Right click to save them to disk.
  • New feature! Cryptocat will now remember the last folder you used for sharing a file or saving shared files and will default to it for future use.
  • Many new file extensions are now allowed in file sharing.
  • Significant general and connection-specific performance improvements.
  • Fixed a bug where a buddy might appear offline when online.
  • Fixed a bug that would show a notification of a buddy coming online when that buddy was already online.
  • Small improvements and bug fixes.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.11 Release Notes

April 28, 2016

Cryptocat 3.1.11 is now available and brings the following improvements:
  • New feature! Share images more easily: Cryptocat will now show shared images directly in your chat window, with an option to save them to disk (by right clicking the image) if desired.
  • New feature! Audio/video messages can now be saved to disk by right clicking the message and selecting Save to Disk.
  • File sharing: dragging and dropping (or selecting) multiple files and sharing them all at once is now supported.
  • File sharing: many new file types are now supported.
  • Fixed a bug that would remove line breaks from messages, thereby not allowing users to break longer messages into paragraphs, for example.
  • Fixed a bug that made some windows too tall on Linux and Mac.
  • Fixed a bug that made the Change Password window too small on Windows.
  • Small bug fixes and improvements.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.10 Release Notes

April 24, 2016

Cryptocat 3.1.10 is now available and brings the following improvements:
  • Improved Mac desktop integration.
  • Small bug fixes and improvements.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.09 Release Notes

April 24, 2016

Cryptocat 3.1.09 is now available and brings the following improvements:
  • Improved reconnection in the event of an unreliable Internet connection.
  • Small bug fixes and improvements.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.08 Release Notes

April 23, 2016

Cryptocat 3.1.08 is now available and brings the following improvements:
  • Fixed a bug that could prevent Linux and Mac users from signing in.
  • Fixed a bug that could prevent files with uppercase file extensions from being sent correctly.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.07 Release Notes

April 21, 2016

Cryptocat 3.1.07 is now available and brings the following improvements:
  • Fixed a rare bug that would sometimes show an empty chat window when task-switching into Cryptocat.
  • Added a right-click context menu to chat messages.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.06 Release Notes

April 21, 2016

Cryptocat 3.1.06 is now available and brings the following improvements:
  • Improvements to audio/video recording.
  • Fixed a bug introduced in Update 3.1.05 that would prevent users from adding new devices.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.05 Release Notes

April 20, 2016

Cryptocat 3.1.05 is now available and brings the following improvements:
  • Major improvements to Mac desktop integration and application menus.
  • Fixed a bug that would disallow sharing files with uppercase extension names.
  • Various small improvements and bug fixes.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.04 Release Notes

April 20, 2016

Cryptocat 3.1.04 is now available and brings the following improvements:
  • Fixed a bug that would prevent selecting and copying message text in chats.
  • When changing passwords, users now have to enter their new password twice in order to prevent typing mistakes.
  • Internal software maintenance changes and improvements.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.03 Release Notes

April 19, 2016

Cryptocat 3.1.03 is now available and brings the following improvements:
  • Fixed a bug introduced in Update 3.1.02 that would prevent Mac users from copying and pasting in Cryptocat.
  • The font size control menu for chat windows was moved from the Edit sub-menu to a new View sub-menu.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.02 Release Notes

April 18, 2016

Cryptocat 3.1.02 is now available and brings the following improvements:
  • New feature! Increase or decrease font size in chats.
  • Cryptocat will now remember the size and position of the buddy list window on your desktop.
  • Cat sticker animations have returned!
  • Various small improvements.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.01 Release Notes

April 18, 2016

Cryptocat 3.1.01 is now available and brings the following improvements:
  • Fixed a bug that could prevent Cryptocat from quitting in rare circumstances.
  • Various small improvements and bug fixes.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.1.00 Release Notes

April 17, 2016

Cryptocat 3.1.00 is now available and brings the following improvements:
  • New feature! Send audio/video recordings from your webcam straight to your buddies, encrypted via Cryptocat.
  • Various small improvements and bug fixes.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.0.31 Release Notes

April 14, 2016

Cryptocat 3.0.31 is now available and brings the following improvements:
  • Great news! Files transferred over Cryptocat now have a maximum allowed size of 50MB instead of 25MB. In case your buddy is offline, files you share will also be kept, encrypted, for thirty days (instead of the previous seven days) until your buddy can go online and receive them.
  • Fixed a bug that could prevent logging in for Cryptocat for Mac users.
  • Added a button to the Update Available dialog that allows users to view what's new in an update.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.0.30 Release Notes

April 13, 2016

Cryptocat 3.0.30 is now available and brings the following improvements:
  • Important! This update is not compatible with buddies using previous versions of Cryptocat. We understand this isn't great, but given that we are still in a Beta software phase, we find it generally acceptable.
  • Major improvements to chat reliability: "Message could not be decrypted" errors should virtually disappear.
  • Major improvements to connection reliability, especially when reconnecting after an Internet interruption.
  • Small improvements and bug fixes.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.0.29 Release Notes

April 12, 2016

Cryptocat 3.0.29 is now available and brings the following improvements:
  • Major speed improvements: new chat windows now open much faster.
  • Fixed a bug that could prevent device keys from being deleted reliably.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.0.28 Release Notes

April 12, 2016

Cryptocat 3.0.28 is now available and brings the following improvements:
  • New feature! Drag and drop file sharing: Simply drag and drop a file into a chat window to immediately share it with your buddy. This can be more convenient than manually browsing for the file through the Send File dialog.
  • New feature! Major improvements to Linux desktop integration: After the first Launch, the Cryptocat client will integrate itself into your desktop environment's desktop and menu items.
  • New feature! You can now log out from your Cryptocat account without exiting the client. Admittedly, we are as surprised as you are that this was not implemented sooner.
  • New feature! You can now delete your Cryptocat account. Information on how to accomplish this is present on the Help page.
  • A file's progress bar will now turn green when a file transfer is completed.
  • The following file types are now also supported via file transfer: jpeg, 7z, bz2, tar.
  • Fixed a bug that would prevent message notifications from showing.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.0.27 Release Notes

April 9, 2016

Cryptocat 3.0.27 is now available and brings the following improvements:
  • Important! Cryptocat 3.0.25 and 3.0.26 contain a malfunctioning auto-updater that will not download updates. The only way to update is by re-downloading Cryptocat from the official website. This version fixes this issue and your auto-updater should work again going forward.
In order to obtain the update, open the Help menu and click on Check for Updates, unless you are using Cryptocat 3.025 or 3.0.26.

Cryptocat 3.0.26 Release Notes

April 9, 2016

Cryptocat 3.0.26 is now available and brings the following improvements:
  • Chat windows can now be resized more flexibly.
  • Fixed a bug that would delay message scrolling.
  • Fixed a bug that would cause incorrect XMPP error handling.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat, Now with File Sharing

April 8, 2016

Good evening from the city that never sleeps. I've been in Manhattan all week, ostensibly on a vacation that nevertheless saw me jumping from coffee shop to coffee shop to get some programming time. I am happy to announce that Cryptocat now allows you to share files easily and quickly, while chatting with your buddies.

This is wonderful news. File sharing was Cryptocat's most-requested feature, with group chat coming in second. Update 3.0.25 allows you to share files of all kinds and up to 25MB 50MB in size. Technically, the file sharing scheme is simple: it piggy-backs on top of the existing authenticated secure messaging session. The file is simply encrypted and authenticated using AES in Galois Counter Mode with a random key, and a pointer to the encrypted blob is sent along with that key as a regular chat message, which gets parsed appropriately by the client as an encrypted file being shared.

Cryptocat is using Microsoft Azure to transmit encrypted files. Azure will be able to determine the size of transmitted files, but neither Azure nor Cryptocat will be able to determine anything else about the files, be it their content, name, whom you're sending them to, and so on. Files remain available for seven thirty days, and a limit of 25MB 50MB per file is imposed in order to save costs: remember that Cryptocat is a non-profit project! I am footing the Azure bill out of my own pocket; but it's a small price to pay for the satisfaction of writing good software that does something meaningful.

To send a file, simply update to Cryptocat 3.0.25. Then, opening a chat window will show a small blue floppy disk button (pictured.) You may also press Alt+F within the chat window to launch the Send File dialog.

Here is the complete change log for Update 3.0.25:

  • New feature! Send files within chats with buddies.
  • Various small improvements to the user interface.
  • Various small bug fixes.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.0.24 Release Notes

April 4, 2016

Cryptocat 3.0.24 is now available and brings the following improvements:
  • New feature! Buddies can now see when you are typing a message to them (and vice-versa). See the Help entry on how to enable or disable typing notifications.
  • Various small improvements to the user interface.
  • Improvements to chat reliability.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.0.23 Release Notes

April 2, 2016

Cryptocat 3.0.23 is now available and brings the following improvements:
  • Improvements to chat reliability.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.0.22 Release Notes

April 1, 2016

Cryptocat 3.0.22 is now available and brings the following improvements:
  • Improvements to chat reliability.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.0.21 Release Notes

March 31, 2016

Note: This update was released as Update 3.0.20 but was superceded by Update 3.0.21 due to Update 3.0.20 breaking backwards compatibility with previous versions.

Cryptocat 3.0.21 is now available and brings the following improvements:
  • Improvements to chat reliability.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.0.19 Release Notes

March 31, 2016

Cryptocat 3.0.19 is now available and brings the following improvements:
  • New feature! Sort through your buddy list with a handy filtering feature, now available at the top of your Cryptocat buddy list window.
  • Fixed a common bug that occured on Cryptocat for Mac which would show a confusing error message and prevent the buddy list from ever opening again until the application was restarted.
  • Fixed a bug that occured on Cryptocat for Mac which would prevent certain dialogs from closing when prompted to.
  • Buddies are now sorted alphabetically as well as by status.
  • General reliability improvements.
In order to obtain the update, open the Help menu and click on Check for Updates.

Cryptocat 3.0.18 Release Notes

March 30, 2016

Cryptocat 3.0.18 is now available and brings the following improvements:
  • General improvements to the reliability of the chatting experience.
  • General improvements to buddy request handling.
  • Added a "Check for Updates" option to the Help menu.
In order to obtain the update, simply restart Cryptocat. You will be prompted to download the installer. Starting from this version, you will also be able to check for updates by opening the Help menu and clicking on Check for Updates.

Cryptocat: Beta Release

March 29, 2016

Update: Cryptocat 3.0.17 has been released with the following improvements:
  • Sticker animations have been disabled due to their high CPU cost on some computers.
  • A bug that prevented the "Help" menu from working from inside chat windows on Windows and Linux was resolved.

I was going to write a longer release annoucement, but I think the software and the nice new website can speak for themselves!

Please enjoy the Beta release and report any bugs you find. It's my great privilege to bring Cryptocat back on track and I'm happy to see how users will find the release.

I will be spending the next two weeks in New York City. If you're on the other side of the Atlantic and want to discuss the new software, get in touch either via Twitter or email.

— Nadim

Follow Cryptocat on Twitter
English - Français - Català
"Cryptocat" and the Cryptocat logo are registered trademarks.
Copyright © 2018 Nadim Kobeissi, all rights reserved.