Hello, I am a lead developer from the Cryptocat Project. Responding to the claim that Cryptocat chats have been transcribed: - It is overwhelmingly likely that local spyware/keyloggers would be responsible for the transcription. This scenario is rendered highly plausible due to the mention that the computers were previously confiscated, allowing for spyware to be installed to capture screenshots/keystrokes/etc. While this is outside of Cryptocat's threat model, it is still an unfortunate threat to many, and we will be responding by including a tutorial on how to use Tails <https://tails.boum.org/> in conjunction with Cryptocat in order to mitigate this threat. - As an ancillary measure, and even though a non-spyware compromise is relatively unlikely in this scenario, we will be rotating all of our keys (SSL and otherwise) within 48 hours. - As an ancillary measure, we will be studying our network for evidence of compromise, and we will be migrating our servers to Iceland simply because we can and it's likely to be a good idea in the long-term. Furthermore, I would like to mention that the Cryptocat Project's next major release, Cryptocat 2, which is scheduled this month, will be deployed in a largely decentralized fashion, getting rid of the server as a possible compromise point. More information can be found at the Cryptocat Development Blog: https://blog.crypto.cat. Given the circumstances of this particular incident, I believe that this is very likely a local spyware compromise. However, due to it being easily within our capacity to take thorough measures, we will. Warm regards, NK _______________________________________________ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE