crypto-cat *does* suffer from quite a few problems, the biggest one I'm aware of being the need to somehow securely exchange keys, and the fact that you need to trust the folks running the website.
But those vulnerabilities exist in all programs - if I download Pidgin with OTR, I need to trust the folks creating pidgin and running the website I download it from. Yes I know about signatures on packages, but most windows-users don't, and even then you still need to trust the person signing the package.
trade-offs are the rule, not the exception in the real world. It's reasonable to consider crypto-cat more secure than unencrypted chat. With "more secure" in this context, I mean simply: the odds that the government of Syria will read the chat-contents, is lower.
Ease of use *does* have value, and encrypted chat that works with zero installation is useful -- yes you need to securely exchange keys, and that's a problem - but it's primarily a problem if you worry about being the victim of a *targeted* attack, and that's not the issue here, the worry is over passive sweeping passively eavesdropping on everything and grepping for interesting words kind of attack. Against -that- kind of attack, key-exchange is easy.
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds