Assume Your Computer is Owned at All Times: A Chat with Cryptocat's Nadim Kobeissi
Here's something that shouldn't surprise anyone: it's open-season on online information and, as far as targets go, you're just a fat, awkward turkey. Facebook and Google record what you’re chatting about, and all the government has to do to get it is...
Here's something that shouldn't surprise anyone: it's open-season on online information and, as far as targets go, you're just a fat, awkward turkey. Facebook and Google record what you're chatting about, and all the government has to do to get it is give the secret knock.
Humanitarian hacker Nadim Kobeissi is changing a thing or two about that, however. Like many dedicated netizens, the Lebanese-born 21-year-old worries about a growing lack of privacy in our online communications. He's also a big fan of cute animals. Thus Cryptocat — a free encrypted chat application with retro graphics and feline-themed emoticons — was born.
Open-source and secure, the year-old, ever-growing project offers group instant messaging that works on web browsers and mobile phones and includes file-sharing services. Unlike more invasive applications like Google Talk or Facebook chat, Cryptocat encrypts your conversations with top-secret-worthy AES-256 and deletes them when you're done talking, so no one, not even Kobeissi, can snoop on you or collect data. And it also runs as a Tor hidden service for added protection from snoop dogs.
Whether you're an investigative reporter or an Iranian activist — or you just don't want your boss all up in your business, Cryptocat keeps private conversations private. As Kobeissi says, "You don't have to trust anyone you don't want to trust with your communications, because you shouldn't have to trust them in the first place."
Kobeissi is a student of political science and philosophy at Concordia University, in Montreal, Canada. We spoke via Skype about altruistic hacking, sticking it to venture capitalists, sweet 8-bit tunes, and his future tattoo plans.
Tell me about growing up in Lebanon.
It's not a bad place to grow up, but the area is very politically charged. You have Hezbollah always picking fights with Israel, Israel killing people. My own neighborhood was bombed, my house was destroyed.
My father was a philosophy professor, and my mom was a journalist for radio and TV. They named me Nadim because "Nadim" doesn't belong to any one religious community in Lebanon. It's actually a Persian name, which funnily enough means 'drunken friend' — 'the friend who the Sultan goes out to drink with.'
My mom got me a computer when I was four, because she thought computers were going to be the future and she wanted her kid to know how to use them. It was 1994 in Lebanon — no one had a computer. It was a big thing, a big investment.
Cryptocat Adventures, a short 8-bit film about Cryptocat
How did your upbringing impact the work you do now?
I think my interest in computers would have happened no matter what. But I think it impacted what I decided to actually do with that interest. There's a lot of government surveillance in Lebanon, and you get an idea of just how unfair the government is — I left for a very good reason. The government is very corrupt, very backwards, and there's very little hope for change. A lot of people are apathetic or, I'm sorry to say this, just not very well educated politically. Now I understand that using your talents for human rights–related work and things that make a difference is the best thing you can do.
Do you see the development of Cryptocat as an inherently political act?
Yes. But I'll try to have it super-ultra-beta tested by everyone on Earth before I can go to activists in Iran and tell them, 'Hey, you can use this.' Before I can duel with Iranian Cyber Intelligence people I have to make sure that Cryptocat is really bulletproof. The purpose of Cryptocat is not only to help people in the Middle East. It's also to help people in the States. Things like SOPA and CISPA are ridiculous; Cryptocat is an accessible way to still be able to use the Internet easily and communicate with your friends without having to trust Facebook or Google or your government or your boss.
The other part of Cryptocat, which means a lot to me, is the aesthetic part. My taste in music and art is very directly inspired by computers and by what I saw in computers when I was a kid. Like Com Truise, have you heard of him?
Oh my god! He's amazing! I got a tattoo on my body because of Com Truise. You might think I'm exaggerating, you might think I'm going a bit haywire. . .I'm sorry, I just really love Com Truise.
So what's the tattoo?
It's just from his album Galactic Melt. I have the pentagon tattooed and I'm getting the triangle tattooed soon enough.
I was watching the video you made for your Indiegogo fundraising campaign, which also has the 8-bit vibe. How are you able to finance Cryptocat now?
Right now, I finance it out of my wallet. I live in a single bedroom apartment and I'm kind of broke a lot of the time. I've received a lot of — incredibly pretentious — emails from venture capitalists, which I've ignored. I mean, I wouldn't mind people funding me for research. That would be great. But I don't want Cryptocat to become a commercial venture, with ads on it or something. That would be silly.
So if you were to get more funding, what's on your to-do list?
I've already made an app that integrates into your Google Chrome browser for Cryptocat. I'm trying to do one for Firefox, and I also want to make native mobile apps for Android, iPhone, and Blackberry. I also want to engineer and ship Cryptocat mini-servers. They're tiny Raspberry Pi servers, custom-made to be embedded Cryptocat servers that are just plug-and-play. If you're an NGO, you plug it in and then you have Cryptocat for your entire organization. I guess that's it for the summer. I think it's a lot.
I'm curious what your Web browsing experience looks like.
I just assume my computer is owned at all times. Even though it's probably not — I'm not paranoid here, I'm not saying, 'Oh the FBI has my computer.' But it's healthier if you assume that your computer is fully compromised. That way, whatever you do, you'll still operate with the maximum level of security.
I use Google Chrome because I like it, and I have AdBlock installed and an extension that makes you use HTTPS whenever it's available on Web sites. I also have Do Not Track Plus and Facebook Disconnect. . . stuff like that. I use a Mac.
Anything you want to add?
I actually made a Com Truise fan video. If you're wondering what my computer aesthetics are like, this explains it.