There is this very misinformed blog post that’s been going around concerning Cryptocat’s development roadmap that I need to address, simply because not only is the post so fundamentally incorrect on its technical assumptions, but it goes around being written in a surprisingly authoritative tone:
- We have simply changed the method of JS code delivery into a local browser plugin, in order to further advance the security of JS cryptography.
I have absolutely no idea where the author pulled his conclusions from and I’m really surprised as to how certainly he posits them in his blog post.
The author goes on to posit that a browser extension be used in order to provide a standard cryptographic API for browsers. This is redundant for two reasons:
- The W3C is already working on a standard cryptographic API for browsers (Cryptocat is part of this working group.)
When writing a blog posts that takes ideas as granted facts, please make sure you know what you’re talking about.