Is there anything public as to methodology, coverage, and other test info? I'd really like to see how this test was performed and what was achieved during that time, for curiosity's sake.

Huh, looking at https://github.com/cryptocat/cryptocat/issues/581: "Ciphertext retrieval by joining from non-Cryptocat clients" -- isn't that just expected behavior, or am I missing something here?

You missed the word "invisibly"-- they can join/watch without showing up in the Cryptocat client as being present.

What is the difference between that and someone listening on the network with a tool such as wireshark? It may be a little to get the ciphered text easier, but it doesn't weaken the security in any way.

It means you don't have to be local enough to capture network traffic.

Fair point.

Ah thanks, that makes a lot more sense.

Well, it's not like some hypothetical 3rd party would ever be able to decrypt it.

From what I understand of Cryptocat, if said hypothetical third party could decrypt it, wouldn't the entire security model be broken with respect to said hypothetical third party?

I keep confusing this project with the old cryptcat (netcat+twofish encryption).

http://cryptcat.sourceforge.net/info.php