Encrypted Instant Messenger Conversations

iastaff · #1 06-04-2008, 04:52 PM

Date: Wednesday June 4, 2008
Author: Jared T.
Organization: International Alliance Privacy Services
Contact: Please use this form

As most of you know, I highly support encryption in all things internet. As such, this article will focus on encrypting our instant messenger sessions and will talk about the Pidgin instant messenger system with a focus on Pidgin OTR (Off-The Record Messaging) and how your chat sessions can be completely encrypted and protected at all times. Before we go any further, I need to tell you that Pidgin supports multiple instant messengers all at once so if you use more than one messenger, you can run them all from within the one Pidgin client. Ok, lets take a look at what Pidgin supports:

MSN
AIM
ICQ
Yahoo
Bonjour
Gadu-Gadu
Google-Talk
Novell GroupWise
IRC
MySpace IM
QQ
SILC
Simple
SameTime
XMPP

Now keep in mind that even if you have multiple accounts with any instant messaging services, you can run them all at once through this system. The direct download for the Pidgin Messenger can be found at http://www.pidgin.im You can get the Pidgin OTR add-on from here.

You may now be wondering what Off-The-Record Messaging is all about. Let me explain:

*Encryption
No one else can read your instant messages.

*Authentication
You are assured the correspondent is who you think it is.

*Deniability
The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.

*Perfect forward secrecy
If you lose control of your private keys, no previous conversation is compromised.

It should be noted that Pidgin & OTR are completely free. It is licensed under the GNU General Public License which means you will never be charged for it. Every one likes something for free right?

Ok, the "No Digital Signature" means complete deniability. This means that in a court of law, no one can prove that an instant messenger conversation actually originated by you. All instant messengers, even the hugely popular ones by MSN, Yahoo, Google, & ICQ all contain digital signatures that go out with each message you send and can be personally traced back to you by an expert. Pidgin & OTR eliminate this possibility if implemented correctly. The main functionality of the OTR add-on is to encrypt all messages between two users. This means that you and the person you are talking to via instant messenger must both have the Pidgin instant messenger and OTR installed. This is a two way system.

Once you and the other person(s) are encrypted, you are assured of a completely private and highly secure instant messenger chat session. Proxy options are fully compatible with this instant messenger and the famous SSH2 Privacy Tunnels I always speak so highly of work perfectly for an even more secure (and anonymous) instant message chat session.

**Lipsoft** · #2 06-04-2008, 05:44 PM

I am highly confused about multi messaging at a time.
Also what about encryption with all those services ?

iastaff · #3 06-04-2008, 06:45 PM

Please define what you mean by 'multi-messaging' and I will do my best to help you out. Encryption is provided on all messengers supported as long as the other user has the same client.

**Lipsoft** · #4 06-05-2008, 07:18 PM

Quote:

Originally Posted by iastaff

Please define what you mean by 'multi-messaging' and I will do my best to help you out. Encryption is provided on all messengers supported as long as the other user has the same client.

I meant,can I sign in with multiple IM services at a time and also can I use multiple accounts at a time form the same service ?

**Tdinoz** · #5 06-05-2008, 10:32 PM

Quote:

Originally Posted by Lipsoft

I meant,can I sign in with multiple IM services at a time and also can I use multiple accounts at a time form the same service ?

Yes if you mean by multiple yahoo msn aim etc.

plus all ym profiles

obera · #6 07-24-2008, 12:34 AM

Quote:

Originally Posted by Lipsoft

also can I use multiple accounts at a time form the same service ?

No, you can't do that.

I use and recommend Pidgin with OTR and/or the Pidgin Encryption Plugin. And just to top it off, I run Pidgin through Tor.

OTR seems to screw the messages up sometimes.

EgoldLovesMe · #7 06-04-2008, 10:53 PM

hmm...i use encryption also for yahoo...they keep all the logs there....90% of them do ....

dude111 · #8 06-04-2008, 11:19 PM

Aim has thier own SSL cert you can obtain

www.aimencrypt.com

investdr · #9 06-05-2008, 02:00 AM

I currently use the Cryptohippie VPN system with Pidgin and an independent Jabber server. It works great. The party on the other end must be on the same system.

http://www.qwealthreport.com/privacy_technology.php

iastaff · #10 06-05-2008, 05:29 AM

Quote:

Originally Posted by dude111

Aim has thier own SSL cert you can obtain

www.aimencrypt.com

Your missing the point here. An SSL Cert only covers the connection from your computer to the server, not the actual written content. The OTR that I was referring to provides actual encryption for each message you send out. Only the person on the other end will be able to decrypt the messages going back and forth.