Date: Wednesday June 4, 2008
Author: Jared T.
Organization:
International Alliance Privacy Services
Contact: Please use
this form
As most of you know, I highly support encryption in all things internet. As such, this article will focus on encrypting our instant messenger sessions and will talk about the Pidgin instant messenger system with a focus on Pidgin OTR (Off-The Record Messaging) and how your chat sessions can be completely encrypted and protected at all times. Before we go any further, I need to tell you that Pidgin supports multiple instant messengers all at once so if you use more than one messenger, you can run them all from within the one Pidgin client. Ok, lets take a look at what Pidgin supports:
MSN
AIM
ICQ
Yahoo
Bonjour
Gadu-Gadu
Google-Talk
Novell GroupWise
IRC
MySpace IM
QQ
SILC
Simple
SameTime
XMPP
Now keep in mind that even if you have multiple accounts with any instant messaging services, you can run them all at once through this system. The direct download for the Pidgin Messenger can be found at
http://www.pidgin.im You can get the Pidgin OTR add-on from
here.
You may now be wondering what Off-The-Record Messaging is all about. Let me explain:
*Encryption
No one else can read your instant messages.
*Authentication
You are assured the correspondent is who you think it is.
*Deniability
The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.
*Perfect forward secrecy
If you lose control of your private keys, no previous conversation is compromised.
It should be noted that Pidgin & OTR are completely free. It is licensed under the GNU General Public License which means you will never be charged for it. Every one likes something for free right?
Ok, the "No Digital Signature" means complete deniability. This means that in a court of law, no one can prove that an instant messenger conversation actually originated by you. All instant messengers, even the hugely popular ones by MSN, Yahoo, Google, & ICQ all contain digital signatures that go out with each message you send and can be personally traced back to you by an expert. Pidgin & OTR eliminate this possibility if implemented correctly. The main functionality of the OTR add-on is to encrypt all messages between two users. This means that you and the person you are talking to via instant messenger must both have the Pidgin instant messenger and OTR installed. This is a two way system.
Once you and the other person(s) are encrypted, you are assured of a completely private and highly secure instant messenger chat session. Proxy options are fully compatible with this instant messenger and the famous
SSH2 Privacy Tunnels I always speak so highly of work perfectly for an even more secure (and anonymous) instant message chat session.
Encrypted Instant Messenger Conversations
Linear Mode
