Difference between revisions of "Instant Messaging and VoIP"

 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
 
One of the exceptions is Google Talk (if you enable https connections in the account settings). A more certain (and yes, a little more complicated) way of ensuring privacy in instant messaging communications is to use the 'Off The Record' plugin with Pidgin. You can communicate using a variety of chat protocols (Google Talk, Yahoo Chat, MSN, ICQ, Jabber, etc) and encrypt every message that you send and receive.
 
One of the exceptions is Google Talk (if you enable https connections in the account settings). A more certain (and yes, a little more complicated) way of ensuring privacy in instant messaging communications is to use the 'Off The Record' plugin with Pidgin. You can communicate using a variety of chat protocols (Google Talk, Yahoo Chat, MSN, ICQ, Jabber, etc) and encrypt every message that you send and receive.
  
Exercise: Install and configure Pidgin to operate with your favourite chat protocol and set-up OTR using the Security In a Box guide  
+
'''Exercise:''' Install and configure Pidgin to operate with your favourite chat protocol and set-up OTR using the Security In a Box guide  
  
 
{{#ev:youtube|M0vJC9uAj04}}
 
{{#ev:youtube|M0vJC9uAj04}}
Line 8: Line 8:
 
There is a new online chat technology offering browser-based end-to-end encryption. You need to use it from a Google Chrome browser and install the plug-in. After that, beginning a new secure chat room is incredibly easy and straight forward.
 
There is a new online chat technology offering browser-based end-to-end encryption. You need to use it from a Google Chrome browser and install the plug-in. After that, beginning a new secure chat room is incredibly easy and straight forward.
  
Exercise: Create a chat room in https://crypto.cat/
+
'''Exercise:''' Create a chat room in https://crypto.cat/
  
 
Skype
 
Skype
 
Most of you are probably using Skype for secure chatting, file transfers and audio/video telephony. It is true that Skype encrypts all of this information automatically, albeit many fears and rumours abound that the protocol has been hacked, or even that Skype itself could be aiding surveillance requests. The weakest link (from an independent security perspective) in the Skype protocol is that it is closed source and the company does not reveal much details about its internal working. It is, in other words, impossible to verify whether holes and vulnerabilities exist in this program.
 
Most of you are probably using Skype for secure chatting, file transfers and audio/video telephony. It is true that Skype encrypts all of this information automatically, albeit many fears and rumours abound that the protocol has been hacked, or even that Skype itself could be aiding surveillance requests. The weakest link (from an independent security perspective) in the Skype protocol is that it is closed source and the company does not reveal much details about its internal working. It is, in other words, impossible to verify whether holes and vulnerabilities exist in this program.
  
Media:
+
'''Media:'''
  
 
The Economist: Skype and online privacy - Called out
 
The Economist: Skype and online privacy - Called out
 
The known unknowns of Skype interception
 
The known unknowns of Skype interception
  
Exercise: Several software configurations can be done to help secure your use of Skype.
+
'''Exercise:''' Several software configurations can be done to help secure your use of Skype.
  
 
Automatic login should be switched off.  
 
Automatic login should be switched off.  
Line 25: Line 25:
 
Authenticate a Skype friend before having a conversation with them
 
Authenticate a Skype friend before having a conversation with them
  
Tip: One of the ongoing problems with instant messaging (and email for that reason) is authenticity. Apart from video conferencing or voice calls you may have no other way to authenticate whether the conversing party really is the person they are claiming to be. In these instances, it is advised to inquire personal information to help establish identity.
+
'''Tip:''' One of the ongoing problems with instant messaging (and email for that reason) is authenticity. Apart from video conferencing or voice calls you may have no other way to authenticate whether the conversing party really is the person they are claiming to be. In these instances, it is advised to inquire personal information to help establish identity.

Latest revision as of 18:54, 27 May 2014

One of the exceptions is Google Talk (if you enable https connections in the account settings). A more certain (and yes, a little more complicated) way of ensuring privacy in instant messaging communications is to use the 'Off The Record' plugin with Pidgin. You can communicate using a variety of chat protocols (Google Talk, Yahoo Chat, MSN, ICQ, Jabber, etc) and encrypt every message that you send and receive.

Exercise: Install and configure Pidgin to operate with your favourite chat protocol and set-up OTR using the Security In a Box guide


There is a new online chat technology offering browser-based end-to-end encryption. You need to use it from a Google Chrome browser and install the plug-in. After that, beginning a new secure chat room is incredibly easy and straight forward.

Exercise: Create a chat room in https://crypto.cat/

Skype Most of you are probably using Skype for secure chatting, file transfers and audio/video telephony. It is true that Skype encrypts all of this information automatically, albeit many fears and rumours abound that the protocol has been hacked, or even that Skype itself could be aiding surveillance requests. The weakest link (from an independent security perspective) in the Skype protocol is that it is closed source and the company does not reveal much details about its internal working. It is, in other words, impossible to verify whether holes and vulnerabilities exist in this program.

Media:

The Economist: Skype and online privacy - Called out The known unknowns of Skype interception

Exercise: Several software configurations can be done to help secure your use of Skype.

Automatic login should be switched off. Be aware that chat history is by default recorded on your computer (this is not encrypted) and have a look at how to switch this option off and how to delete already recorded messages. Be aware that Skype allows you to login with the same account details from several different computers at the same time. Change your password. Authenticate a Skype friend before having a conversation with them

Tip: One of the ongoing problems with instant messaging (and email for that reason) is authenticity. Apart from video conferencing or voice calls you may have no other way to authenticate whether the conversing party really is the person they are claiming to be. In these instances, it is advised to inquire personal information to help establish identity.