Revision as of 21:15, 11 May 2014

One of the exceptions is Google Talk (if you enable https connections in the account settings). A more certain (and yes, a little more complicated) way of ensuring privacy in instant messaging communications is to use the 'Off The Record' plugin with Pidgin. You can communicate using a variety of chat protocols (Google Talk, Yahoo Chat, MSN, ICQ, Jabber, etc) and encrypt every message that you send and receive.

Exercise: Install and configure Pidgin to operate with your favourite chat protocol and set-up OTR using the Security In a Box guide

<vid>

There is a new online chat technology offering browser-based end-to-end encryption. You need to use it from a Google Chrome browser and install the plug-in. After that, beginning a new secure chat room is incredibly easy and straight forward.

Exercise: Create a chat room in https://crypto.cat/

Skype Most of you are probably using Skype for secure chatting, file transfers and audio/video telephony. It is true that Skype encrypts all of this information automatically, albeit many fears and rumours abound that the protocol has been hacked, or even that Skype itself could be aiding surveillance requests. The weakest link (from an independent security perspective) in the Skype protocol is that it is closed source and the company does not reveal much details about its internal working. It is, in other words, impossible to verify whether holes and vulnerabilities exist in this program.

Media:

   The Economist: Skype and online privacy - Called out
   The known unknowns of Skype interception

Exercise: Several software configurations can be done to help secure your use of Skype.

Automatic login should be switched off. Be aware that chat history is by default recorded on your computer (this is not encrypted) and have a look at how to switch this option off and how to delete already recorded messages. Be aware that Skype allows you to login with the same account details from several different computers at the same time. Change your password. Authenticate a Skype friend before having a conversation with them

Tip: One of the ongoing problems with instant messaging (and email for that reason) is authenticity. Apart from video conferencing or voice calls you may have no other way to authenticate whether the conversing party really is the person they are claiming to be. In these instances, it is advised to enquire personal information to help establish identity.

Open Source VoIP alternatives There has been a lot of movement to develop and release secure protocols and software for VoIP communications. Some of them are developed by the open source community and use generally accepted rules and principles for encryption. The https://ostel.me/ project is one to check out. It it an open source secure public telephony platform. Its purpose is to document and package all the necessary tools to allow people to build their own secure replicas. Secure VoIP, like email today, would become a common service offered by multiple providers and quite easy to set-up yourself. In combination with a software like http://jitsi.org/ or csipsimple you can begin to encrypt instant messaging, audio and video conversations on your computer or Internet connected Android phone.

Exercise: VoIP Alternatives

1. Register an account at https://ostel.me
2. Download Jitsi
3. Establish an encrypted voice or video chat with a colleague who has done the same.