Instant Messaging and VoIP

One of the exceptions is Google Talk (if you enable https connections in the account settings). A more certain (and yes, a little more complicated) way of ensuring privacy in instant messaging communications is to use the 'Off The Record' plugin with Pidgin. You can communicate using a variety of chat protocols (Google Talk, Yahoo Chat, MSN, ICQ, Jabber, etc) and encrypt every message that you send and receive.

Exercise: Install and configure Pidgin to operate with your favourite chat protocol and set-up OTR using the Security In a Box guide

There is a new online chat technology offering browser-based end-to-end encryption. You need to use it from a Google Chrome browser and install the plug-in. After that, beginning a new secure chat room is incredibly easy and straight forward.

Exercise: Create a chat room in

Skype Most of you are probably using Skype for secure chatting, file transfers and audio/video telephony. It is true that Skype encrypts all of this information automatically, albeit many fears and rumours abound that the protocol has been hacked, or even that Skype itself could be aiding surveillance requests. The weakest link (from an independent security perspective) in the Skype protocol is that it is closed source and the company does not reveal much details about its internal working. It is, in other words, impossible to verify whether holes and vulnerabilities exist in this program.


The Economist: Skype and online privacy - Called out The known unknowns of Skype interception

Exercise: Several software configurations can be done to help secure your use of Skype.

Automatic login should be switched off. Be aware that chat history is by default recorded on your computer (this is not encrypted) and have a look at how to switch this option off and how to delete already recorded messages. Be aware that Skype allows you to login with the same account details from several different computers at the same time. Change your password. Authenticate a Skype friend before having a conversation with them

Tip: One of the ongoing problems with instant messaging (and email for that reason) is authenticity. Apart from video conferencing or voice calls you may have no other way to authenticate whether the conversing party really is the person they are claiming to be. In these instances, it is advised to inquire personal information to help establish identity.