Internet Communications Security/Instant Messaging

Instant Messaging

  • Subsections

Add or edit subsection:

Lesson typePractical
Minimum time40
Maximum time100


Section ofInternet Communications Security
  • Last modified: 6 August 2013 17:18:20

  • русская версия


Instant Messaging is a very popular common way of communicating with friends and colleagues. However it is incredibly vulnerable to the world of Internet surveillance, password sniffing and impersonation. Secure IM uses similar principles to secure email for establishing private conversation.

Installation & configuration

Standard install of Pidgin client. Alternatively you can run the portable version with the plug-in already installed and configured. Add the participants Google account into Pidgin, making sure that SSL connections are forced.

Pidgin does not support audio or video capabilities.

Notes for later addition

Using Pidgin

Demonstrate how to add, authorise buddies in Pidgin and let the participants register each other, initiate IM sessions between each other. Security features such as chat logging, remembering the account password, privacy settings. How to add additional accounts for different IM protocols.

Trainer's notes: The next exercise will require people to chat with each other, so participants in the class need to add each other to contacts.

Off the Record Messaging

Generate a key for this identity. Examine its fingerprint. Discuss and demonstrate how to lead secure, and authenticated chats with OTR. Participants should engage in secure and authenticated chats with the trainer and each other. Attempt file sharing over an encrypted channel.

Trainer's notes:

  • OTR does not support group chats.
  • You could demonstrate message security by showing network sniffing tools (e.g. wireshark) to demonstrate the encryption. Alternatively you could demonstrate the Pidgin+OTR conversation in Google Talk window where the messages will appear scrambled.