Pigeon & OTR: IM Privacy via Encryption

Generally, instant messenger (IM) protocols are rather ‘unsafe’ from a privacy standpoint. Even if your messenger application is Torified, TOR end-point eavesdropping can occur if encryption to the server is not enabled. When encryption is enabled, the TOR end-point can’t be spied upon. However, certain data can still be obtained, such as: contact lists, login informations, account names, and timestamps…etc.

Jabber, a server based protocol operated by volunteers, constructed with transparency, privacy, and security as a platform, overcomes this final hurdle.

Creating a jabber account on any Jabber server, allows you to communicate with anybody using Jabber, on any Jabber server. Here is a list of servers allowing  public registration.

 After you have a Jabber account, you need an IM client, and a plugin to encrypt messaging

Pidgin, the universal chat client, is an open-source software supporting many ‘chat’ protocols including XXMP/Jabber. Using Pidgin you can connect to any IM service simultaneously. The main reason for using Pidgin is that it supports the Off The Record (OTR) plug-in.

Pidgin-OTR is a plugin for Pidgin that providing 128-bit AES end-to-end encryption between you and your correspondent. If you don’t use Pidgin-OTR, assume that your chats can be intercepted.It is this end-to-end protocol that closes the gap first mentioned on the opening paragraph of this article.

To install these softwares is as easy as opening a Whonix terminal window, and using the following commands:

sudo apt-get update

sudo apt-get install pidgin

sudo apt-get install pidgon-otr

After the installations, you need to configure the plugin using your Jabber account information. Here is a tutorial to get you though that easy process, if you need it. Simply scroll down to the ‘Configuration’ heading and follow the directions.

When all is said and done, you will have an Torified IM using encryption allowing you to chat in an relatively secure, anonymous, private way. It’s all about counter-surveillance folks.

One Comment

  1. Pingback: The Anonymous Personal Computer | simply Luculent

Leave a Reply

Your email address will not be published. Required fields are marked *