2 minute read

The next time you think you’re having a private online chat with a family member, you might want to think about who can read, watch, or log that conversation. The most popular solution in North America is skype, so let’s take a look at it’s privacy policy. From section 8:

Skype may use automated scanning within Instant Messages and SMS

Last year, Microsoft also started a commitment to bi-annual law enforcement requests report after industry pressure. They disclose that the governments of Brazil, Ireland, Canada and New Zealand have received content from within chat logs.

As you know, I only recommend communication happen with open source encryption. Skype’s encryption is closed source, and we know that they have the ability to intercept messages in real-time as demonstrated in an article this week. I’m also just using Skype as an example; Facebook chat has the same issue, and any other American commercial based chat service.

We also know that any conversation taking place from outside of the US to the US is subject to the US PATRIOT Act. This includes Canada.

If you’re wondering why a business would care about their employees using encrypted chats, you should ask yourself how much your competitors would pay a business intelligence service for your employees chat logs that are going over the internet?

So what options are out there?

For Instant Messaging:

I recommend anything that uses off-the-record messaging. It offers the following features:

Off-the-Record (OTR) Messaging allows you to have private conversations over instant messaging by providing:

**Encryption**
No one else can read your instant messages.
**Authentication**
You are assured the correspondent is who you think it is.
**Deniability**
The messages you send do *not* have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, *during*a conversation, your correspondent is assured the messages he sees are authentic and unmodified.
**Perfect forward secrecy**
If you lose control of your private keys, no previous conversation is compromised.

So what uses off-the-record messaging?

Pidgin works on all major operating systems, and is also open-source. Once you have pidgin installed, you’ll need to install the OTR plugin.

$ sudo apt-get install pidgin-otr # if you’re using a debian/ubuntu based operating system

Some other solutions that only work on a specific operating system:

For MacOSX: Adium (comes with OTR, easier to get working than pidgin if you’re on osx)
Not tested but also claim to use OTR: Miranda for Microsoft Windows and Kopete for KDE (GNU/Linux). If you’re using Internet Relay Chat (IRC), xchat has an otr plugin as well.

You you have the OTR plugin installed successfully, as soon as you have a chat initiated with someone, (there will be a key exchange that is automatic) make sure the padlock icon is closed, if it’s open, your chat is not yet encrypted.

For Voice and Video:

I recommend the open source tool jitsi for voice and video, it supports XMPP and SIP. It supports zRTP, sRTP and GNU zRTP.

Categories:

Updated:

You may also enjoy

Password Managers For 2024

1 minute read

The top two questions we’ve received for the last 15 years are which browser should I use for privacy?, but more common is “Which password manager should I u...

Web Browsing With Privacy

1 minute read

I’ve been updating this blog for well over a decade on privacy centric browser options, so I thought I’d start with my recommendations as we dive into 2024. ...

Sharing Links

less than 1 minute read

When sharing links, there are a handful of issues that may occur. The original news site or blog may have taken the article the down, or they may in the futu...

You May Have 5 Minutes To Patch Your Systems

4 minute read

We’ve all been working on something on our device when we get a pop-up that a new patch or update is available, and we probably dismiss it as we want to stay...