Pidgin with OTR - Secure Instant Messaging
Hands-On Guides
Pidgin is a free and open source client that lets you organize and manage your different Instant Messaging (IM) accounts using a single interface. The Off-the-Record (OTR) plug-in designed for use with Pidgin ensures authenticated and secure communications between Pidgin users.
Homepage
Pidgin: www.pidgin.im
OTR: www.cypherpunks.ca/otr
Computer Requirements
An Internet connection
All Windows Versions
Version used in this guide
Pidgin 2.7.11
OTR 3.2.0.1
License:
Free and Open-Source Software
Required Reading
How to keep your Internet communication private
The convenience, cost-effectiveness and flexibility of email and instant messaging make them extremely valuable for individuals and organizations with even the most limited access to the Internet. For those with faster and more reliable connections, software such as Jitsi, Skype and other Voice-over-IP VoIP tools also share these characteristics. Unfortunately, these digital alternatives to traditional means of communication can not always be relied upon to keep sensitive information private. Of course, this is nothing new. Postal mail, telephone calls and text messages are all vulnerable as well, particularly when used by those who may have been targeted for surveillance by the authorities.
One important difference between digital, Internet-based communication techniques and more traditional methods, is that the former often allow you to determine your own level of security. If you send emails, instant messages and VoIP conversations using insecure methods, they are almost certainly less private than letters or telephone calls. In part, this is because a few powerful computers can automatically search through a large amount of digital information to identify senders, recipients and specific key words. Greater resources are required to carry out the same level of surveillance on traditional communication channels. However, if you take certain precautions, the opposite can be true. The flexibility of Internet communication tools and the strength of modern encryption can now provide a level of privacy that was once available only to national military and intelligence organizations.
By following the guidelines and exploring the software discussed in this chapter, you can greatly improve your communication security. The RiseUp email service, the Off the Record OTR plugin for the Pidgin instant messaging program, Mozilla Firefox and the Enigmail add-on for the Mozilla Thunderbird email client are all excellent tools. While using them, however, you should keep in mind that the privacy of a given conversation is never one hundred percent guaranteed. There is always some threat that you did not consider, be it a keylogger on your computer, a person listening at the door, a careless email correspondent or something else entirely. The goal of this chapter is to help you reduce even the threats that do not occur to you, while avoiding the extreme position, favoured by some, that you should not send anything over the Internet that you are not willing to make public.
Level: 1: Beginner, 2: Average, 3: Intermediate, 4: Experienced, 5: Advanced
Time required to start using this tool: 30 minutes
What you will get in return:
The ability to organize and manage some of the most popular instant messaging services through a single program
The ability to have private and authenticated chat sessions
GNU Linux, Mac OS and other Microsoft Windows Compatible Programs:
Both Pidgin and OTR are available for Microsoft Windows and for GNU/Linux. Another multi-protocol IM program for Microsoft Windows that supports OTR is Miranda IM. For the Mac OS we recommend using Adium, a multi-protocol IM program that supports the OTR plugin.
1.1 Things you should know about this tool before you start
Pidgin is a free and open source Instant Messaging (IM) client that lets you organize and manage your different (IM) accounts through a single interface. Before you can start using Pidgin you must have an existing IM account, after which you will register that account to Pidgin. For instance, if you have an email account with Gmail, you can use their IM service GoogleTalk with Pidgin. The log-in details of your existing IM account are used to register and access your account through Pidgin.
Note: All users are encouraged to learn as much as possible about the privacy and security policies of their Instant Messaging Service Provider.
Pidgin supports the following IM services: AIM, Bonjour, Gadu-Gadu, Google Talk, Groupwise, ICQ, IRC, MIRC, MSN, MXit, MySpaceIM, QQ, SILC, SIMPLE, Sametime, Yahoo!, Zephyr and any IM clients running the XMPP messaging protocol.
Pidgin does not permit communication between different IM services. For instance, if you are using Pidgin to access your Google Talk account, you will not be able to chat with a friend using an ICQ account.
However, Pidgin can be configured to manage multiple accounts based on any of the supported messaging protocols. That is, you may simultaneously use both Gmail and ICQ accounts, and chat with correspondents using either of those specific services (which are supported by Pidgin).
Pidgin is strongly recommended for IM sessions, as it offers a greater degree of security than alternative messaging clients, and does not come bundled with unnecessary adware or spyware which may compromise your privacy and security.
Off-the-Record (OTR) messaging is a plugin developed specifically for Pidgin. It offers the following privacy and security features:
Authentication: You are assured the correspondent is who you think it is.
Deniability: After the chat session is finished, messages cannot be identified as originating from either your correspondent or you.
Encryption: No one else can access and read your instant messages.
Perfect Forward Security: If third party obtains your private keys, no previous conversations are compromised.
Note: Pidgin must be installed before the OTR plugin.
please re-post who have this software...
Hands-On Guides
Pidgin is a free and open source client that lets you organize and manage your different Instant Messaging (IM) accounts using a single interface. The Off-the-Record (OTR) plug-in designed for use with Pidgin ensures authenticated and secure communications between Pidgin users.
Homepage
Pidgin: www.pidgin.im
OTR: www.cypherpunks.ca/otr
Computer Requirements
An Internet connection
All Windows Versions
Version used in this guide
Pidgin 2.7.11
OTR 3.2.0.1
License:
Free and Open-Source Software
Required Reading
How to keep your Internet communication private
The convenience, cost-effectiveness and flexibility of email and instant messaging make them extremely valuable for individuals and organizations with even the most limited access to the Internet. For those with faster and more reliable connections, software such as Jitsi, Skype and other Voice-over-IP VoIP tools also share these characteristics. Unfortunately, these digital alternatives to traditional means of communication can not always be relied upon to keep sensitive information private. Of course, this is nothing new. Postal mail, telephone calls and text messages are all vulnerable as well, particularly when used by those who may have been targeted for surveillance by the authorities.
One important difference between digital, Internet-based communication techniques and more traditional methods, is that the former often allow you to determine your own level of security. If you send emails, instant messages and VoIP conversations using insecure methods, they are almost certainly less private than letters or telephone calls. In part, this is because a few powerful computers can automatically search through a large amount of digital information to identify senders, recipients and specific key words. Greater resources are required to carry out the same level of surveillance on traditional communication channels. However, if you take certain precautions, the opposite can be true. The flexibility of Internet communication tools and the strength of modern encryption can now provide a level of privacy that was once available only to national military and intelligence organizations.
By following the guidelines and exploring the software discussed in this chapter, you can greatly improve your communication security. The RiseUp email service, the Off the Record OTR plugin for the Pidgin instant messaging program, Mozilla Firefox and the Enigmail add-on for the Mozilla Thunderbird email client are all excellent tools. While using them, however, you should keep in mind that the privacy of a given conversation is never one hundred percent guaranteed. There is always some threat that you did not consider, be it a keylogger on your computer, a person listening at the door, a careless email correspondent or something else entirely. The goal of this chapter is to help you reduce even the threats that do not occur to you, while avoiding the extreme position, favoured by some, that you should not send anything over the Internet that you are not willing to make public.
Level: 1: Beginner, 2: Average, 3: Intermediate, 4: Experienced, 5: Advanced
Time required to start using this tool: 30 minutes
What you will get in return:
The ability to organize and manage some of the most popular instant messaging services through a single program
The ability to have private and authenticated chat sessions
GNU Linux, Mac OS and other Microsoft Windows Compatible Programs:
Both Pidgin and OTR are available for Microsoft Windows and for GNU/Linux. Another multi-protocol IM program for Microsoft Windows that supports OTR is Miranda IM. For the Mac OS we recommend using Adium, a multi-protocol IM program that supports the OTR plugin.
1.1 Things you should know about this tool before you start
Pidgin is a free and open source Instant Messaging (IM) client that lets you organize and manage your different (IM) accounts through a single interface. Before you can start using Pidgin you must have an existing IM account, after which you will register that account to Pidgin. For instance, if you have an email account with Gmail, you can use their IM service GoogleTalk with Pidgin. The log-in details of your existing IM account are used to register and access your account through Pidgin.
Note: All users are encouraged to learn as much as possible about the privacy and security policies of their Instant Messaging Service Provider.
Pidgin supports the following IM services: AIM, Bonjour, Gadu-Gadu, Google Talk, Groupwise, ICQ, IRC, MIRC, MSN, MXit, MySpaceIM, QQ, SILC, SIMPLE, Sametime, Yahoo!, Zephyr and any IM clients running the XMPP messaging protocol.
Pidgin does not permit communication between different IM services. For instance, if you are using Pidgin to access your Google Talk account, you will not be able to chat with a friend using an ICQ account.
However, Pidgin can be configured to manage multiple accounts based on any of the supported messaging protocols. That is, you may simultaneously use both Gmail and ICQ accounts, and chat with correspondents using either of those specific services (which are supported by Pidgin).
Pidgin is strongly recommended for IM sessions, as it offers a greater degree of security than alternative messaging clients, and does not come bundled with unnecessary adware or spyware which may compromise your privacy and security.
Off-the-Record (OTR) messaging is a plugin developed specifically for Pidgin. It offers the following privacy and security features:
Authentication: You are assured the correspondent is who you think it is.
Deniability: After the chat session is finished, messages cannot be identified as originating from either your correspondent or you.
Encryption: No one else can access and read your instant messages.
Perfect Forward Security: If third party obtains your private keys, no previous conversations are compromised.
Note: Pidgin must be installed before the OTR plugin.
please re-post who have this software...
