Slashdot Mirror

← Back to Stories (view on slashdot.org)

Protecting IM From Big Brother

Posted by Zonk on from the another-mark-in-my-file dept.

holden writes "Ian Goldberg, leading security researcher, professor at the University of Waterloo, and co-creator of the Off-the-Record Messaging (OTR) protocol recently gave a talk on protecting your IM conversations. He discusses OTR and its importance in today's world of warrant-less wire tapping. OTR users benefit from being able to have truly private conversations over IM by using encryption to obtain authentication, deniability, and perfect forward secrecy, while working within their existing IM infrastructure. With the recent NSA wiretapping activities and increasing Big Brother presence, security and OTR are increasingly important. An avi of the talk is available by http as well as by bittorrent and a bunch of other formats."

10 of 185 comments (clear)

  1. Re:Encryption by rainman_bc · · Score: 3, Informative

    Check out SiMP-Lite

    It's a fantastic product, I just wish it was multi-platform... Really nice for Windows though...

    --
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
  2. Re:Pfft. Don't talk to me, I log all my IM session by the_brobdingnagian · · Score: 4, Informative

    I log all my IM messages too. But you can not prove those messages are written by some specific person. They are plaintext and everyone can edit them. The "problem" with most encryption protocols is signing. If I write a message to you and I sign it, you can prove I wrote it. OTR provides encryption and authentication that can't be used to prove to anyone else you wrote it. I suggest you watch the video for more information.

  3. HR 1955 by CranberryKing · · Score: 5, Informative

    If this bill passes, you won't be able to use OTR without being carted off. Call your senator and tell them to vote NO.

    1. Re:HR 1955 by iminplaya · · Score: 2, Informative

      `The Congress finds the following: ...

      The Internet has aided in facilitating violent radicalization, ideologically based violence, and the homegrown terrorism process in the United States by providing access to broad and constant streams of terrorist-related propaganda to United States citizens.

      Uuuh huh.

      --
      What?
  4. Re:Software freedom gets you software you can trus by Anonymous Coward · · Score: 1, Informative

    Read the grandparent, he was replying to the availability of another encryption package.

  5. Nearly all ssh clients have built-in SSH proxy by blumpy · · Score: 3, Informative

    Putty and openssh clients can act as a SOCKS proxy server.

    Simply ssh to your machine at home... direct Pidgin / GAIM / MSN (or any SOCKS capable app) to use your new local proxy server and your traffic is hidden from corporate big brother.

    Once traffic leaves your machine to the internet, it's goes out unencrypted as usual... only useful to not let the boss know you've got to pick up milk on the way home.

    Also, careful this doesn't hide DNS traffic.

  6. Re:Encryption by Kadin2048 · · Score: 4, Informative

    Encrypting by default still doesn't prove the *log* is legit and only prevents a 3rd party from secretly watching along the way, so i don't see me encrypting everything effecting that. Huh? OTR is specifically designed not to prove that the log is legit. It goes to a lot of work, actually, to ensure that there's a trivial way to fake messages after the fact, just not when a conversation is occurring.

    That means that when you're having a chat with someone, you know that what they're saying to you is their actual words, but that the same cryptography that's giving you privacy can't (theoretically) be used to hang you later, by proving absolutely that you said certain things.

    OTR's logs are designed to be easily forgeable. This is a major difference in its design from many corporate IM clients (e.g. Sametime), which offer encryption but also create authoritative logs that can be referred back to later.

    The point of OTR Messaging is to allow you to have the equivalent of a face-to-face, "off the record" conversation, in the digital, computer-mediated world. Just like when you have an in-person conversation, there's nothing stopping the other person from walking back to their car and blabbing about the whole thing to anyone who'll listen, the encryption itself tries to not serve as authentication after the fact as to what was said.
    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  7. Re:https://mail.google.com/mail/ by Jason+Pollock · · Score: 2, Informative

    Jabber is only encrypted on the wire, not end to end. Google can read and archive the conversation. However, using this, or other plugins, it's encrypted from your machine to the destination, man-in-the-middle attacks are prevented.

    For a reason why, google "hushmail subpoena"

  8. Re:1984 by saibot834 · · Score: 3, Informative

    The person you are talking about was actually Emmanuel Goldstein

  9. Re:Encryption by QuantumG · · Score: 2, Informative

    The typical email trail presented in a court case is completely intra-domain.

    Ya know, "the boss sent me an email saying we should fire all workers who had signed the latest union agreement".

    --
    How we know is more important than what we know.