Slashdot Mirror

← Back to Stories (view on slashdot.org)

Protecting IM From Big Brother

Posted by Zonk on from the another-mark-in-my-file dept.

holden writes "Ian Goldberg, leading security researcher, professor at the University of Waterloo, and co-creator of the Off-the-Record Messaging (OTR) protocol recently gave a talk on protecting your IM conversations. He discusses OTR and its importance in today's world of warrant-less wire tapping. OTR users benefit from being able to have truly private conversations over IM by using encryption to obtain authentication, deniability, and perfect forward secrecy, while working within their existing IM infrastructure. With the recent NSA wiretapping activities and increasing Big Brother presence, security and OTR are increasingly important. An avi of the talk is available by http as well as by bittorrent and a bunch of other formats."

3 of 185 comments (clear)

  1. Re:Pfft. Don't talk to me, I log all my IM session by the_brobdingnagian · · Score: 4, Informative

    I log all my IM messages too. But you can not prove those messages are written by some specific person. They are plaintext and everyone can edit them. The "problem" with most encryption protocols is signing. If I write a message to you and I sign it, you can prove I wrote it. OTR provides encryption and authentication that can't be used to prove to anyone else you wrote it. I suggest you watch the video for more information.

  2. HR 1955 by CranberryKing · · Score: 5, Informative

    If this bill passes, you won't be able to use OTR without being carted off. Call your senator and tell them to vote NO.

  3. Re:Encryption by Kadin2048 · · Score: 4, Informative

    Encrypting by default still doesn't prove the *log* is legit and only prevents a 3rd party from secretly watching along the way, so i don't see me encrypting everything effecting that. Huh? OTR is specifically designed not to prove that the log is legit. It goes to a lot of work, actually, to ensure that there's a trivial way to fake messages after the fact, just not when a conversation is occurring.

    That means that when you're having a chat with someone, you know that what they're saying to you is their actual words, but that the same cryptography that's giving you privacy can't (theoretically) be used to hang you later, by proving absolutely that you said certain things.

    OTR's logs are designed to be easily forgeable. This is a major difference in its design from many corporate IM clients (e.g. Sametime), which offer encryption but also create authoritative logs that can be referred back to later.

    The point of OTR Messaging is to allow you to have the equivalent of a face-to-face, "off the record" conversation, in the digital, computer-mediated world. Just like when you have an in-person conversation, there's nothing stopping the other person from walking back to their car and blabbing about the whole thing to anyone who'll listen, the encryption itself tries to not serve as authentication after the fact as to what was said.
    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."