Best Instant Messenger for privacy?

Discussion in 'privacy technology' started by lucygrl, Dec 29, 2013.

Thread Status:
Not open for further replies.
  1. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    What would the best instant messenger be for privacy? I was looking at Pidgeon with OTR, is there a better way?
     
  2. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    on smartphone or PC?
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
  4. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    yes pidgin with otr but add one ontop , torchat plugin , would be about as anonymous/secure as you can get

    but for the rest i recon using jitsi would do the trick as well , depending on anonymity/security required

    heres a link to the tor plugin for pidgin


    https://github.com/prof7bit/TorChat

    mind you the rest of youre parties would have to adopt youre setup as well logically in order to communicate with eachother
     
  5. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    On a PC.
     
  6. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    Thankyou, this is what I was looking for.
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Instructions for adding TorChat to Whonix are at <https://www.whonix.org/wiki/Chat>.
     
  8. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    mind you torchat by itself isnt secure it creates a hidden connection aka .onion address each torchat client builds up over a seperate tor relay, thats the anonymity part, then now for the security part wich is encryption, perfect forward secrecy and deniable authentication , you need the otr plugin , and since as of currently the dev hasnt released torchat 2.0 and the only way to get otr with torchat would be the previous mentioned combo aka pidgin + otr plugin + torchat plugin

    not sure about how to add this combo to whonix thou since im yet to start using it , havent had time as of yet , but im getting there ;)
     
    Last edited: Dec 30, 2013
  9. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Then my recommendation would be Pidgin as well with the OTR plugin (v 4.0.0.1). I'd run it in a restricted Sandboxie too.

    If you had a MAC I'd have suggested Adium, which has OTR built in AFAIK.
     
  10. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    And ChatSecure (old Gibberbot) runs on iOS and Android. So you have PC's, MAC's, Linux, phones, and tablets covered.
     
  11. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    My configuration is: Jitsi on PC and Chatsecure on iOS/Android.
    You can create a XMPP account and then use them all, either you are working on the PC or you are out with the phone.
     
  12. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    174
    Location:
    io
    thx dogbite and all will keep Pidgin/Chatsecure as my choices, just wondered any particular reason to sign up to XMPP account over the others ?
     
  13. NokTham

    NokTham Registered Member

    Joined:
    Jan 13, 2014
    Posts:
    2
    Location:
    Portugal
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    It looks interesting.

    Key questions for me are whether it needs UDP and/or open ports. I'd want to use it via Tor, or at least via VPN(s). I didn't see anything on the main page.
     
  15. Larm

    Larm Registered Member

    Joined:
    Jan 9, 2014
    Posts:
    10
    When talking about privacy and security it is important to distinguish the content and the metadata of the communication.

    Most of the solutions concentrate on only securing the content of the message. For example, if you use Jitsi/OTR or Chatsecure over the XMPP, then the XMPP servers used will learn all metadata (time, source, destination, length of message, etc.) of the communication. If the XMPP servers of the sender and receiver don't use TLS between them then this information will leak to anyone who can capture the network traffic.

    Bitmessage and Nightweb aim to offer full privacy, but they don't seem to be ready for everyday use.
     
  16. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    174
    Location:
    io
    Thx this is why I was asking about XMPP it sounds to me which ever server your communicating through will still record your data, in a sense not making it so private.

    bitmessage and nightweb sound great
     
  17. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    Sure but in an encrypted form and the encryption key changes for every single chat/comminucation that you start, even with the same contacts.
     
  18. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    +1 for Jitsi (includes encrypted VOIP) and ChatSecure.

    Also take a look at BitMessage for even more privacy (email type messaging as opposed to IMs, but no attachments).

    I've seen RetroShare recommended a lot but haven't actually tried it yet.
     
  19. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Run your own XMPP server and sign up your friends. OpenFire is free. It can run out of a TC container.

    ChatSecure can connect to a public server over Tor if you want.

    Barring that, XMPP does allow for logging, including content, *If it is turned on*. If it is, OTR would just make it jibberish. You can force TLS, and Force encryption. The only thing the XMPP server will show is the user name and their IP.

    Unless you randomly IM unknown people, running your own OpenFire server is a really great way to protect your privacy. Just get a DDNS name, do some configuring, and add your friends.
     
  20. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    But isn't tor by default encrypted? And since torchat never leaves the tor network wouldn't that be end to end encryption? You make two hops and meet together at a third exit node. All within the tor network.
     
  21. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Yes, all client-client traffic involves each client's local Tor hidden service and the other client, and there's no third-party server involved. So there's no need for OTR.
     
Loading...
Thread Status:
Not open for further replies.