Best Instant Messenger for privacy?

What would the best instant messenger be for privacy? I was looking at Pidgeon with OTR, is there a better way?

 

on smartphone or PC?

 

The software listed are for PC. Here are alternatives: http://www.techsupportalert.com/content/probably-best-free-security-list-world.htm?page=0,13 (14.3)

 

yes pidgin with otr but add one ontop , torchat plugin , would be about as anonymous/secure as you can get

but for the rest i recon using jitsi would do the trick as well , depending on anonymity/security required

heres a link to the tor plugin for pidgin


https://github.com/prof7bit/TorChat

mind you the rest of youre parties would have to adopt youre setup as well logically in order to communicate with eachother

 

On a PC.

 

Thankyou, this is what I was looking for.

 

Instructions for adding TorChat to Whonix are at <https://www.whonix.org/wiki/Chat>.

 

mind you torchat by itself isnt secure it creates a hidden connection aka .onion address each torchat client builds up over a seperate tor relay, thats the anonymity part, then now for the security part wich is encryption, perfect forward secrecy and deniable authentication , you need the otr plugin , and since as of currently the dev hasnt released torchat 2.0 and the only way to get otr with torchat would be the previous mentioned combo aka pidgin + otr plugin + torchat plugin

not sure about how to add this combo to whonix thou since im yet to start using it , havent had time as of yet , but im getting there

 

Then my recommendation would be Pidgin as well with the OTR plugin (v 4.0.0.1). I'd run it in a restricted Sandboxie too.

If you had a MAC I'd have suggested Adium, which has OTR built in AFAIK.

 

And ChatSecure (old Gibberbot) runs on iOS and Android. So you have PC's, MAC's, Linux, phones, and tablets covered.

 

My configuration is: Jitsi on PC and Chatsecure on iOS/Android.
You can create a XMPP account and then use them all, either you are working on the PC or you are out with the phone.

 

thx dogbite and all will keep Pidgin/Chatsecure as my choices, just wondered any particular reason to sign up to XMPP account over the others ?

 

Any1 of you ever heard of Retroshare? http://retroshare.sourceforge.net/
Discovered it recently, and I'm still exploring it. Wonder what you folks think about it.

 

It looks interesting.

Key questions for me are whether it needs UDP and/or open ports. I'd want to use it via Tor, or at least via VPN(s). I didn't see anything on the main page.

 

When talking about privacy and security it is important to distinguish the content and the metadata of the communication.

Most of the solutions concentrate on only securing the content of the message. For example, if you use Jitsi/OTR or Chatsecure over the XMPP, then the XMPP servers used will learn all metadata (time, source, destination, length of message, etc.) of the communication. If the XMPP servers of the sender and receiver don't use TLS between them then this information will leak to anyone who can capture the network traffic.

Bitmessage and Nightweb aim to offer full privacy, but they don't seem to be ready for everyday use.

 

Thx this is why I was asking about XMPP it sounds to me which ever server your communicating through will still record your data, in a sense not making it so private.

bitmessage and nightweb sound great

 

Sure but in an encrypted form and the encryption key changes for every single chat/comminucation that you start, even with the same contacts.

 

+1 for Jitsi (includes encrypted VOIP) and ChatSecure.

Also take a look at BitMessage for even more privacy (email type messaging as opposed to IMs, but no attachments).

I've seen RetroShare recommended a lot but haven't actually tried it yet.

 

Run your own XMPP server and sign up your friends. OpenFire is free. It can run out of a TC container.

ChatSecure can connect to a public server over Tor if you want.

Barring that, XMPP does allow for logging, including content, *If it is turned on*. If it is, OTR would just make it jibberish. You can force TLS, and Force encryption. The only thing the XMPP server will show is the user name and their IP.

Unless you randomly IM unknown people, running your own OpenFire server is a really great way to protect your privacy. Just get a DDNS name, do some configuring, and add your friends.

 

But isn't tor by default encrypted? And since torchat never leaves the tor network wouldn't that be end to end encryption? You make two hops and meet together at a third exit node. All within the tor network.

 

Yes, all client-client traffic involves each client's local Tor hidden service and the other client, and there's no third-party server involved. So there's no need for OTR.