Is it safe to send personally identifying info over Torchat w/ someone you know IRL?

Discussion in 'privacy problems' started by DesuMaiden, Sep 21, 2013.

Thread Status:
Not open for further replies.
  1. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    I have several friends I know IRL who want to start chatting with me over Torchat. We promised to use an encrypted email service (like Hushmail) to send our Torchat IDs to each other. I know their emails. They know mine. We will send each other our torchat IDs via a secure, encrypted email service and only our friend circle know each others' email addresses. That we will know each others' real names linked to each of our email addresses and TorChat IDs.

    Obviously we will not use our real names over TorChat, but we know which nickname belongs to which person we know and trust in real life.

    For example, I will know

    x person----> x encrypted, secure email address----> x TorChat ID

    y person----> y encrypted, secure email address----> y TorChat ID

    z person----> z encrypted, secure email address----> z TorChat ID

    From the above diagrams, we can tell which TorChat ID belongs to which person IRL. I hope this plan makes sense and works out, in terms of preventing an adversary from snooping in on our connections.

    Now this is my important question. Is it safe to send personally identifying info over TorChat ?? Such as ""what we plan on doing IRL; where, when, and how to meet in real life; and other personally identifying info""

    Will this information be securely encrypted and therefore impossible for an adversary to intercept and snoop on? I want to make our communications totally secret between my friends, which I know IRL. I don't have any other means of communicating in a secure and un-snoopable fashion.

    Also will the chats with personally identifying info be safely stored in the servers that run TorChat? Since TorChat is run from a Tor Hidden Service (which uses end-to-end encryption), nobody can SNOOP on the data will it is being transferred from one party to another. So in other words, the data I send to my friends via TorChat cannot be intercepted as the encryption TorChat uses (AES-256) is not crackable and therefore not snoopable to the NSA and other adversaries. But is the data sent over TorChat stored in a secure and privacy-friendly server? How do I know the data sent through TorChat isn't stored in some central data base owned by the FBI, CIA or NSA? If it is, then all the information me and my friends send over TorChat can be decrypted and read by those agencies...the very agencies we are trying to prevent from snooping in on our communications.

    I can only think of using TorChat, because other chat services like Skype are obviously owned by the NSA and PRISM. That means these big corporation run chat services will gather data and snoop on our communications...communications which we want to remain private.

    If you guys have a a better suggestion for how I can communicate in a secure and private fashion with my IRL friends, by all means tell me. Is this a secure and private manner of using a chat service to communicate with IRL friends? Or are there better methods you guys can devise for me and my friends?
     
    Last edited: Sep 21, 2013
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,515
  3. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,087
    Is it safe if your personally identifying information can expose you for something you would rather not have out in the open? Only you can decide!

    Remember the person named Sabu in Lulzsec who exposed himself in an IRL chat room - he is now an informant for the FBI dishing on his comrades.

    -- Tom
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,021
    @ComputersRock

    It's OK to have "secret channels" to your IRL friends, especially if it's hard to have much privacy in your day-to-day IRL interactions. However, it's a bad idea to use the same channel(s) -- or related ones -- with your IRL friends and your online "anonymous" friends. More generally, it's dangerous to involve IRL friends and "anonymous" friends in connected activities. You also want to segregate "anonymous" friends appropriately, on a need-to-know basis. That is, you want firewalls between stuff at different security levels, and between unrelated projects at each security level. Gossip is very dangerous, even about yourself (or yourselves, if you use multiple pseudonyms). Borrowing from another realm, you never want to know your connections' connections, and vice versa, mutatis mutandis ;) But actually, that's the basis of onion routing, isn't it?
     
  5. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
Loading...
Thread Status:
Not open for further replies.