Few days ago, somewhere, we learned a good lesson from one of our GREAT GURU. It’s seems to me that I should share his experience here, It’ll helps a lot who chats over the net for many reasons.
One day he told:
– My friend is a contract programmer and naturally spends a lot of time at different sites. He communicates to his wife using MSN messenger, a pretty common scenario.
Anyway, recently he was sacked from a job because he was considered a security risk. Turns out that they were monitoring his MSN chats and used transcripts of the conversations as justification to fire him.
In reality they were just look for an excuse to let him go because they are having financial difficulties, but it does highlight an interesting issue.
MSN chatting is widely used and super easy to monitor.. so beware.. big brother may be watching and recording..
Anyway, he is still using MSN, but now all the chatting is secured via encryption.
Should I use Skype, the application guarantees or affirms that all chat or file transfer is encrypted, isn’t that enough ?
– The Skype protocol is proprietary and they don’t publish the details.. so its hard to tell for sure.. have to trust them I guess.. *cough*
The interesting protocol for telephony is ZRTP, which is a secure VOIP type of thing.. there are soft PC phones clients for it.. it will be nice if this becomes widely adopted (especially at the firmware level in home VOIP routers).
Think of MSN messenger as more a protocol and use a product like Gaim with the OTR (off the record) plug-in… it allows for secure communications while supporting most of the important MSN stuff (if you really need them)..
– Yes, a lot of people use msn and it is often the easiest and best way to contact some people. There are also some nice customization applications to help ease the annoyances of ads and pop-ups etc. And yes its super easy to intercept and monitor.
But think of it not as a client but rather a protocol. And there are many such protocols.. IRC, AIM, ICQ, YAHOO, JABBER, SILC and MSN etc… Now there are several multi-protocol clients around.
Gaim, IM2, Miranda, and Trillian. Each of these have their pro’s and con’s.. Miranda is highly scriptable and has many plugins.. Trillian is popluar and has lots of features.. IM2 has good multi-media capabilities..
If security is important to you.. then there are some options for MSN.. but most involve setting up a encryption proxy and then both people have to have that proxy… messy..
I guess its about your needs and how much you value security..
… My justification for Gaim is that its multi platform, multi protocol, clean and simple and offers a super secure encryption plugin, OTR.. off the record is a asymmetric encryption (like RSA (public and private keys) and can be used for encryption and digital signing but it also has a session management aspect.. what this means is that during a session (a chat) messages can be verified (digitally signed) between people but outside the session (after the chat has concluded) the digital signatures can not be verified.. what this means is that messages can not be traced back to you outside the session. gaim can also be setup to run from a flash drive.
I value the option of securing a chat if i need too. The biggest issue is that to chat encrypted, both people need the same encryption..
– Just a quick update…
– I looked at Miranda and they didn’t seem to have an OTR plugin. They had an encryption plugin but it gave no details.
– There are a few encryption plugins…RSA, secureim etc but the OTR one is http://addons.miranda-im.org/details.php?action=viewfile&id=2644
After you load it (for most Miranda plug-ins you have to restart the client for them to take effect) goto the Options > Plugins > OTR and you can configure it..
I don’t think the opportunistic mode works too well… but if you set modes for contacts that you know have the plugin then it seems to work well.. and it works to other OTR clients such as gaim.
one thing i have found with it is that you need to set the option to ping the server every couple of mins otherwise it will disconnect you after about 5 mins of inactivity.
I hope, you got the idea how to secure the IM if there needs, don’t forget that you have to, if you don’t like to kicked off…
[With respect of the GURU, I post these information here in hope that it will help some people :)]