Protecting IM From Big Brother 185
holden writes "Ian Goldberg, leading security researcher, professor at the University of Waterloo, and co-creator of the Off-the-Record Messaging (OTR) protocol recently gave a talk on protecting your IM conversations. He discusses OTR and its importance in today's world of warrant-less wire tapping. OTR users benefit from being able to have truly private conversations over IM by using encryption to obtain authentication, deniability, and perfect forward secrecy, while working within their existing IM infrastructure. With the recent NSA wiretapping activities and increasing Big Brother presence, security and OTR are increasingly important. An avi of the talk is available by http as well as by bittorrent and a bunch of other formats."
Re:Encryption (Score:4, Informative)
It's a fantastic product, I just wish it was multi-platform... Really nice for Windows though...
Re:Pfft. Don't talk to me, I log all my IM session (Score:5, Informative)
HR 1955 (Score:5, Informative)
Re:HR 1955 (Score:2, Informative)
The Internet has aided in facilitating violent radicalization, ideologically based violence, and the homegrown terrorism process in the United States by providing access to broad and constant streams of terrorist-related propaganda to United States citizens.
Uuuh huh.
Re:Software freedom gets you software you can trus (Score:1, Informative)
Nearly all ssh clients have built-in SSH proxy (Score:3, Informative)
Simply ssh to your machine at home... direct Pidgin / GAIM / MSN (or any SOCKS capable app) to use your new local proxy server and your traffic is hidden from corporate big brother.
Once traffic leaves your machine to the internet, it's goes out unencrypted as usual... only useful to not let the boss know you've got to pick up milk on the way home.
Also, careful this doesn't hide DNS traffic.
Re:Encryption (Score:5, Informative)
That means that when you're having a chat with someone, you know that what they're saying to you is their actual words, but that the same cryptography that's giving you privacy can't (theoretically) be used to hang you later, by proving absolutely that you said certain things.
OTR's logs are designed to be easily forgeable. This is a major difference in its design from many corporate IM clients (e.g. Sametime), which offer encryption but also create authoritative logs that can be referred back to later.
The point of OTR Messaging is to allow you to have the equivalent of a face-to-face, "off the record" conversation, in the digital, computer-mediated world. Just like when you have an in-person conversation, there's nothing stopping the other person from walking back to their car and blabbing about the whole thing to anyone who'll listen, the encryption itself tries to not serve as authentication after the fact as to what was said.
Re:https://mail.google.com/mail/ (Score:3, Informative)
For a reason why, google "hushmail subpoena"
Re:1984 (Score:4, Informative)
Re:Encryption (Score:3, Informative)
Ya know, "the boss sent me an email saying we should fire all workers who had signed the latest union agreement".