Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security Communications The Internet

Protecting IM From Big Brother 185

Posted by Zonk from the another-mark-in-my-file dept.
holden writes "Ian Goldberg, leading security researcher, professor at the University of Waterloo, and co-creator of the Off-the-Record Messaging (OTR) protocol recently gave a talk on protecting your IM conversations. He discusses OTR and its importance in today's world of warrant-less wire tapping. OTR users benefit from being able to have truly private conversations over IM by using encryption to obtain authentication, deniability, and perfect forward secrecy, while working within their existing IM infrastructure. With the recent NSA wiretapping activities and increasing Big Brother presence, security and OTR are increasingly important. An avi of the talk is available by http as well as by bittorrent and a bunch of other formats."
This discussion has been archived. No new comments can be posted.

Protecting IM From Big Brother More

Protecting IM From Big Brother

Comments Filter:

  • Re:Encryption (Score:4, Informative)

    by rainman_bc ( 735332 ) on Friday November 23, 2007 @07:41PM (#21458319)
    Check out SiMP-Lite [secway.fr]

    It's a fantastic product, I just wish it was multi-platform... Really nice for Windows though...

  • Re:Pfft. Don't talk to me, I log all my IM session (Score:5, Informative)

    by the_brobdingnagian ( 917699 ) on Friday November 23, 2007 @08:52PM (#21458855) Homepage
    I log all my IM messages too. But you can not prove those messages are written by some specific person. They are plaintext and everyone can edit them. The "problem" with most encryption protocols is signing. If I write a message to you and I sign it, you can prove I wrote it. OTR provides encryption and authentication that can't be used to prove to anyone else you wrote it. I suggest you watch the video for more information.

  • HR 1955 (Score:5, Informative)

    by CranberryKing ( 776846 ) on Friday November 23, 2007 @09:10PM (#21458995)
    If this bill [govtrack.us] passes, you won't be able to use OTR without being carted off. Call your senator and tell them to vote NO.

  • Re:HR 1955 (Score:2, Informative)

    by iminplaya ( 723125 ) on Friday November 23, 2007 @09:52PM (#21459263) Journal
    `The Congress finds the following: ...

    The Internet has aided in facilitating violent radicalization, ideologically based violence, and the homegrown terrorism process in the United States by providing access to broad and constant streams of terrorist-related propaganda to United States citizens.

    Uuuh huh.

  • Re:Software freedom gets you software you can trus (Score:1, Informative)

    by Anonymous Coward on Friday November 23, 2007 @10:36PM (#21459499)
    Read the grandparent, he was replying to the availability of another encryption package.

  • Nearly all ssh clients have built-in SSH proxy (Score:3, Informative)

    by blumpy ( 84889 ) on Saturday November 24, 2007 @12:59AM (#21460305)
    Putty and openssh clients can act as a SOCKS proxy server.

    Simply ssh to your machine at home... direct Pidgin / GAIM / MSN (or any SOCKS capable app) to use your new local proxy server and your traffic is hidden from corporate big brother.

    Once traffic leaves your machine to the internet, it's goes out unencrypted as usual... only useful to not let the boss know you've got to pick up milk on the way home.

    Also, careful this doesn't hide DNS traffic.

  • Re:Encryption (Score:5, Informative)

    by Kadin2048 ( 468275 ) * <.ten.yxox. .ta. .nidak.todhsals.> on Saturday November 24, 2007 @01:04AM (#21460335) Homepage Journal

    Encrypting by default still doesn't prove the *log* is legit and only prevents a 3rd party from secretly watching along the way, so i don't see me encrypting everything effecting that.
    Huh? OTR is specifically designed not to prove that the log is legit. It goes to a lot of work, actually, to ensure that there's a trivial way to fake messages after the fact, just not when a conversation is occurring.

    That means that when you're having a chat with someone, you know that what they're saying to you is their actual words, but that the same cryptography that's giving you privacy can't (theoretically) be used to hang you later, by proving absolutely that you said certain things.

    OTR's logs are designed to be easily forgeable. This is a major difference in its design from many corporate IM clients (e.g. Sametime), which offer encryption but also create authoritative logs that can be referred back to later.

    The point of OTR Messaging is to allow you to have the equivalent of a face-to-face, "off the record" conversation, in the digital, computer-mediated world. Just like when you have an in-person conversation, there's nothing stopping the other person from walking back to their car and blabbing about the whole thing to anyone who'll listen, the encryption itself tries to not serve as authentication after the fact as to what was said.

  • Re:https://mail.google.com/mail/ (Score:3, Informative)

    by Jason Pollock ( 45537 ) on Saturday November 24, 2007 @01:34AM (#21460485) Homepage
    Jabber is only encrypted on the wire, not end to end. Google can read and archive the conversation. However, using this, or other plugins, it's encrypted from your machine to the destination, man-in-the-middle attacks are prevented.

    For a reason why, google "hushmail subpoena"

  • Re:1984 (Score:4, Informative)

    by saibot834 ( 1061528 ) on Saturday November 24, 2007 @03:15AM (#21460917)
    The person you are talking about was actually Emmanuel Goldstein [wikipedia.org]

  • Re:Encryption (Score:3, Informative)

    by QuantumG ( 50515 ) <qg@biodome.org> on Saturday November 24, 2007 @06:31AM (#21461475) Homepage Journal
    The typical email trail presented in a court case is completely intra-domain.

    Ya know, "the boss sent me an email saying we should fire all workers who had signed the latest union agreement".

Slashdot Top Deals

"God is a comedian playing to an audience too afraid to laugh." - Voltaire

Close