Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Communications The Internet

Protecting IM From Big Brother 185

holden writes "Ian Goldberg, leading security researcher, professor at the University of Waterloo, and co-creator of the Off-the-Record Messaging (OTR) protocol recently gave a talk on protecting your IM conversations. He discusses OTR and its importance in today's world of warrant-less wire tapping. OTR users benefit from being able to have truly private conversations over IM by using encryption to obtain authentication, deniability, and perfect forward secrecy, while working within their existing IM infrastructure. With the recent NSA wiretapping activities and increasing Big Brother presence, security and OTR are increasingly important. An avi of the talk is available by http as well as by bittorrent and a bunch of other formats."
This discussion has been archived. No new comments can be posted.

Protecting IM From Big Brother

Comments Filter:
  • Encryption (Score:5, Insightful)

    by nurb432 ( 527695 ) on Friday November 23, 2007 @06:35PM (#21458267) Homepage Journal
    Its time to implement encryption of ALL traffic from ALL applications. Perhaps even IPC encryption incase you have some sort of 'tap' installed on your computer.

    Sure, it eats resources, but do you want others reading your information? I dont. Not even when its "we are out of milk, please pick some up on the way home", as its NONE OF THEIR BUSINESS.
    • Re:Encryption (Score:4, Informative)

      by rainman_bc ( 735332 ) on Friday November 23, 2007 @06:41PM (#21458319)
      Check out SiMP-Lite [secway.fr]

      It's a fantastic product, I just wish it was multi-platform... Really nice for Windows though...
      • Although OTR and gaim-encryption (now pidgin-encryption) were originally for AIM (as far as I can tell), if you are using pidgin, I see no reason other than possibly some quirks in the plug-in why you could not use them on MSN or any other protocol. I think I have used pidgin-encryption on Jabber.
        • Re: (Score:2, Interesting)

          by jmcnaught ( 915264 )

          I regularly use OTR in Pidgin with MSN and Jabber (Gmail chat) and have never had a problem. Adium X on the Mac also includes OTR support out of the box.

          I try to use OTR as much as possible, all of the time. I figure if I only protect the stuff that needs to be secret, it sticks out like a sore thumb. And the more encrypted traffic on the internet in general, the harder it is for them to break it all even if they do have magic quantum computers.

          Trying to get more people to use PGP/GPG with me over emai

        • It works fine on all protocols. Since it handshakes with the other side by inserting some spaces in between words, it doesn't rely on the lower level of the protocols. As long as the IM service transfers text as typed (and doesn't reformat it or anything en route), it should work just fine. It's quite robust.

          I've always been disappointed that Adium is the only IM client to build in OTR, so it's there for everyone who uses it without an additional install. If Gaim/Pidgin built OTR in too, it would mean a vas
          • There's an old saying that is more or less "encryption is easy, secure implementation is bloody impossible".

            Basically, the problem boils down to encryption keys and the management thereof. When you're connecting to friend X - how do you *know* that you're encrypting with their key? Maybe not-friend Y snuck his key in and you're actually encrypting stuff that goes through Y's hands and he then turns around and sends it to X. (Which is the Alice -> Eve -> Bob issue, where Eve performs a man-in-the-
        • If your paranoid about security with Jabber its better to simply run your own Jabber server.

          Remember its a direct connection between your server and the person your talking to's server.
          Nothing central to tap. Also inter-server connections are usually encrypted by default.
        • by aliquis ( 678370 )
          Do you know if these are the same kinds of encryption that Adium uses? It's based on pidgin atleast.
      • Except that it's completely untrustworthy because it's non-free software. If a major feature of the software is that you can trust it to keep your secrets or protect your privacy, you should be able to trust that it's only going to do what you want it to do. Non-free software inherently doesn't work this way, so none of it is useful for encryption. This program disallows modification, so if you discover that it doesn't do what you want you have no permission to make it do what you want. Forget about hel
    • Re: (Score:2, Funny)

      by Anonymous Coward
      Honey, is that you? We are out of milk, please pick some up on the way home.
    • Re: (Score:2, Interesting)

      by shikadi ( 1100921 )
      It's not just about encryption, it's about privacy too. Do you want instant messaging to be used as evidence against you in the future? The reason it is called OTR is because it really is off the record. Recording of conversations is not evidence that a conversation ever occurred, since it purposely lets anyone forge messages after the conversation is over. If the person you were talking to decides to record everything you say to them, it doesn't matter, since you can easily show that what you said could
      • by nurb432 ( 527695 )
        Encrypting by default still doesn't prove the *log* is legit and only prevents a 3rd party from secretly watching along the way, so i don't see me encrypting everything effecting that..

        And I do agree i have to trust the person at the other end not to divulge/record/forge that i need to get milk.
        • Re:Encryption (Score:5, Informative)

          by Kadin2048 ( 468275 ) * <slashdot...kadin@@@xoxy...net> on Saturday November 24, 2007 @12:04AM (#21460335) Homepage Journal

          Encrypting by default still doesn't prove the *log* is legit and only prevents a 3rd party from secretly watching along the way, so i don't see me encrypting everything effecting that.
          Huh? OTR is specifically designed not to prove that the log is legit. It goes to a lot of work, actually, to ensure that there's a trivial way to fake messages after the fact, just not when a conversation is occurring.

          That means that when you're having a chat with someone, you know that what they're saying to you is their actual words, but that the same cryptography that's giving you privacy can't (theoretically) be used to hang you later, by proving absolutely that you said certain things.

          OTR's logs are designed to be easily forgeable. This is a major difference in its design from many corporate IM clients (e.g. Sametime), which offer encryption but also create authoritative logs that can be referred back to later.

          The point of OTR Messaging is to allow you to have the equivalent of a face-to-face, "off the record" conversation, in the digital, computer-mediated world. Just like when you have an in-person conversation, there's nothing stopping the other person from walking back to their car and blabbing about the whole thing to anyone who'll listen, the encryption itself tries to not serve as authentication after the fact as to what was said.
      • Re:Encryption (Score:5, Insightful)

        by QuantumG ( 50515 ) <qg@biodome.org> on Friday November 23, 2007 @10:24PM (#21459771) Homepage Journal
        Blah, that's a load of shit. It's an academic answer to how to fix the problem of people logging your conversation with them.

        When the log is presented in court the person who logged it will be asked "is this log an accurate representation of the conversation you had with the accused?" and they say "yes, it is" and the defense then has to show not that it is possible that the log was doctored but that person who has just sworn, under penalty of perjury, is lying. They typically do this by showing instances in the past where the person has submitted false evidence to a court, or they can try to show that the person has something to gain by changing the log and that they had the skills (if any special skills are required, which they wouldn't be). It would be a very tough sell and a jury is more likely to believe that the log is accurate because what kind of idiot would lie in court when the punishment is so severe.

        Consider that email is so trivial to fake and yet emails are considered official correspondence in many many many court cases. It's not about the technology, it's about the people making the claims.

        • That's not quite the point either. OTR doesn't make your conversation totally repudiable, because you still have the same logs as a normal, unencrypted conversation.

          It just avoids the problem of having the encryption dig you deeper into a hole, by creating a mathematical proof that you said certain things.

          It basically gives you exactly the same 'wiggle room' as you'd have with a regular logged IM conversation. It doesn't, and can't, guarantee that the person on the other end isn't logging the chat somehow (
        • Re: (Score:3, Interesting)

          by xiphoris ( 839465 )
          Email isn't trivial to fake in such a way that it would stand up to any kind of scrutiny whatsoever. Already there are simple authentication protocols that are becoming widespread enough to secure the average user. If the receiving domain has any kind of proper configuration, it will be able to validate whether a mail was sent properly using one of SPF records, PTR, DomainKeys, or any reputation system.

          Try to fake an email that looks like it authentically came from Amazon.com to a Yahoo account -- even fr
          • Re: (Score:3, Informative)

            by QuantumG ( 50515 )
            The typical email trail presented in a court case is completely intra-domain.

            Ya know, "the boss sent me an email saying we should fire all workers who had signed the latest union agreement".

    • I can think of two reasons not to encrypt everything:
      1. Encryption adds overhead.
      2. A certain popular protocol's encrypted version [ietf.org]'s clients pop up all sorts of warnings if the server certificate is not signed by a known entity.

        Of the three most popular browsers these days, a site with a self-signed certificate shows the following:
        1. IE6 [vgmusic.com]
        2. Firefox 2 [vgmusic.com]
        3. IE7 [vgmusic.com]

        While the average person may know that this is not necessarily bad, mom and pop are probably going to avoid sites that bring up these errors, particularly if they're u

    • If you don't want people knowing you are out of milk, you probably shouldn't post it on /.

      FYI.
  • by EmagGeek ( 574360 ) on Friday November 23, 2007 @06:37PM (#21458281) Journal
    You can't have perfect secrecy unless your RAM contents are also encrypted. Wasn't there some case recently where the RAM contents of some server were subpoenaed in a court case? If your RAM is unencrypted, then your IM conversation is stored in plain text SOMEWHERE, even if it is encrypted on the network stack. Of course, having encrypted RAM would be a HUMONGOUS performance hit, but it could be done. Hmmm..

    Off to the patent office I go..
    • by Cracked Pottery ( 947450 ) on Friday November 23, 2007 @06:51PM (#21458389)
      Fine, let me get those chips out for you. Bring the back after you get the information off of them.
    • Off to the patent office I go..

      Have fun proving that you had the idea before Theo [wikipedia.org].

      • Re: (Score:3, Funny)

        by EmagGeek ( 574360 )
        Well, the idea of encrypting RAM would be obvious to the person skilled in the state of the art, and therefore on its face not patentable. However, there are invariable many novel ways to solve obvious problems that would be patentable. Whether or not I could obtain a patent on the method and apparatus would depend upon the novelty of said method and apparatus.
    • Comment removed based on user account deletion
    • Wasn't there some case recently where the RAM contents of some server were subpoenaed in a court case?
      No, there wasn't. That was just a really misleading Slashdot summary. Assuming we're actually talking about the same thing.
    • Encrypted RAM is admittedly hard, but you're creating a false dichotomy if you're assuming that just because you don't have encrypted RAM, it's not worthwhile to encrypt everything else.

      Particularly if you have an encrypted swap file (which Mac OS X allows, and I assume Linux does too), just because a program was running wouldn't guarantee that a decryption key for it would be stored in memory. And even if it was, grabbing that key out of memory isn't trivial. (It means you have to keep the computer running
    • The ruling of that "subpoena the RAM" case is widely misconstrued. A guy was subpoenaed for IP logs, and he said that since he didn't log IPs, all the IPs were transitory and in RAM. The court said that he could be forced to log IPs, because the RAM already contained the information, it did not require the party to create evidence (in a legal sense). Basically, the wording of the ruling was meant as a side-step around civil procedure rules.
  • by compumike ( 454538 ) on Friday November 23, 2007 @06:38PM (#21458297) Homepage
    This is a good step, and I wish that more people would use encrypted messaging systems. This includes IM, e-mail, and voice.

    However, while encryption can protect against "big brother", you can never eliminate the risk from the other end of the line. What happens if the person you are talking to has a rootkit, or prints out the conversation, or otherwise compromises the data? There's no real way to protect your entire conversation.

    --
    Educational microcontroller kits for the digital generation -- great gift! [nerdkits.com]
    • by caluml ( 551744 )
      Jabber + PSI + SSL + GPG = Safe in transit, at least. However, there's no way you can be sure someone isn't logging everything at their end. It's the whole DRM problem, but just with messages, instead of videos/music.
      • Only if you do the PGP key exchange out of band. If you do it in-band (as Psi tries to do) then you are vulnerable to a trivial man in the middle attack. This is why I haven't bothered to implement PGP in my client yet; all of the current implementations are insecure by design and, until a standard is proposed that is not, there is no point giving users a false sense of security. The standards JIG retracted the proposed PGP XEP a few years ago, and no one implemented the IETF's one because it was too ugl
        • by caluml ( 551744 )

          If you do it in-band (as Psi tries to do)
          No it doesn't. It asks you which GPG key you want to use for contact X. Obviously, it goes without saying that you verify the public key OOB.
    • However, while encryption can protect against "big brother", you can never eliminate the risk from the other end of the line. What happens if the person you are talking to has a rootkit, or prints out the conversation, or otherwise compromises the data? There's no real way to protect your entire conversation.

      Uh, no shit? Obviously you're screwed if the other party is untrustworthy, since the whole point of the communication in question is to transmit your sensitive information to that party. Keep in mind,

      • Comment removed based on user account deletion
        • A voice recording don't prove anything either, unless you can prove that your recording isn't forged. But in any case, you are correct that OTR cannot prevent the other party from intentionally incriminating you, given sufficient planning (for example, having an FBI agent present during the conversation). That's not the point. OTR instead tries to make it impossible for someone who gains access to one of the parties' private keys after the fact to prove that the conversation in question actually happened. F
  • But, it WILL be hacked. Then, a user's smug denial could lead to obstruction of justice charges, or some such.
    • by Goaway ( 82658 )
      Deniability is based on the revelation of information, not hiding. How do you hack something so that it is becomes no longer known?
  • ... I hate to say it, but the most practical secure kind of IM right here right now is probably Skype. Well - you read that story about German police and Skype's chat traffic (like other kinds) is carried over the same encrypted p2p transport as its voice traffic.
    • by Cheesey ( 70139 )
      Skype isn't very trustworthy. My favourite link about Skype security [blackhat.com]. You can't necessarily trust a closed source app with confidential information.

      If you need a "ghetto" works-almost-anywhere free secure instant messenger to talk to Alice or Bob, create an account for your friend on your Linux machine and let them SSH in using PuTTY. Then use "write" to talk to each other, or if you're really fancy, use "talk". SSH is great for this because it (a) uses strong crypto, (b) lets you check for man-in-the-middl
      • You could probably also boot into a VM and run Linux from within there, possibly off a LIVE CD, which would mean that you could still maintain a secure channel without having to reboot your computer. A windows virus could still spy on the VM, but if would have to be pretty advanced, and not your standard run of the mill spyware to spy on the contents of a VM.
        • by Bert64 ( 520050 )
          Or it could just keystroke you, as a lot of windows spyware already does.
          Doesnt matter that your running a vm, your keystrokes are still being processed by windows and thus fair game.
          Spyware also already takes screenshots, you'd need the vm on screen to interact with it so your screwed there too.
  • We use AIM for communication at my company. One problem is half the people use GAIM, the other half use Trillian, and each have separate standard encryption plug-ins which are incompatible. Of course it is free software and I could jump in and work on this but I am too busy. The main reason we had encrypted conversations was to send passwords to one another.
    • I use Gaim OTR, and my buddy used Trillian OTR (without him even realizing it incidently). There was a Gaim encryption plugin before the OTR plugin, but I don't know anyone using that anymore.
    • by Bert64 ( 520050 )
      You use a third party service for internal communications? That's utterly ridiculous!
      Set up an internal jabber server, and force it to use SSL for client communications, that way nothing travels over your internal network without SSL and nothing leaves your internal network at all.
      • MOD PARENT UP. Trusting a third party IM network for internal communications is negligent and, since you can't do server-side logging, may well put you on the wrong side of regulatory compliance.
  • by Futurepower(R) ( 558542 ) on Friday November 23, 2007 @07:10PM (#21458563) Homepage
    Quote: "With the recent NSA wiretapping activities and increasing Big Brother presence, security and OTR are increasingly important."

    The real problem is U.S. government corruption. See this example from Cooperative Research, a complete 911 Timeline of 3962 events: U.S. Government corruption TimeLines [cooperativeresearch.org].

    The government should serve the people, not spy on them.
  • 1984 (Score:3, Funny)

    by dotancohen ( 1015143 ) on Friday November 23, 2007 @07:12PM (#21458585) Homepage
    I find it fitting that someone named Goldberg is warning us about Big Brother.
  • by NotQuiteReal ( 608241 ) on Friday November 23, 2007 @07:14PM (#21458609) Journal
    They are sitting in plain text on my HDD.

    Anyone who is IM'ing with super-secret encoding and hoping that they are safe better not be IM'ing me, or someone like me who checks the "log" button...

    Sorry, sometimes I like to refer back to them, and that is the way they are kept. I am too lazy to do anything about it.

    I always assume I am just part of the noise in the s/n ratio that "they" are listening to.

    What's the opposite of tin-foil hat?

  • The organization that is serving the talk has a <a href="http://csclub.uwaterloo.ca/office/webcam.html">wecbcam ( http://csclub.uwaterloo.ca/office/webcam.html )</a> in there office. Despite serving an avi file linked directly from the slashdot page, there doesn't seem to be fire :P
  • Isn't EVERYONE very upset that we need these types of applications these days? Why does it seem reasonable that EVERYONE needs to hide their communications from their own governments? Shouldn't we be more upset that things have gotten so out of hand?
  • HR 1955 (Score:5, Informative)

    by CranberryKing ( 776846 ) on Friday November 23, 2007 @08:10PM (#21458995)
    If this bill [govtrack.us] passes, you won't be able to use OTR without being carted off. Call your senator and tell them to vote NO.
    • Re: (Score:2, Informative)

      by iminplaya ( 723125 )
      `The Congress finds the following: ...

      The Internet has aided in facilitating violent radicalization, ideologically based violence, and the homegrown terrorism process in the United States by providing access to broad and constant streams of terrorist-related propaganda to United States citizens.


      Uuuh huh.
    • I gave the bill a read over, but I don't see where it does what you say it does. Could you offer a quote or a line number or something?
    • by kindbud ( 90044 )
      I looked at the text of the bill, and can't find anything that touches on the use of encryption. You sure you got the right bill?
  • A friend of mine recently questioned whether all our IM conversations were being watched by the NSA. I said most likely it all runs through a computer of theirs at some point thanks to AT&T. He decided the best way to find out was to say everything that we could think of that might throw some red flags and see what happened.

    Needless to say neither one of us vanished in the night, and neither of us received any unwanted visitors.
    • by JoelKatz ( 46478 )
      You don't know any of the keywords they would be searching for.
      • How about just sticking 250 keywords into every /. post? [echelonspoofer.com]

        PGP 5.0i b9 csystems Bugs Bunny NAWAS DUVDEVAN NMS D-11 Cohiba emc JRB detonators JTF ITSDN GRS SIG credit FSK UFO GGL CDMA buzzer Bluebird VOA card MP40 TDYC FCIC CTP gorilla Tajik explicit Golf EODC CIDA CCC toad EODN AC detcord SUR 877 Delta SCIF Kiwi Mayfly white noise NLSP Forte Pesec PLA Vanuatu wetsu GRU fritz snullen SADMS ESN ACC rsta Mafia NSO SAMF OAU Spoke Halibut jaws NSG WID JASSM Cable & GEBA Satellite phones NAVWAN O/S SADRS mjtf

        • Oh listen ... Sirens and S.W.A.T. teams.

          I'm popular today.

          12 minutes response, I must be the Anti-Christ lol

    • that you know of...

      They might have carted him off, and be impersonating him, waiting for you to incriminate yourself :-p
    • by Bert64 ( 520050 )
      Because someone will have read your conversation, seen what you were trying to do and discarded it.
    • Or, a shocking and novel thought, the people at the NSA actually aren't idiots. Their automated system just flagged you for closer attention. I would very much doubt that typing a few keywords into an IM conversation would do more than just flag you with a higher probability of a 'random' baggage inspection next time you fly.
  • Hmm (Score:2, Interesting)

    Nice how a Canadian researcher is looking into solutions to a mostly US problem, at least it is always US media talking about wiretaps. Perhaps if ~21% of the US budget wasn't blown on the military and God knows how much more on espionage, everyone wouldn't have to be as paranoid. My solution: if big brother gets the brillant idea to tap innocent people for no reason, big brother should invest in a gun and blow his brains out.
  • by blumpy ( 84889 ) on Friday November 23, 2007 @11:59PM (#21460305)
    Putty and openssh clients can act as a SOCKS proxy server.

    Simply ssh to your machine at home... direct Pidgin / GAIM / MSN (or any SOCKS capable app) to use your new local proxy server and your traffic is hidden from corporate big brother.

    Once traffic leaves your machine to the internet, it's goes out unencrypted as usual... only useful to not let the boss know you've got to pick up milk on the way home.

    Also, careful this doesn't hide DNS traffic.
  • by Grendel Drago ( 41496 ) on Saturday November 24, 2007 @12:46AM (#21460537) Homepage
    I have four sets of keys on my machine--keys for SSH, for PGP, for WASTE and for OTR. Why does every app using encryption insist on using its own wrappers for public keys? What's wrong with the infrastructure already present in the OpenPGP standards?
  • Seems like a good way to go, just make sure your server isn't hax0red.

  • OTR exchanges the keys when done, okay. It also does the public key hand-shake on conversation start-- with new keys (no PKI or anything), so a MitM attack works great (heh yeah). Jabber's TLS is horribly broken too, if a MitM happens it doesn't detect it (it can, it should, it won't, sorry, Pidgin doesn't alert you for crap; I filed a bug on Trac though).

    A lot of people think encryption == secure; it doesn't.

Technology is dominated by those who manage what they do not understand.

Working...