Playlist
  • Online security veteran?

    Advanced guides to enhance your surveillance self-defense skill set.

    Congratulations! You've already taken steps to improve the safety of your online communications. Now you want to take it to the next level, and with this playlist, you can. You'll learn how to understand threats, verify the identity of the person you're communicating with, and add some new tools to your repertoire.

  • An Introduction to Threat Modeling

    There is no single solution for keeping yourself safe online. Digital security isn’t about which tools you use; rather, it’s about understanding the threats you face and how you can counter those threats. To become more secure, you must determine what you need to protect, and whom you need to protect it from. Threats can change depending on where you’re located, what you’re doing, and whom you’re working with. Therefore, in order to determine what solutions will be best for you, you should conduct a threat modeling assessment.

    When Conducting an Assessment, There are Five Main Questions you Should Ask Yourself:

    1. What do you want to protect?
    2. Who do you want to protect it from?
    3. How likely is it that you will need to protect it?
    4. How bad are the consequences if you fail?
    5. How much trouble are you willing to go through in order to try to prevent those?

    When we talk about the first question, we often refer to assets, or the things that you are trying to protect. An asset is something you value and want to protect. When we are talking about digital security, the assets in question are usually information. For example, your emails, contact lists, instant messages, and files are all assets. Your devices are also assets.

    Write down a list of data that you keep, where it’s kept, who has access to it, and what stops others from accessing it.

    In order to answer the second question, “Who do you want to protect it from,” it’s important to understand who might want to target you or your information, or who is your adversary. An adversary is any person or entity that poses a threat against an asset or assets. Examples of potential adversaries are your boss, your government, or a hacker on a public network.

    Make a list of who might want to get ahold of your data or communications. It might be an individual, a government agency, or a corporation.

    A threat is something bad that can happen to an asset. There are numerous ways that an adversary can threaten your data. For example, an adversary can read your private communications as they pass through the network, or they can delete or corrupt your data. An adversary could also disable your access to your own data.

    The motives of adversaries differ widely, as do their attacks. A government trying to prevent the spread of a video showing police violence may be content to simply delete or reduce the availability of that video, whereas a political opponent may wish to gain access to secret content and publish it without you knowing.

    Write down what your adversary might want to do with your private data.

    The capability of your attacker is also an important thing to think about. For example, your mobile phone provider has access to all of your phone records and therefore has the capability to use that data against you. A hacker on an open Wi-Fi network can access your unencrypted communications. Your government might have stronger capabilities.

    A final thing to consider is risk. Risk is the likelihood that a particular threat against a particular asset will actually occur, and goes hand-in-hand with capability. While your mobile phone provider has the capability to access all of your data, the risk of them posting your private data online to harm your reputation is low.

    It is important to distinguish between threats and risks. While a threat is a bad thing that can happen, risk is the likelihood that the threat will occur. For instance, there is a threat that your building might collapse, but the risk of this happening is far greater in San Francisco (where earthquakes are common) than in Stockholm (where they are not).

    Conducting a risk analysis is both a personal and a subjective process; not everyone has the same priorities or views threats in the same way. Many people find certain threats unacceptable no matter what the risk, because the mere presence of the threat at any likelihood is not worth the cost. In other cases, people disregard high risks because they don't view the threat as a problem.

    In a military context, for example, it might be preferable for an asset to be destroyed than for it to fall into enemy hands. Conversely, in many civilian contexts, it's more important for an asset such as email service to be available than confidential.

    Now, Let’s Practice Threat Modeling

    If you want to keep your house and possessions safe, here are a few questions you might ask:

    • Should I lock my door?
    • What kind of lock or locks should I invest in?
    • Do I need a more advanced security system?
    • What are the assets in this scenario?
      • The privacy of my home
      • The items inside my home
    • What is the threat?
      • Someone could break in.
    • What is the actual risk of someone breaking in? Is it likely?

    Once you have asked yourself these questions, you are in a position to assess what measures to take. If your possessions are valuable, but the risk of a break-in is low, then you probably won’t want to invest too much money in a lock. On the other hand, if the risk is high, you’ll want to get the best locks on the market, and perhaps even add a security system.

    Last updated: 
    2015-01-12
  • Choosing Your Tools

    All digital tools, whether they are hardware or software, should be secure. That is, they should protect you from surveillance, and stop your device from being controlled by others. Sadly, this is currently not the case. For many digital activities, you may end up needing dedicated programs or equipment intended to provide specific security features. Examples we use in this guide include software that allows you to encrypt your messages or files, like PGP.

    But given the large number of companies and websites offering secure programs or hardware, how do you choose the one that's right for you?

    Security is a Process, not a Purchase

    The first thing to remember before changing the software you use or buying new tools is that no tool is going to give you absolute protection from surveillance in all circumstances. Using encryption software will generally make it harder for others to read your communications or rummage through your computer's files. But attacks on your digital security will always seek out the weakest element of your security practices. When you use a new secure tool, you should think about how using it might affect other ways someone could target you. For example, if you decide to use a secure texting program to talk to a contact because you know that your phone might be compromised, might the fact that you're using this program at all give an adversary a clue that you are talking about private information?

    Secondly, remember your threat model. You don't need to buy some expensive encrypted phone system that claims to be “NSA-proof” if your biggest threat is physical surveillance from a private investigator with no access to internet surveillance tools. Alternatively, if you are facing a government that regularly jails dissidents because they use encryption tools, it may make sense to use simpler tricks—like a set of pre-arranged codes—rather than risk leaving evidence that you use encryption software on your laptop.

    Given all that, here are some questions you can ask about a tool before downloading, purchasing, or using it.

    How Transparent is it?

    Even though digital security seems to be mostly about keeping secrets, there's a strong belief among security researchers that openness and transparency leads to more secure tools.

    Much of the software used and recommended by the digital security community is free and open source, which is to say that the code that defines how it works is publicly available for others to examine, modify, and share. By being transparent about how their program works, the creators of these tools invite others to look for security flaws, and help improve the program.

    Open software provides the opportunity for better security but does not guarantee it. The open source advantage relies in part on a community of technologists actually checking the code, which for small projects (and even for popular, complex ones) may be hard to achieve. When you're considering using a tool, see if its source code is available, and whether the code has an independent security audit to confirm the quality of its security. At the very least, software or hardware should have a detailed technical explanation of how it functions, for other experts to inspect.

    How Clear are its Creators About its Advantages and Disadvantages?

    No software or hardware is entirely secure. Creators or sellers who are honest about the limitations of their product will give you a much stronger idea of whether their application is appropriate for you.

    Don't trust blanket statements that say that the code is “military-grade” or “NSA-proof”; these mean nothing and give a strong warning that the creators are overconfident or unwilling to consider the possible failings in their product.

    Because attackers are always trying to discover new ways to break the security of tools, software and hardware often needs to be updated to fix new vulnerabilities. It can be a serious problem if the creators of a tool are unwilling to do this, either because they fear bad publicity, or because they have not built the infrastructure to fix problems.

    You can't predict the future, but a good indicator of how toolmakers will behave in the future is their past activity. If the tool's website lists previous issues and links to regular updates and information—like specifically how long it has been since the software was last updated—you can be more confident that they will continue to provide this service in the future.

    What Happens if the Creators are Compromised?

    When security toolmakers build software and hardware, they (just like you) must have a clear threat model. The best creators will explicitly describe what kind of attackers they can protect you from in their documentation.

    But there's one attacker that many manufacturers do not want to think about: what if they, themselves, are compromised or decide to attack their own users. For instance, a court or government may compel a company to give up personal data or create a “backdoor” that will remove all the protections their tool offers. You may want to consider the jurisdiction(s) where the creators are based. If your threat is from the government of Iran, for example, a US-based company will be able to resist Iranian court orders, even if it must comply with US orders.

    Even if a creator is able to resist government pressure, an attacker may attempt to achieve the same result by breaking into the toolmakers' own systems in order to attack its customers.

    The most resilient tools are those that consider this as a possible attack, and are designed to defend against this. Look for language that asserts that a creator cannot access private data, rather than promises that a creator will not. Look for institutions with a reputation for fighting court orders for personal data.

    Check for Recalls and Online Criticism

    Of course, companies selling products and enthusiasts advertising their latest software can be misled, be misleading, or even outright lie. A product that was originally secure might be discovered to have terrible flaws in the future. Make sure you stay well-informed on the latest news about the tools that you use.

    Do you Know Others who Use the Same Tool?

    It's a lot of work for one person to keep up with the latest news about a tool. If you have colleagues who use a particular product or service, work with them to stay abreast on what's happening.

    Products Mentioned in This Guide

    We try to ensure that the software and hardware we mention in this guide complies with the criteria we've listed above: we have made a good faith effort to only list products that have a solid grounding in what we currently know about digital security, are generally transparent about their operation (and their failings), have defenses against the possibility that the creators themselves will be compromised, and are currently maintained, with a large and technically-knowledgeable user base. We believe that they have, at the time of writing, the eye of a wide audience who is examining them for flaws, and would raise concerns to the public quickly. Please understand that we do not have the resources to examine or make independent assurances about their security, we are not endorsing these products and cannot guarantee complete security.

    Which Phone Should I Buy? Which Computer?

    One of the most frequent questions asked of security trainers is “Should I buy Android or an iPhone?” or “Should I use a PC or a Mac?” or “What operating system should I use?” There are no simple answers to these questions. The relative safety of software and devices is constantly shifting as new flaws are discovered and old bugs are fixed. Companies may compete with each other to provide you with better security, or they may all be under pressure from governments to weaken that security.

    Some general advice is almost always true, however. When you buy a device or an operating system, keep current with its software updates. Updates will often fix security problems in older code that attacks can exploit. Older phones and operating systems are no longer supported, even for security updates. In particular, Microsoft has made it clear that Windows XP and earlier Windows versions will not receive fixes for even severe security problems. If you use XP, you cannot expect it to be secure from attackers. (The same is true for OS X before 10.7.5 or "Lion").

    Last updated: 
    2014-11-04
  • Key Verification

    When encryption is used properly, your communications or information should only be readable by you and the person or people you’re communicating with. End-to-end encryption protects your data from surveillance by third parties, but if you’re unsure about the identity of the person you’re talking to, its usefulness is limited. That’s where key verification comes in. By verifying public keys, you and the person with whom you’re communicating add another layer of protection to your conversation by confirming each other’s identities, allowing you to be that much more certain that you’re talking to the right person.

    Key verification is a common feature of protocols that use end-to-end encryption, such as PGP and OTR. To verify keys without the risk of interference, it's advisable to use a secondary method of communicating other than the one you’re going to be encrypting; this is called out-of-band verification. For example, if you are verifying your OTR fingerprints, you might email your fingerprints to one another. In that example, email would be the secondary communications channel.

    Verifying Keys Out-of-band

    There are several ways to do this. If it can be arranged safely and is convenient, it is ideal to verify keys face-to-face. This is often done at key-signing parties or amongst colleagues.

    If you cannot meet face-to-face, you can contact your correspondent through a means of communication other than the one for which you’re trying to verify keys. For example, if you’re trying to verify PGP keys with someone, you could use the telephone or an OTR chat to do so.

    Regardless of the program that you use, you will always be able to locate both your key and the key of the your communication partner.

    Although the method of locating your key varies by program, the method of verifying keys remains approximately the same. You can either read your key’s fingerprint aloud (if you are face-to-face or using the telephone) or you can copy and paste it into a communications program, but whichever you choose, it is imperative that you check every single letter and numeral.

    Tip: Try verifying keys with one of your friends. To learn how to verify keys in a specific program, visit that program’s how-to guide.

    Last updated: 
    2015-02-10
  • How to: Use TextSecure (Android)

    TextSecure is a messaging app that allows users to send confidential messages with their mobile phone using end-to-end encryption. The app works over a Wi-Fi or data connection, but can also be used to send SMS if such a connection is unavailable.

    TextSecure can also be used to send SMS to non-TextSecure users, however, those messages will not be encrypted in transit. Encrypted text messages are marked with a small lock. Messages in blue are sent over a data connection, while those in green have been sent over SMS. Both sides have to be using TextSecure for the messages to be secure while they travel over the Internet. You can set up a passphrase that will encrypt these conversations when they are stored on your local phone. This means that they are better protected against being read if your phone is seized or compromised.

    TextSecure is available in more than 30 languages. You can change the language of the app by selecting “Settings” then “Language.”

    How to install TextSecure

    Step 1: Download and Install TextSecure

    On your Android phone, enter the Google Play store and search for “TextSecure.” Select the app, “TextSecure Private Messenger.”

    Why can't I download TextSecure without signing up for Google Play?

    To prevent tampering or data collection by third parties, it would be better if the Android version of TextSecure was downloadable outside of Google's "Google Play" app store. Unfortunately, for now, these programs use some of Google's infrastructure for software updates and for "push" notifications. You can read more about the creators' reasoning for this decision here.

    Select “Install” and accept the Terms of Service by selecting “Accept.” The app will download and install automatically.

    Step 2: Create a Passphrase to Encrypt Data Locally

    Open the app. You will be prompted to create a passphrase in order to locally encrypt your data. This means that your data will be encrypted in transit, and that your messages will also be encrypted locally on your phone. If you choose to skip this step, your messages will still be encrypted in transit, but will not be protected on your device. For more information on selecting a strong passphrase, see our module on Passwords.

    Step 3 (optional): Import Existing Text Messages

    You will then be asked if you would like to import your existing text messages into TextSecure’s encrypted database. This is up to you: It simply means that old text messages (SMS) will be imported into the TextSecure app and encrypted.

    Step 4 (optional): Register Your Phone with TextSecure

    The next screen will prompt you to “Connect with TextSecure” by registering your mobile phone number with TextSecure. This will allow you to avoid SMS charges in some cases when communicating with other TextSecure users. This is an optional step. Once you have registered your phone, TextSecure will automatically verify your number using a text message.

    Verifying Keys

    TextSecure uses end-to-end encryption. When you first send a message to another contact that uses the app, the app will initiate a key exchange message with the other user.

    You will want to verify keys with the other user (for more information, view the module on Key Verification). To view the keys, click on the padlock icon in the top right of the screen and select “Verify Identity.” You will be shown two sets of keys: one belonging to you and one belonging to the other user.

    TextSecure supports manual verification or verification by scanning the other user’s barcode. If you are in the same room as the other person, you can easily scan the barcode on their phone (reachable by clicking on the lock icon on the menu bar at the top of your conversation, selecting “verify identity” and then clicking on the barcode icon) or read your keys aloud to one another.

    If you are not in the same room, there are different ways to verify keys with varying degrees of trustworthiness. For example, you can read your keys aloud to one another on the phone if you recognize one another’s voices or send them using another verified method of communication such as PGP or OTR.

    Last updated: 
    2014-11-18
  • An Introduction to Public Key Cryptography and PGP

    PGP stands for Pretty Good Privacy. It's actually very good privacy. If used correctly, it can protect the contents of your messages, text, and even files from being understood even by well-funded government surveillance programs. When Edward Snowden says “encryption works,” it's PGP and its related software that he is talking about. It should be noted that it's not unheard of for governments to steal private keys off of particular people's computers (by taking the computers away, or by putting malware on them using physical access or with phishing attacks), which undoes the protection and even allows for reading old mail. This is comparable to saying that you might have an unpickable lock on your door, but somebody might still be able to pickpocket you in the street for your key, then copy it and sneak it back into your pocket—and hence get into your house without even picking the lock.

    Unfortunately, PGP is also pretty bad at being easy to understand, or use. The strong encryption that PGP uses—public key encryption—is ingenious, but hard to wrap your head around. PGP software itself has been around since 1991, which makes it the same vintage as the early versions of Microsoft Windows, and its appearance hasn't changed much since then.

    The good news is that there are many programs available now which can hide the ancient design of PGP and make it somewhat easier to use, especially when it comes to encrypting and authenticating email—the main use of PGP. We've included guides to installing and operating this software elsewhere.

    Before you play around with PGP or other programs that use it, though, it's worth spending a few minutes understanding the basics of public key encryption: what it can do for you, what it can't do, and when you should use it.

    A Tale of Two Keys

    When we use encryption to fight surveillance, here's what we're trying to do:

    We take a clearly readable message like “hello mum.” We encrypt that into a coded message that is incomprehensible to anyone looking at it (“OhsieW5ge+osh1aehah6,” say). We send that encrypted message over the Internet, where it can be read by lots of people, but hopefully not understood by any of them. Then, when it arrives at its destination, our intended recipient, and only our intended recipient, has some way of decrypting it back into the original message.

    How does our recipient know how to decode the message, when nobody else can? It must be because they know some extra information that nobody else knows. Let's call this the decoding key, because it unlocks the message inside the code.

    How does the recipient know this key? Mostly, it's because the sender has previously told them the key, whether it's “try holding the message up in a mirror” or “take each letter and convert it to the next letter in the alphabet.” There's a problem with this strategy though. If you're worried about being spied upon when you send your coded message, how do you send the recipient the key without someone spying on that conversation too? There's no point sending an ingeniously encrypted message if your attacker already knows the key to decoding it. And if you have a secret way to send decoding keys, why don't you just use that for all your secret messages?

    Public-key cryptography has a neat solution for this. Each person in a conversation has a way of creating two keys. One is their private key, which they keep to themselves and never let anyone else know. The other is a public key, which they hand out to anyone who wants to communicate with them. It doesn't matter who can see the public key. You can put it online where everyone can see it.

    The “keys” themselves are, at heart, actually very large numbers, with certain mathematical properties. The public key and private key are connected. If you encode something using the public key, then someone else can decode it with its matching private key.

    Let's see how that might work. You want to send a secret message to Aarav. Aarav has a private key, but like a good public key encryption user, he has put its connected public key on his web page. You download the public key, encrypt the message using it, and send it to him. He can decode it, because he has the corresponding private key – but nobody else can.

    Sign of the Times

    Public key cryptography gets rid of the problem of smuggling the decoding key to the person you want to send a message to, because that person already has the key. You just need to get hold of the matching public, encoding key, which the recipient can hand out to everyone, including spies. Because it's only useful for encoding a message, it is useless for anyone trying to decode the message.

    But there's more! If you encode a message with a certain public key, it can only be decoded by the matching private key. But the opposite is also true. If you encode a message with a certain private key, it can only be decoded by its matching public key.

    Why would this be useful? At first glance, there doesn't seem to be any advantage to making a secret message with your private key that everyone in the world (or at least, everyone who has your public key) can crack. But suppose I wrote a message that said “I promise to pay Aazul $100,” and then turned it into a secret message using my private key. Anyone could decode that message—but only one person could have written it: the person who has my private key. If I've done a good job keeping my private key safe, that means me, and only me. In effect, by encoding it with my private key, I've made sure that it could only have come from me. In other words, I've done the same thing with this digital message as we do when we sign a message in the real world.

    Signing also makes messages tamper-proof. If someone tried to change that “I promise to pay Aazul $100” into “I promise to pay Bob $100,” they would not be able to re-sign it using my private key. So a signed message is guaranteed to originate from a certain source, and not be messed with in transit.

    So public key cryptography lets you encrypt and send messages safely to anyone whose public key you know. If others know your public key, they can send you messages, which only you can decode. And if people know your public key, you can sign messages so that those people will know they could only have come from you. And if you know someone else's public key, you can decode a message signed by them, and know that it only came from them.

    It should be clear by now that public key cryptography becomes more useful, the more people know your public key. It should also be apparent that you need to keep your private key very safe. If someone else gets a copy of your private key, they can pretend to be you, and sign messages claiming that they were written by you. PGP has a feature that lets you “revoke” a private key, and warn people it's no longer trustable, but it's not a great solution. The most important part of using a public key cryptography system is to guard your private key very carefully.

    How PGP Works

    Pretty Good Privacy is mostly concerned with the minutiae of creating and using public and private keys. You can create a public/private key pair with it, protect the private key with a password, and use it and your public key to sign and encrypt text. It will also let you download other people's public keys, and upload your public keys to “public key servers,” which are repositories where other people can find your key. See our guides to installing PGP-compatible software in your email software.

    If there's one thing you need to take away from this overview, it's this: you should keep your private key stored somewhere safe, and protected with a long password. You can give your public key to anyone you want to communicate with you, or who wants to learn whether a message truly came from you.

    Advanced PGP: The Web of Trust

    You may have spotted a potential flaw in how public key cryptography works. Suppose I started distributing a public key that I say belongs to Barack Obama. If people believed me, they might start sending secret messages to Barack, encrypted using the key. Or they might believe anything signed with that key is a sworn statement of Barack. This is quite rare, and yet it has actually happened to some people in real life, including to some of the authors of this document—some people writing to them have been fooled! (We don't know for sure in these instances whether or not some of the people who make the fake keys were really able to intercept the messages in transit and read them, or whether it was the equivalent of a prank to make it more inconvenient for people to have a secure conversation.)

    Another sneaky attack is for an attacker to sit between two people talking online, eavesdropping on their entire conversation, and occasionally inserting the attackers own misleading messages into the conversation. Thanks to the design of the Internet as a system that ferries messages across many different computers and private parties, this attack is entirely possible. Under these conditions (called a “man-in-the-middle attack”), exchanging keys without prior agreement can get very risky. “Here's my key,” announces a person who sounds like Barack Obama, and sends you a public key file. But what's to say someone didn't wait until that moment, jam the transmission of Obama's key, and then insert his or her own?

    How do we prove that a certain key really does belong to a certain person? One way is to get the key from them directly, but that's not much better than our original challenge of getting a secret key without someone spotting us. Still, people do exchange public keys when they meet, privately and at public cryptoparties.

    PGP has a slightly better solution called the “web of trust.” In the web of trust, if I believe a key belongs to a certain person, I can sign that key, and then upload the key (and the signature) to the public key servers. These key servers will then pass out the signed keys to anyone who asks for them.

    Roughly speaking, the more people who I trust that have signed a key, the more likely it is that I will believe that key really belongs to who it claims. PGP lets you sign other people's keys, and also lets you trust other signers, so that if they sign a key, your software will automatically believe that key is valid.

    The web of trust comes with its own challenges, and organizations like EFF are currently investigating better solutions. But for now, if you want an alternative to handing keys to one another in person, using the web of trust and the public key server network are your best option.

    Metadata: What PGP Can't Do

    PGP is all about making sure the contents of a message are secret, genuine, and untampered with. But that's not the only privacy concern you might have. As we've noted, information about your messages can be as revealing as their contents (See “metadata”). If you're exchanging PGP messages with a known dissident in your country, you may be in danger for simply communicating with them, even without those messages being decoded. Indeed, in some countries you can face imprisonment simply for refusing to decode encrypted messages.

    PGP does nothing to disguise who you are talking to, or that you are using PGP to do so. Indeed, if you upload your public key onto the keyservers, or sign other people's keys, you're effectively showing the world what key is yours, and who you know.

    You don't have to do that. You can keep your PGP public key quiet, and only give it to people you feel safe with, and tell them not to upload it to the public keyservers. You don't need to attach your name to a key.

    Disguising that you are communicating with a particular person is more difficult. One way to do this is for both of you to use anonymous email accounts, and access them using Tor. If you do this, PGP will still be useful, both for keeping your email messages private from others, and proving to each other that the messages have not been tampered with.

    Last updated: 
    2014-11-07
  • How to: Use OTR for Mac

    Adium is a free and open source instant messaging client for OS X that allows you to chat with individuals across multiple chat protocols, including Google Hangouts, Yahoo! Messenger, Facebook chat, Windows Live Messenger, AIM, ICQ, and XMPP.

    OTR (Off-the-record) is a protocol that allows people to have confidential conversations using the messaging tools they’re already familiar with. This should not be confused with Google's “Off the record,” which merely disables chat logging, and does not have encryption or verification capabilities. For Mac users, OTR comes built-in with the Adium client.

    OTR employs end-to-end encryption. This means that you can use it to have conversations over services like Google Hangouts or Facebook without those companies ever having access to the contents of the conversations.  However, the fact that you are having a conversation is visible to the provider.

    Why Should I Use Adium + OTR?

    When you have a chat conversation using Google Hangouts or Facebook chat on the Google or Facebook websites, that chat is encrypted using HTTPS, which means the content of your chat is protected from hackers and other third parties while it’s in transit. It is not, however, protected from Google or Facebook, which have the keys to your conversations and can hand them over to authorities or use them for marketing purposes.

    After you have installed Adium, you can sign in to it using multiple accounts at the same time. For example, you could use Google Hangouts, Facebook, and XMPP simultaneously. Adium also allows you to chat using these tools without OTR. Since OTR only works if both people are using it, this means that even if the other person does not have it installed, you can still chat with them using Adium.

    Adium also allows you to do out-of-band verification to make sure that you’re talking to the person you think you’re talking to and you are not being subject to a man-in-the-middle attack. For every conversation, there is an option that will show you the key fingerprints it has for you and the person with whom you are chatting. A "key fingerprint" is a string of characters like "342e 2309 bd20 0912 ff10 6c63 2192 1928,” that’s used to verify a longer public key. Exchange your fingerprints through another communications channel, such as Twitter DM or email, to make sure that no one is interfering with your conversation. If the keys don't match, you can't be sure you're talking to the right person. In practice, people often use multiple keys, or lose and have to recreate new keys, so don't be surprised if you have to re-check your keys with your friends occasionally.

    Limitations: When Should I Not Use Adium + OTR?

    Technologists have a term to describe when a program or technology might be vulnerable to external attack: they say it has a large “attack surface.” Adium has a large attack surface. It is a complex program, which has not been written with security as a top priority. It almost certainly has bugs, some of which might be used by governments or even big companies to break into computers that are using it. Using Adium to encrypt your conversations is a great defense against the kind of untargeted dragnet surveillance that is used to spy on everyone's Internet conversations, but if you think you will be personally targeted by a well-resourced attacker (like a nation-state), you should consider stronger precautions, such as PGP-encrypted email.

    Installing Adium + OTR On Your Mac

    Step 1: Install the program

    First, go to https://adium.im/ in your browser. Choose “Download Adium 1.5.9.” The file will download as a .dmg, or disk image, and will probably be saved to your “downloads” folder.

    Double-click on the file; that will open up a window that looks like this:

    Move the Adium icon into the “Applications” folder to install the program. Once the program is installed, look for it in your Applications folder and double-click to open it.

    Step 2: Set up your account(s)

    First, you will need to decide what chat tools or protocols you want to use with Adium. The setup process is similar, but not identical, for each type of tool. You will need to know your account name for each tool or protocol, as well as your password for each account.

    To set up an account, go to the Adium menu at the top of your screen and click “Adium” and then “Preferences.” This will open a window with another menu at the top. Select “Accounts,” then click the “+” sign at the bottom of the window. You will see a menu that looks like this:

    Select the program that you wish to sign in to. From here, you will be prompted either to enter your username and password, or to use Adium’s authorization tool to sign in to your account. Follow Adium’s instructions carefully.

    How to Initiate an OTR Chat

    Once you have signed in to one or more of your accounts, you can start using OTR.

    Remember: In order to have a conversation using OTR, both people need to be using a chat program that supports OTR.

    Step 1: Initiate an OTR Chat

    First, identify someone who is using OTR, and initiate a conversation with them in Adium by double-clicking on their name. Once you have opened the chat window, you will see a small, open lock in the upper left-hand corner of the chat window. Click on the lock and select “Initiate Encrypted OTR Chat.”

    Step 2: Verify Your Connection

    Once you have initiated the chat and the other person has accepted the invitation, you will see the lock icon close; this is how you know that your chat is now encrypted (congratulations!) – But wait, there’s still another step!

    At this time, you have initiated an unverified, encrypted chat. This means that while your communications are encrypted, you have not yet determined and verified the identity of the person you are chatting with. Unless you are in the same room and can see each other’s screens, it is important that you verify each other’s identities. For more information, read the module on Key Verification.

    To verify another user’s identity using Adium, click again on the lock, and select “Verify.” You will be shown a window that displays both your key and the key of the other user. Some versions of Adium only support manual fingerprint verification. This means that, using some method, you and the person with whom you’re chatting will need to check to make sure that the keys that you are being shown by Adium match precisely.

    The easiest way to do this is to read them aloud to one another in person, but that’s not always possible. There are different ways to accomplish this with varying degrees of trustworthiness. For example, you can read your keys aloud to one another on the phone if you recognize each other’s voices or send them using another verified method of communication such as PGP. Some people publicize their key on their website, Twitter account, or business card.

    The most important thing is that you verify that every single letter and digit matches perfectly.

    Step 3: Disable Logging

    Now that you have initiated an encrypted chat and verified your chat partner’s identity, there’s one more thing you need to do. Unfortunately, Adium logs your OTR-encrypted chats by default, saving them to your hard drive. This means that, despite the fact that they’re encrypted, they are being saved in plain text on your hard drive.

    To disable logging, click “Adium” in the menu at the top of your screen, then “Preferences.” In the new window, select “General” and then disable “Log messages” and “Log OTR-secured chats.” Remember, though, that you do not have control over the person with whom you are chatting—she could be logging or taking screenshots of your conversation, even if you yourself have disabled logging.

    Your settings should now look like this:

    Also, when Adium displays notifications of new messages, the contents of those messages may be logged by the OS X Notification Center. This means that while Adium leaves no trace of your communications on your own computer or your correspondent's, either your or their computer's version of OS X may preserve a record. To prevent this, you may want to disable notifications.

    To do this, select "Events" in the Preferences window, and look for any entries that say "Display a notification." For each entry, expand it by clicking the gray triangle, and then click the newly-exposed line that say "Display a notification," then click the minus icon ("-") at the lower left to remove that line." If you are worried about records left on your computer, you should also turn on full-disk encryption, which will help protect this data from being obtained by a third party without your password.

    Last updated: 
    2015-08-21
  • How to: Use OTR for Windows

    OTR (Off-the-record) is a protocol that allows users of instant messaging or chat tools to have conversations that are confidential. In this guide, you will learn how to use OTR using Pidgin, a free and open source instant messaging client for Windows PC.

    What is OTR?

    OTR (Off-the-record) is a protocol that allows people to have confidential conversations using the messaging tools they’re already familiar with. OTR provides this security by:

    • encrypting your chats
    • giving you a way to make sure that the person you are chatting with really is that person
    • not allowing the server to log or otherwise access your conversations

    This should not be confused with Google's “Off the record,” which merely disables chat logging, and does not have encryption or verification capabilities. While there are several ways to use OTR on Microsoft Windows, we have found the most consistent and easy-to-use tool to be the Pidgin chat client with the pidgin-otr plugin.

    The instant messaging client for Windows PC, Pidgin, automatically logs conversations by default, however you do have the ability to disable this feature. That said, you do not have control over the person with whom you are chatting—she could be logging or taking screenshots of your conversation, even if you yourself have disabled logging.

    Why Should I Use Pidgin + OTR?

    When you have a chat conversation using Google Hangouts or Facebook chat on the Google or Facebook websites, that chat is encrypted using HTTPS, which means the content of your chat is protected from hackers and other third parties while it’s in transit. It is not, however, protected from Google or Facebook, which have the keys to your conversations and can hand them over to authorities or use them for marketing purposes.

    After you have installed Pidgin, you can sign in to it using multiple accounts at the same time. For example, you could use Google Hangouts, Facebook, and XMPP simultaneously. Pidgin also allows you to chat using these tools without OTR. Since OTR only works if both people are using it, this means that even if the other person does not have it installed, you can still chat with them using Pidgin.

    Pidgin also allows you to do out-of-band verification to make sure that you’re talking to the person you think you’re talking to and you are not being subject to a MITM attack. For every conversation, there is an option that will show you the key fingerprints it has for you and the person with whom you are chatting. A "key fingerprint" is a string of characters like "342e 2309 bd20 0912 ff10 6c63 2192 1928,” that’s used to verify a longer public key. Exchange your fingerprints through another communications channel, such as Twitter DM or email, to make sure that no one is interfering with your conversation.

    Limitations: When Should I Not Use Pidgin + OTR?

    Technologists have a term to describe when a program or technology might be vulnerable to external attack: they say it has a large “attack surface.” Pidgin has a large attack surface. It is a complex program, which has not been written with security as a top priority. It almost certainly has bugs, some of which might be used by governments or even big companies to break into computers that are using it. Using Pidgin to encrypt your conversations is a great defense against the kind of untargeted dragnet surveillance that is used to spy on everyone's Internet conversations, but if you think you will be personally targeted by a well-resourced attacker (like a nation-state), you should consider stronger precautions, such as PGP-encrypted email.

    Getting Pidgin

    You can get Pidgin on Windows by downloading the installer from the Pidgin download page.

    Click on the purple DOWNLOAD tab. Don't click the green Download Now button because you’ll want to choose a different installer file. You'll be taken to the download page.

    Don't click the green Download Now button because we want to choose a different installer file. The default installer for Pidgin is small because it doesn't contain all the information and downloads the files for you. This sometimes fails so you will have a better experience with the “offline installer” which contains all the necessary installation material. Click the “offline installer” link. You will be taken to a new page titled “Sourceforge” and after a few seconds, a small popup will ask whether you want to save a file.

    Note that while Pidgin's download page uses "HTTPS" and is therefore relatively safe from tampering, the website it directs you to to download the Windows version of Pidgin is currently Sourceforge, which uses unencrypted "HTTP," and therefore offers no protection. That means that the software you download could be tampered with before you download it.

    This risk would mostly come from either someone with access to the local Internet infrastructure attempting to conduct targeted surveillance against you personally (for instance a malicious hot-spot provider), or a state or government planning to distribute compromised software to many users. The HTTPS Everywhere extension can rewrite Sourceforge download URLs to HTTPS, so it's recommended you install HTTPS Everywhere before downloading any other software. Additionally, in our experience, Sourceforge often has confusing full-page ads on its download pages that can trick people into installing something they may not want to.  You can install an ad blocker before any other software to avoid these confusing ads. Remember to think about your threat model before you download files from unprotected websites.

    Many browsers will ask you to confirm whether you want to download this file. Internet Explorer 11 shows a bar at the bottom of the browser window with an orange border.

    For any browser, it is best to first save the file before proceeding, so click the “Save” button. By default, most browsers save downloaded files in the Downloads folder.

    Getting OTR

    You can get pidgin-otr, the OTR plugin for Pidgin, by downloading the installer from the OTR download page.

    Click the “Downloads” tab to be taken to the “Downloads” section of the page. Click the “Win32 installer for pidgin” link.

    Many browsers will ask you to confirm whether you want to download this file. Internet Explorer 11 shows a bar at the bottom of the browser window with an orange border.

    For any browser, it is best to first save the file before proceeding, so click the “Save” button. By default, most browsers save downloaded files in the Downloads folder.

    After downloading Pidgin and pidgin-otr you should have two new files in your Downloads folder:

    Installing Pidgin

    Keep the Windows Explorer window open and double-click on pidgin-2.10.9-offline.exe. (The filename used in this module may not necessarily match what you see on your own computer.) You'll be asked if you want to allow the installation of this program. Click the “Yes” button.

    A small window opens asking you to select a language. Click the “OK” button.

    A window opens up giving you a quick overview of the installation process. Click the “Next” button.

    Now you get a license overview. Click the “Next” button.

    Now you can see what different components are installed. Don't change the settings. Click the “Next” button.

    Now you can see where Pidgin will be installed. Don't change this information. Click the “Next” button.

    Now you'll see a window with scrolling text until it says “Installation Complete.” Click the “Next” button.

    Finally, you’ll see the last window of the Pidgin installer. Click the “Finish” button.

    Installing pidgin-otr

    Go back to the Windows Explorer window and open and double-click on pidgin-otr-4.0.0-1.exe. You'll be asked if you want to allow the installation of this program. Click the “Yes” button.

    A window opens up giving you a quick overview of the installation process. Click the “Next” button.

    Now you get a license overview. Click the “I Agree” button.

    You will see where pidgin-otr will be installed. Don't change this information. Click the “Install” button.

    Finally, you’ll see the last window of the pidgin-otr installer. Click the “Finish” button.

    Configuring Pidgin

    Go to the Start menu, click the Windows icon, and select Pidgin from the menu.

    Adding an Account

    When Pidgin launches for the first time, you will see this welcome window giving you an option to add an account. Since you don't have an account configured yet, click the “Add” button.

    Now you'll see the “Add Account” window. Pidgin is able to work with many chat systems, but we'll focus on XMPP, formerly known as Jabber.

    At the Protocol entry, select the “XMPP” option.

    At the Username entry, enter your XMPP username.

    At the Domain entry, enter the domain of your XMPP account.

    At the Password entry, enter your XMPP password.

    Checking the box by the “Remember password” entry will make accessing your account easier. Be aware that by clicking “Remember password,” your password will be saved on the computer, making it accessible to anyone who may happen to access your computer. If this is a concern, do not check this box. You will then be required to enter your XMPP account password every time you start Pidgin.

    Adding a Buddy

    Now you will want to add someone to chat with. Click the “Buddies” menu and select “Add Buddy.” An “Add Buddy” window will open.

    At the “Add Buddy” window, you can enter the username of the person you want to chat with. This other user does not have to be from the same server, but does have to use the same protocol, such as XMPP.

    At the “Buddy's username” entry, enter your buddy’s username with the domain name. This will look like an email address.

    At the “(Optional) Alias” entry, you can enter a name of your choice for your buddy. This is entirely optional, but can help if the XMPP account of the person you are chatting with is hard to remember.

    Click the “Add” button.

    Once you have clicked the “Add” button, Boris will get a message asking if he gives authorization for you to add him. Once Boris does, he adds your account and you will get the same request. Click the “Authorize” button.

    Configuring the OTR Plugin

    Now you will configure the OTR plugin so you can chat securely. Click the “Tools” menu and select the “Plugins” option.

    Scroll down to the “Off-the-Record Messaging” option, and check the box. Click on the “Off-the-Record Messaging” entry and click the “Configure Plugin” button.

    Now you will see the “Off-the-Record Messaging” configuration window. Notice that is says “No key present.” Click the “Generate” button.

    Now a small window will open and generate a key. When it is done, click the “OK” button.

    You'll see new information: a 40 character string of text, broken up into 5 groups of eight characters. This is your OTR fingerprint. Click the “Close” button.

    Now click the “Close” button on the Plugins window.

    Chatting Securely

    You are now able to chat with Boris. The two of you can send messages back and forth. However, we're still not chatting securely. Even if you are connecting to the XMPP server, it is possible that the connection between you and Boris is not secure from snooping. If you look at the chat window, notice that it says “Not private” in red on the bottom right. Click the “Not private” button.

    A menu will open up, select “Authenticate buddy.”

    A window will open up. You are asked: “How would you like to authenticate your buddy?”

    The drop-down has three options:

    Shared Secret

    A shared secret is a line of text you and the person you want to chat have agreed to use ahead of time. You should have shared this in person and never have exchanged it over insecure channels such as email or Skype.

    You and your buddy need to enter this text together. Click the “Authenticate” button.

    The shared secret verification is useful if you and your buddy have already made arrangements to chat in the future but haven't yet created OTR fingerprints on the computer you are using. This only works if both of you are using Pidgin.

    Manual Fingerprint Verification

    Manual fingerprint verification is useful if you were already given your buddy's fingerprint and are now connecting with Pidgin. This will not be useful if your buddy changed computers or had to create new fingerprints.

    If the fingerprint you were given and the fingerprint on the screen match, select “I have” and click the “Authenticate” button.

    Question and Answer

    Question and answer verification is useful if you know your buddy but have not established a shared secret nor had a chance to share fingerprints. This method is useful to establish verification based on something both of you know, like a shared event or memory. This only works if both of you are using Pidgin.

    Enter the question you want to ask. Don't make it so simple that someone can guess it easily, but don't make it impossible. An example of a good question would be “Where did we go for dinner in Minneapolis?” And example of a bad question would be “Can you buy apples in Tokyo?”

    The answers must match exactly; so keep that in mind when choosing an answer to your question. Capitalization matters, so you might consider a note in parentheses like (for example: use capitals, lower case).

    Enter the question and answer then click the “Authenticate” button.

    Your buddy will have a window open with the question displayed asking for the answer. They will have to answer and click the “Authenticate” button. Then they will receive a message letting them know if the authentication was successful.

    Once your buddy had completed the authentication procedure, you will get a window letting you know the authentication succeeded.

    Your buddy should also verify your account so that both of you can be sure that the communication is secure. Here is what it would like for Akiko and Boris. Notice the green “Private” icons in the lower right of the chat window.

    Working with Other Software

    The mechanisms to verify the authenticity should work between different chat software such as Jitsi, Pidgin, Adium, and Kopete. You are not required to use the same chat software to use chat over XMPP and OTR, but sometimes there are errors in the software. Adium, a chat software for OS X, has an error receiving the Question and Answer verification. If you find that verifying others is failing for you when you are using Question and Answer verification, check whether they are using Adium and see if you can use another verification method.

    Last updated: 
    2015-02-10
JavaScript license information