Instant Messaging with Off the Record (OTR) Encryption

Background

Given the National Security Agency and various telecom providers warrantless wiretapping activities, your instant messaging (IM) traffic, in fact all of your traffic is becoming available to prying eyes. Even using SSL encryption for public IM services (AOL, MSN, YIM, etc) are not helpful as a subpoena forces them to turn over the logs of the conversation which they store on their server. Sometimes it does not even take a subpoena.

This is where Off-the-Record (OTR) messaging comes into play. Created by Ian Goldberg, Chris Alexander and Nikita Borisov, OTR provides four major items to ensure private conversations.

- Encryption
No one else can read your instant messages.

- Authentication
You are assured the correspondent is who you think it is.

- Deniability
The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.

- Perfect forward secrecy
If you lose control of your private keys, no previous conversation is compromised. [1]

Ian Goldberg provides a terrific explanation of why current methods for IM privacy do not work (i.e. GPG/PGP) and how OTR works. At the bottom of the page is a link to the OGG/Theora torrent. Torrents for other versions (i.e. AVI, MPEG) are available here.

Implementations

There are several ways to take advantage of OTR. One is to use a client which include either native OTR support or an OTR plugin. Such clients include Adium X (native), mICQ (native), Miranda (plugin) and Pidgin (plugin). The other option, if you choose not to use any of these clients, is to use otrproxy. Please note, otrproxy is currently limited to support for AIM and ICQ only, cannot use additional proxies (i.e. Tor) and cannot change the configuration of the ports it uses.

Downloads

File: ian-goldberg-otr.ogg.torrent
Size: 37,359 bytes
Date: 2008-05-02 14:49:56 -0700
MD5: acbff330ff22ae1aff4fbc9d7d25b1f5
SHA-1: cb37d1b9702d94e8d623aa529a38cd8bb420ffb4
RIPEMD-160: 4e7937785ef3ed48f7962c8820e24e8d56126f43
PGP Signature: ian-goldberg-otr.ogg.torrent.asc
[Valid HTML 4.01 Trans] Validated by HTML Validator (based on Tidy) Copyright 2006-2008 Patrick R. McDonald <marlowe@antagonism.org> (GPG key)
This document last modified 2008-07-14 14:33:05 -0700