Tutorials

Locking Down Instant Messaging with Pidgin and OTR

Pidgin-2If you haven’t heard of Pidgin, you are missing out on a fantastic utility that unifies all of your instant messaging platforms. It’s free, open source, and helps you to consolidate all of your IM networks in one place. Furthermore, it increases security with the OTR plugin and has many, many other useful plugins.

Before you can use Pidgin, though, you would obviously need at least one type of IM account. Unfortunately, it doesn’t allow a user to cross-chat on networks using one account. It does, however, make managing and using all of your different accounts one heck of a lot easier.

Supported instant messaging platforms include AIM, Bonjour, Gadu-Gadu, Google Hangouts (was Google Talk), Groupwise, ICQ, IRC, MIRC, MSN, MXit, MySpaceIM, QQ, SILC, SIMPLE, Sametime, Yahoo!, and Zephyr.

Also, though the OTR (Off the Record) plugin was originally created for Pidgin, the code has been expanded to plugin to other types of software as well. OTR helps improve your online security by offering encryption, authentication, deniability, and PFS (perfect forward secrecy).

Additional Options and Supported Platforms

Pidgin and OTR are supported on both Windows and Linux platforms, but you do have some other options. For example, Windows users can alternatively opt for Miranda IM which can also use the OTR plugin. If you are a MAC user, you can use Adium which makes good use of OTR. Lastly, a good multiplatform option is Gibberbot, which again supports OTR.

Setting Up Pidgin and OTR

The first thing you will need to do is visit their website and download a copy of Pidgin. After the install procedure has completed, don’t run it if you want to install OTR. The bottom line is that Pidgin will need to be closed when you install OTR. So next, download OTR and install it.

Now that OTR has been installed, fire up Pidgin. The first time that you run it Pidgin will send you through a wizard to setup your IM accounts. The configuration options vary a little between each IM service. You will want to select your desired service and fill in any relevant information such as usernames and passwords. After filling in your information, click the Add button. As a general rule of thumb for best security practices, you shouldn’t check the box that allows the application to remember your password.

Configure OTR for Security

Pidgin-3Now you will want to browse to Tools and Plugins. Optionally, you can just hit ctrl + U. Scroll through the list of plugins until you see OTR and check its check-box.

Next you will need to generate a unique private key using the handy Generate button. After clicking the button, you should see a lot of hexadecimal code to the right of the text that says “fingerprint.” Now your messages will be encrypted when you choose to encrypt them, but your buddies also need to follow the same steps.

Start a conversation with one of your buddies. To start, you should see the text ‘not private,’ indicating that your IM text is not encrypted. Simply click on the ‘not private’ button and select ‘Start a private conversation’ to encrypt your messages. Now you have succeeded in encrypting your data, but you still have not verified the identity of your buddy.

Authentication

There are several ways you can use authentication to confirm the identity of your conversation partner including a question and answer, a shared secret, or manual fingerprint verification methods. You could send them an encrypted email to confirm their identity or even call them on the telephone first. However, the NSA has been gathering bulk telephone communications in the recent past. Though their surveillance capabilities are becoming more limited, it is best to avoid this. Wiretapping is, after all, a very real and serious threat.

Optionally, you can click on the ‘unverified’ button and choose an authentication method. If you select question and answer, your buddy will need to answer a question that ideally only they would know the answer to. The shared secret option, on the other hand, is a password or phrase that you have already agreed upon with your buddy. You should note, however, that these methods are case sensitive and they need to match exactly to verify your buddy.

If you want to keep your IM conversations safe from prying eyes, Pidgin combined with OTR is a great way to achieve encryption and authentication. It’s free, easy to setup, and offers strong security.

There are three ways to authenticate that your Pidgin buddy is who you think he or she is.  The ‘Question and Answer’, ‘Shared secret’ or ‘Manual Fingerprint verification methods. All methods require communicating with your Buddy using a different communication method to Pidgin. In-person is best, but PGP encrypted email is another good option. Telephone conversation is often recommended, but thanks to NSA’s widespread telephone surveillance program, this option is best avoided.

Renee Biana

VPN Pick brings you all the latest vpn news, reviews and discounts.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Exclusive Offer: Get a 49% Discount off ExpressVPN   Get This Deal
close
open