Wednesday, January 30, 2013

How to Protect Your Instant Messaging and Voice Chat Communications From Prying Eyes

Instant messaging is a useful tool. Most of us who've been on the Internet for any length of time have used some sort of IM program and a good number of us still use it regularly in our day to day communication with friends, colleagues  and families.  But instant messaging conversations are often like screaming out into a void. While they aren't openly accessible to someone watching our Internet connection, the companies who provide the services we use usually have pretty ready access to everything we say and do in an IM conversation.

While the easy access service providers have to our conversations don't matter to some. Others among us would rather our conversations be completely private even from the companies providing us the IM service.  And there's good reason for that desire. According to the annual Google Transparency Report, law enforcement requests for private user data (email, IM conversations, files, etc) are up more than 13% this year.  Law enforcement wants our data and, while their requests might indeed be valid in some cases, their increased demand strongly illustrates the importance of protecting what we say online.

So how do we protect our online communications?  Let me start off by saying this bluntly and clearly: WE STOP USING AND RELYING ON SKYPE!

Most people believe Skype is safe because Microsoft says it's encrypted. The problem is that Microsoft holds the encryption keys and can decrypt your chats and voice conversations any time they want. You have no control over the security of your communications with Skype. Trusting it to make sure you're secure is like doing nothing at all.

In order to be truly secure, all encryption functions must be under your control at all times. That's where 'off the record' messaging and encrypted voice comes into play.

Off-the-record messaging is a way to securely generate and exchange encryption keys during a clearly readable instant messaging conversation. Once those keys are exchanged, every message you type is encrypted and sent over the Internet to your chat partner. Even the service you're using to chat over (like Google Talk or Yahoo Messenger) can't see what you're saying. Only your partner can decrypt your message. It's completely secure.

Encrypted voice is yet another way to enhance your Internet communications with security. Several ways exists to accomplish this but the most trusted and recommended one by security experts like cryptography expert Bruce Schneier is ZRTP.  ZRTP was developed by the creator of PGP, Phil Zimmermann and is a trusted way to secure voice based communication. ZRTP allows you and your chat partner to securely exchange encryption keys then encrypt your voice chat to each other using those keys. Just like with off-the-record instant messaging, even your chat service provider has no idea what you're saying.

There are a number of programs that implement the technologies we discussed above. Some of them will implement all of the features we talked about while others only implement a subset of them. The important thing is to find something that works for your needs and use it. Stop sacrificing your privacy to Skype and Google. There are tools to help you protect yourself if you're willing to use them.

Recommended Programs for Windows:

  • Jitsi (www.jitsi.org)
  • Pidgin (www.pidgin.im)
Recommended Programs for Mac
  • Adium (www.adium.im)
Recommended Programs for Linux
  • Jitsi (www.jitsi.org)
  • Pidgin (www.pidgin.im)
In future articles, we'll discuss ways to make sure that you're completely secure while using these programs. Specifically, we'll discuss the technologies surrounding data analysis and encrypted voice. Until then, get yourself protected!

No comments: