How can I chat securely online?
Chatting securely online is actually fairly simple. The method available allows you to connect your account to your computer, smartphone, tablet, or any device. The service is called Jabber. Jabber uses a protocol known as XMPP. XMPP was originally named Jabber just as a side note. I will get into security features below, but one great thing about XMPP is that you can run your own XMPP server. XMPP is not dependent on one central server, its all independent. With all other name brand apps, you HAVE to use their server, and you don’t know where the data is going. With Jabber, you can choose to know who is handling your data. XMPP has a huge technical background to it, so read the Wikipedia article on it if you want to learn how it operates.
How is XMPP/Jabber secure?
This chat client is secure due to its open source nature. Virtually all Jabber services allow encryption to be enabled, and/or its enabled by default. My personal favorite, DuckCo XMPP, automatically forces encryption. On mobile, on the computer, and on any client, the duck.co server forces your chat to be encrypted. Encryption is just the start to a secure chat. This means that your ISP, and outside intruders cannot read the messages begin sent, and/or received over the network. Even if you are using this app over 2G, 3G, or 4G network lines, its still encrypted. But then XMPP takes one more step. Almost all servers by default log data. I am not sure if the DuckCo server automatically logs data. I would personally assume that they purge their data if they retain any any. But we can go one step further to secure the chat. With XMPP we can use OTR/Off the Record chats. The chats are %100 anonymous. Chats with OTR can never be logged, and the data may have never even been there before. This works by installing the cypherpunks.ca OTR certificate. Then you will start a private chat with the other party, and nothing is logged. No conversations can be comprised, simply because the data is retained.
How do I set this up?
Setting this up may sound complicated, but it is actually very easy. This can be used on Windows, Mac OSX, Linux, iOS, Android, and is supported across a genre of other devices. To start, you will want to download the client.
If you are on the computer, you will want to download Pidgn. Windows uses Pidgn, Mac OSX uses Adium, and Linux uses a Pidgn/Custom build. All the downloads are available from the Pidgn download page, even the source code. Once that is downloaded and set up open the client. You will now need to go to duck.co, or whichever XMPP server you want to use. Here is a list, also DuckDuckGo has a reliable XMPP server (you register inside the Pidgn client). I recommend using Duck.co. Click the register button on the website. Put in your desired username, and password. You can put in a fake email, they don’t ever email you or require verification. Once done open up Pidgn, and go to Accounts> Manage Accounts> Add
Enter Username@jabber.me into the username field, and enter your password into the password field. Click remember password, then click Add. You may have to click authorize a few times, and let it connect. Once connected, tell your friends to chat with you at email@example.com. To add a friend, click Buddies> + Add Buddy, put in their firstname.lastname@example.org (or their XMPP service), and hit add. It will prompt them to authorize, then you will have to authorize the adding, then you are available to chat. To install the Off the Record chat, go to https://otr.cypherpunks.ca/ and download the .exe, or the file your client uses. Follow the set up instructions it gives, and let it install. Once that is done, go into Pidgn, navigate to Tools> Plugins> Off-the-Record Messaging (make sure its checked).
Set up is just about the same, sign up on Duck.Co, or your preferred service.
- Android – Gibberbot/ChatSecure OTR BUILT IN
Open the ChatSecure app, and hit the + button on the top right of the application. Choose existing account, if your using Duck.Co. It will prompt you with Account Type, click Jabber (XMPP), input your details and let it connect. Once connected click on your account name, and you should see a black screen. To add a contact on the bottom you should see type to filter. Type anything in, and click the Tap to Invite button on the screen, and add your friends email@example.com. Now you can have an encrypted chat from Android to Android, Android to iOS, or Android to Computer. You can also have the same Jabber account on your Android device, hooked up to iOS and/or computer.
- iOS – ChatSecure/Numerous other XMPP related apps OTR BUILT IN
Open up the ChatSecure app. Click the gear icon in the upper right hand corner. Click + New Account> Jabber (XMPP). Enter your firstname.lastname@example.org, and password. Then click remember password. Click Log In in the upper right hand corner. Let it login (THIS APP DOES NOT ALWAYS WORK THE FIRST TIME ON iOS DEVICES. MULTIPLE TRIES MAY BE NECESSARY). Once connected, go back to the main app screen, and click the + in the upper left hand corner. Add your friends email@example.com. Now you can have a secure chat from iOS to iOS, iOS to Android, and/or iOS to Computer. You can also have the same Jabber account on your iOS device, hooked up to Android and/or computer.
Overall secure chat is crucial. You want to know where your data is going, so you should be able to decide. Jabber is the only secure, private, and Off-the-Record chat I trust. Don’t you want to have control over your data?