When you pick up the phone and call someone, or send a text message, or write an email, or send a Facebook message, or chat using Google Hangouts, other people find out what you’re saying, who you’re talking to, and where you’re located. Such private data might only be available to the service provider brokering your conversation, but it might also be visible to the telecom companies carrying your Internet packets, to spy and law enforcement agencies, and even to some nearby teenagers monitoring your Wi-Fi network with Wireshark.
But if you take careful steps to protect yourself, it’s possible to communicate online in a way that’s private, secret and anonymous. Today I’m going to explain in precise terms how to do that. I’ll take techniques NSA whistleblower Edward Snowden used when contacting me two and a half years ago and boil them down to the essentials. In a nutshell, I’ll show you how to create anonymous real-time chat accounts and how to chat over those accounts using an encryption protocol called Off-the-Record Messaging, or OTR.
If you’re in a hurry, you can skip directly to where I explain, step by step, how to set this up for Mac OS X, Windows, Linux and Android. Then, when you have time, come back and read the important caveats preceding those instructions.
One caveat is to make sure the encryption you’re using is the sort known as “end-to-end” encryption. With end-to-end encryption, a message gets encrypted at one endpoint, like a smartphone, and decrypted at the other endpoint, let’s say a laptop. No one at any other point, including the company providing the communication service you’re using, can decrypt the message. Contrast this with encryption that only covers your link to the service provider, like an HTTPS web connection. HTTPS will protect your message from potential snoops on your Wi-Fi network (like the teenager with Wireshark) or working for your telecom company, but not from the company on the other end of that connection, like Facebook or Google, nor from law enforcement or spy agencies requesting information from such companies.
A second, bigger caveat is that it’s important to protect not only the content of your communications but also the metadata behind those communications. Metadata, like who is talking to whom, can be incredibly revealing. When a source wants to communicate with a journalist, using encrypted email isn’t enough to protect the fact that they’re talking to a journalist. Likewise, if you’re a star-crossed lover hoping to connect with your romantic partner, and keep your feuding families from finding out about the hook-up, you need to protect not just the content of your love notes and steamy chats, but the very fact that you’re talking in the first place. Let’s take a quick look at how to do that.
Meet Juliet, who is trying to get in touch with Romeo. Romeo and Juliet know that if they talk on the phone, exchange emails or Skype chats, or otherwise communicate using traditional means, there’s no way to hide from their powerful families the fact that they’re communicating. The trick is not to hide that they’re communicating at all, but rather that they’re Romeo and Juliet.
Juliet and Romeo decide to make new chat accounts. Juliet chooses the username “Ceres,” and Romeo chooses the username “Eris.” Now when Ceres and Eris have an encrypted conversation it will be harder for attackers to realize that this is actually Juliet and Romeo. When Juliet’s accounts are later audited for evidence of communicating with Romeo — her short-tempered cousin is a bit overbearing, to say the least — nothing incriminating will show up.
Of course, just making up new usernames alone isn’t enough. It’s still possible, and sometimes even trivial, to figure out that Ceres is actually Juliet and Eris is actually Romeo.
Juliet is logging into her Ceres account from the same IP address that she’s using for everything else on her computer (e.g. emails with her favorite friar). If her Internet activity is being logged (it almost certainly is; all of our Internet activity is being logged), it would be easy to connect the dots. If the chat service is forced to hand over the IP address that the Ceres account connects from, they’ll turn over Juliet’s IP address. Romeo has the same problem.
Third-party services, like telecom companies and email providers, have access to private information about their users, and according to the third-party doctrine, these users have “no reasonable expectation of privacy” for this information. And it’s not just illicit lovers who are exposed by this doctrine; even journalists, who can sometimes assert special privilege under the First Amendment, have to be wary of who handles their communications. In 2013, the Justice Department obtained the phone records of Associated Press journalists during a leak investigation. And many news organizations don’t host their own email, making their email vulnerable to U.S. government requests for data — the New York Times and Wall Street Journal outsource their email to Google, and USA Today outsources its email to Microsoft. (This is why we run our own email server at The Intercept.)
In order to keep the fact that she’s communicating private, Juliet must keep a bulletproof separation between her Ceres identity and her real identity. At the moment, the easiest and safest way to do this is by using Tor, the open source and decentralized anonymity network.
Tor is designed to let you use the Internet anonymously. It’s a decentralized network of volunteer “nodes,” computers that help forward and execute Internet requests on behalf of other computers. Tor keeps you anonymous by bouncing your connection through a series of these nodes before finally exiting to the normal Internet. If a single node is malicious, it won’t be able to learn both who you are and what you’re doing; it might know your IP address but not where on the Internet you’re headed, or it might see where you’re headed but have no idea what your IP address is.
Most people who have heard of Tor know about Tor Browser, which you can use to browse the web anonymously. But it’s also possible to use other software to visit Internet services other than the web anonymously, including chat and email.
If Romeo and Juliet use Tor to access their Eris and Ceres chat accounts, and if their conversation is end-to-end encrypted using OTR, then they can finally have a secret conversation online — even in the face of pervasive monitoring.
Juliet and Romeo, having a secret encrypted conversation from anonymous chat accounts (Martha Pettit)
Now that Romeo and Juliet have registered new, anonymous chat accounts using Tor, let’s probe all of the moving parts for weaknesses.
Juliet’s side: An attacker that is monitoring Juliet’s Internet traffic will be able to tell that part of it is Tor traffic, but they won’t have any information about what she’s using Tor for. If they check out who she’s emailing, Skyping with, calling, and texting, they won’t have any evidence that she’s talking to Romeo. (Of course, using the Tor network in and of itself can be suspicious, which is why The Intercept recommends that sources who wish to remain anonymous contact us from a personal computer using a network connection that isn’t associated with their employer. In other words, Juliet might seek out a Starbucks or public library, to be extra safe.)
Romeo’s side: An attacker monitoring Romeo’s Internet traffic will be able to tell that part of it is Tor traffic. If the attacker looks into who Romeo is emailing, calling, texting, and Skyping with, Juliet won’t be on that list.
Chat server’s side: The chat service itself will be able to tell that someone coming from a Tor IP address created the user Ceres, and someone coming from a Tor IP address created the user Eris, and that these two users are sending scrambled messages back and forth. It won’t have any way of knowing that Ceres is actually Juliet or that Eris is actually Romeo, because their IP addresses are masked by Tor. And it won’t have any way of knowing what Ceres and Eris are saying to each other because their messages are all encrypted with OTR. These accounts could just as easily belong to a whistleblower and a journalist, or to a human rights activist and her lawyer, as they could to two mutual crushes trading poetry.
Even with taking these measures, there is quite a bit of metadata you might leak if you aren’t careful. Here are some things to keep in mind:
Tor represents state-of-the-art online anonymity, but providing true anonymity is a nearly impossible problem to solve. There’s an ongoing arms race with Tor developers and academic researchers on one side, and powerful attackers that would like to be able to secretly de-anonymize or censor Tor users on the other.
Tor has never been secure against a “global adversary” — an adversary that can spy on all Tor nodes around the world in real-time — because such an adversary would be able to see traffic from Tor users enter the network, watch it bounce around the world, and then watch it leave the network, making it clear which traffic belongs to which user.
But despite all this, Snowden documents published by The Guardian show that the combined spying power of the Five Eyes (the U.S., U.K., Canada, Australia and New Zealand) doesn’t yet count as a “global adversary,” at least not as of June 2012 when that top-secret presentation was given. It appears that the Western intelligence agencies are only able to opportunistically de-anonymize random unlucky users, and have never been able to de-anonymize a specific user on demand.
As promising as this seems, Tor might not always protect your identity, especially if you’re already under close surveillance. The story of Jeremy Hammond’s arrest illustrates this point well.
The FBI suspected that Hammond might be part of the LulzSec hacker group, which went on a digital crime spree in 2011. Specifically, they suspected he might go by the pseudonym “sup_g” in an online chat room. They set up physical surveillance of Hammond’s apartment in Chicago, watching what servers he connected to from his Wi-Fi network. An FBI affidavit states that “a significant portion of the traffic from the Chicago Residence to the Internet was Tor-related traffic.” The FBI used a low-tech traffic correlation attack to confirm that Hammond was indeed “sup_g.” When Hammond left his apartment, Tor traffic stopped flowing from his house and “sup_g” logged out of chat. When he came back home, Tor traffic started flowing again and “sup_g” appeared back online. Because he was already a prime suspect, Tor didn’t protect his identity.
Tor isn’t magic; it’s a tool. The human using it still needs to know what they’re doing if they wish to remain anonymous.
There’s another caveat to all of this. If Juliet’s computer is hacked, the hacker will be able to know exactly what she’s doing on it. Same with Romeo. You can encrypt as much as you want and bounce your encrypted traffic around the world to your heart’s content, but if an attacker can read your keystrokes as you type them and see exactly what’s on your screen, you can’t hide from them.
It’s extremely difficult to prevent your computer from getting hacked if you’re the target of an attacker with resources. You can lower your risks of getting hacked by using a separate device that you only use for secure communication, because the computer you use for all your daily activities has far more opportunities to get hacked.
Another option is to use Tails for private conversations. Tails is an entirely separate operating system that you install on a USB stick and that can be used safely even if your normal operating system has been hacked. While Tails can give you a much higher degree of security when communicating privately online, it is a very advanced tool. New users will likely spend many frustrating days troubleshooting, especially if they aren’t already comfortable with Linux.
For most users it’s perfectly fine to use your regular operating system to have private conversations online despite the risk of getting hacked; it’s certainly preferable to giving up and leaking metadata that you shouldn’t leak. It’s also much more convenient, and is an easy way to get started if you just casually want some privacy and nothing serious is at stake.
When you want to have a private conversation with someone online, it’s not always clear how to start. If you can meet in person, establishing your private communication channel is simple: Just trade usernames, chat servers, and OTR fingerprints (more on this below) when you meet up.
Meeting in person is often not possible. You might be too far away, or one side of the conversation might wish to remain anonymous from the other side. And even if you want to meet in person, how do you communicate this online to begin with while still hiding the fact that you’re communicating with this person at all?
To initiate first contact with Romeo, Juliet needs to create an anonymous secret identity that she uses just to make first contact with Romeo’s public identity. She could email Romeo from an anonymous email address. Most free email services require new users to provide a phone number to make an account, and some block Tor users altogether, which makes creating an anonymous account annoying. She could also make an anonymous social media account and use it to contact Romeo’s public account.
If possible, she should encrypt the first contact messages that she sends to Romeo. It’s much more straightforward to do this if Romeo publishes a PGP key. At The Intercept all of our journalists publish our PGP keys on our staff profiles. If you’re a source wanting to make first contact with a journalist that works for an organization with SecureDrop, you could use that to make first contact without having to worry about making new accounts anonymously or dealing with PGP keys. The Intercept uses SecureDrop.
When she makes first contact, Juliet should tell Romeo what chat server she has made an account on, what her username is, what her OTR fingerprint is, and what time she’ll be waiting online. She might also need to give Romeo instructions for getting set up himself, perhaps linking to this article.
When Juliet and Romeo are both anonymously logged into secret identity accounts and are having an OTR-encrypted conversation, they’re almost there. Depending on how Juliet made first contact, a close look at Romeo’s email or social media accounts might reveal the username of Juliet’s secret identity — she had to tell it to him somehow, after all. It could be possible for investigators to work from there to uncover Romeo’s secret identity as well.
To prevent anything like this from happening, it’s a good idea for Juliet and Romeo to burn these chat accounts and move onto new ones, leaving no trails behind. Indeed, whenever Juliet and Romeo feel like it makes sense, they should abandon their old chat accounts in favor of new ones, complete with new OTR keys. There are hundreds of public chat servers, and making new accounts costs nothing.
Now that you understand the operational security theory behind maintaining secret identities, it’s time to actually practice.
This might sound daunting, but I’m confident you can do it. Just follow these step-by-step instructions for Mac OS X, Windows, Linux, and Android. (Unfortunately there’s no way to connect to chat servers anonymously on iPhones.) Try practicing with it a friend first.
I’ve been discussing “chat servers,” but what I actually mean is Jabber (also known as XMPP) servers. Jabber is an open protocol for real-time chat – it’s not a specific service in the way that Signal, WhatsApp, or Facebook is. It’s a decentralized and federated service, kind of like email. I can send an email from my @theintercept.com address to your @gmail.com address, because The Intercept‘s and Gmail’s email servers rely on the same standard protocol.
Similarly, anyone can run a Jabber server, and many organizations do, including Calyx Institute, Riseup, Chaos Computer Club, and DuckDuckGo, to name a few. There are hundreds of other public Jabber servers. Many organizations run private Jabber servers for their employees, including The Intercept‘s parent company First Look Media (firstlook.org). The chat service HipChat is powered by Jabber under the hood, and its competitor Slack offers a Jabber gateway.
Since Jabber is decentralized, [email protected] (this is a Jabber account, not an email address) can chat with bor[email protected] But if both sides of a conversation — both Romeo and Juliet, in our example — use the same server for their Jabber accounts, they’ll leak less metadata about their conversations. Messages will stay within in the same server rather than getting sent over the internet.
Unlike email, most Jabber servers let anyone create accounts using Tor, and don’t require that you provide any identifying information at all. In fact, many Jabber servers run Tor hidden services to make it so Tor users can connect without having to leave the Tor network at all. That is quite an advanced topic, however, and to keep it simpler I won’t use hidden services in the tutorials below.
Off-the-Record (OTR) is an encryption protocol that can add end-to-end encryption to any chat service, including Jabber. In order to have an encrypted chat, both sides of the conversation need to use chat software that supports OTR. There are several options, but the tutorials below will use Adium for Mac users, Pidgin for Windows and Linux users, and ChatSecure for Android users. ChatSecure is also available for iOS, but using it with Tor isn’t fully supported on an iOS device.
If you’re planning on setting up your secret identity chat account in Android, skip straight down to the Android section. ChatSecure for Android has great built-in support for creating anonymous throw-away secret identity accounts.
For everyone else, stop. Download and install Tor Browser. Open it, and load this article in that browser instead of the one you were using. You’re using Tor now? Good. This is an important step because I don’t want you to leave your real IP address in the web logs of every Jabber server you’re considering using – that would be a clue that could later be used to deanonymize your secret identity.
There are hundreds of Jabber servers to choose from. You can find lists of some of the public Jabber servers here and here. Which should you choose?
The server won’t know who you are (you’ll connect using Tor) or what you’re saying (you’ll use OTR to encrypt your messages), so you don’t need to trust it. Still, you might want to pick one that you think is unlikely to hand over logs to your government, and that is happy with Tor users making secret identity accounts.
The most common way that people create Jabber accounts is directly through their chat software. While it’s easy to configure chat programs to use Tor when you login to your account, it’s difficult to make sure it uses Tor when creating new accounts (unless you’re using Tails, in which case you don’t have to worry because all your traffic uses Tor). Because of this, I recommend that you choose a Jabber server that lets you create a new account on their websites, so you can do it from Tor Browser instead of your chat program.
Here are a few Jabber servers that you can create new accounts on using Tor Browser, chosen at random from the public lists: ChatMe (based in Italy), CodeRollers (based in Romania), Darkness XMPP (based in Russia), KodeRoot (based in the U.S.), Jabber.at (based in Austria), Hot-Chilli (based in Germany), XMPP.jp (based in Japan), and the list goes on and on.
Ready to get started? Pick a Jabber server. Make up a username that’s not associated with your real identity in any way. Make up a password that you don’t use for anything else.
Create a Jabber account using Tor Browser. Now keep note of the server you created it on, your username and your password, and move on to the next sections for Android or Mac OS X or Windows and Linux.
(There is no guide for iOS because, although ChatSecure for iOS has experimental support for Tor, the developers don’t recommend people rely on it for their anonymity until it has been further audited by security experts.)
If you haven’t already, create a new Jabber account using Tor Browser by following the instructions in the “Choosing a Jabber server” section above. Make sure you know which Jabber server you created your account on and what your username and password are.
For this example, I created a Jabber account on the server xmpp.jp with the username “pluto1”.
Download and install Adium, which is a Mac chat program that supports OTR encryption.
Make sure Tor Browser is open. While Tor Browser is open, a Tor service will be running in the background on your computer. When you close Tor Browser, the Tor service stops running. This means every time you wish to connect to your secret identity Jabber account you must have Tor Browser open in the background or Adium simply won’t connect. Go ahead and open Tor Browser and keep it open for the rest of this tutorial.
Open Adium. The first time you open it you’ll see the Adium Assistant Wizard. Close this window – we’ll manually add an account so we can have access to advanced settings.
With the Contacts window selected, click Adium in the menu bar at the top and choose Preferences. Make sure the Accounts tab at the top of the window is selected. Click the “+” button in the bottom left to add a new account, and select “XMPP (Jabber)” from the dropdown.
A new dialog will appear that lets you configure an account.
Before doing anything else, switch to the Proxy tab. Check “Connect using proxy” and choose “SOCKS5” from the dropdown list. In the Server field type “127.0.0.1” and in the Port field type “9150”. Choose a unique username for this account and type anything in password field. These settings will ensure that Adium only connects to this account using Tor. The username and password fields are optional, but if you use them Tor will choose different circuits for this account in Adium than it will for everything else, which increases your anonymity.
Switch to the Privacy tab. Under the “Encryption” dropdown change “Encrypt chats as requested” to “Force encryption and refuse plaintext”.
Switch to the Options tab. Change what’s listed in Resource (by default the name of your computer) to “anonymous”. Also, under Security check “Require SSL/TLS”.
Now switch back to the Account tab. Type your Jabber ID. My username is “pluto1” and my Jabber server is “xmpp.jp”, so my Jabber ID is “[email protected]”. Type your password, and click OK to try connecting to this account when you’re done.
Adium should now attempt to connect to your secret identity account over Tor. If all goes well, it should list your new account and say “Online”.
You are now anonymously connected to your secret identity account using Tor. The next step is to set up an OTR encryption key. Each person who wishes to use OTR needs to generate their own key, which is a file that gets stored locally on the device you use for chatting. Each key has a unique string of characters called a fingerprint associated with it – no two keys share the same fingerprint.
Let’s create your OTR key. With the Contacts window selected, click Adium in the menu bar and choose Preferences. Go to the Advanced tab, and click on Encryption in the left sidebar. Select your secret identity account and click the Generate button to generate a new encryption key. When it’s done you’ll see your new OTR fingerprint.
In this example, I just created a new OTR key for my [email protected] account with the fingerprint C4CA056C 922C8579 C6856FBB 27F397B3 2817B938. If you want to have a private conversation with someone, tell them your Jabber username and server as well as your OTR fingerprint. After they create an anonymous Jabber account and an OTR key, get them to tell you what their username, server and fingerprint are too.
Once you start an encrypted conversation with them, you will be able to see their fingerprint and they will be able to see your fingerprint. If the fingerprint they gave you matches the fingerprint you see in Adium, you can mark that contact as trusted. And if the fingerprint you gave them matches the fingerprint they see in their chat program, they can mark you as trusted.
This step is confusing, but also important. If the fingerprints don’t match, this means that someone is attempting a man-in-the-middle attack against you. If this happens, don’t mark the contact as trusted and try again later.
I’m trying to have a private conversation with my friend. They told me their Jabber account is [email protected] and their OTR fingerprint is A65B59E4 0D1FD90D D4B1BE9F F9163914 46A35AEE.
Now that I’ve set up my pluto1 account, I’m going to add pluto2 as a contact. First I select the Contacts window and then click the Contact menu bar at the top and choose Add Contact. I set Contact Type to XMPP, and enter “[email protected]” as their Jabber ID. Then I click the Add button to add them as a contact.
When you add a Jabber contact you can’t immediately tell if they’re online or not. First you need them to consent to let you see their status. So now I need to wait for pluto2 to login and approve my contact request.
Oh good, pluto2 has authorized me to see when they’re online, and is asking if I allow them to see when I’m online. I’m selecting the their contact and clicking the Authorize button.
Now that I have added pluto2 as a contact the first time, they will appear on my contact list when they’re online. Now all I need to do is double-click on their name to start chatting with them.
I double-clicked on the pluto2 contact and typed “hi”.
Before it sent my message, Adium started a new OTR encrypted session. Notice that it says “[email protected]’s identity not verified.” This means that while we have an encrypted chat going on, I can’t be 100% confident that there isn’t a man-in-the-middle attack going on.
It also popped up an OTR Fingerprint Verification box. Does the fingerprint that pluto2 gave me match the fingerprint that I see in that box?
I’m comparing the fingerprint pluto2 gave me earlier with what Adium is telling me pluto2’s fingerprint is, one character at a time. Let me see… yup, they’re the same. This means that there is not an attack on our encryption, and I can safely click Accept. If I didn’t have pluto2’s OTR fingerprint, I would ask pluto2 what it is using an out-of-band method (not using this chat, since I don’t know if this chat is trustworthy yet) and then verify that they match. If I don’t have time for that now, I would click Verify Later.
You only have to do this verification step the first time you start an encrypted conversation with a new contact. If I login tomorrow and start a new conversation with pluto2, it should just work and be considered trusted.
And that’s it. To recap: We have created an anonymous Jabber account using Tor. We have configured the chat program Adium to login to this account over Tor, and we have made a new OTR encryption key for this account. We have added a contact to this account, and verified that their OTR fingerprint is correct. And now we can start chatting with them with an extraordinarily high degree of privacy.
If you haven’t already, create a new Jabber account using Tor Browser by following the instructions in the “Choosing a Jabber server” section above. Make sure you know which Jabber server you created your account on and what your username and password are.
For this example, I created a Jabber account on the server wtfismyip.com with the username “pluto2”.
Windows and Linux instructions are in the same section because you’ll use the same piece of software, Pidgin. The steps are nearly identical for both operating systems, but I’ll point out where they differ.
If you’re using Windows, download and install Pidgin, and then download and install the OTR plugin for Pidgin. Make sure Tor Browser is open. While Tor Browser is open, a Tor service will be running in the background on your computer. When you close Tor Browser, the Tor service stops running. This means every time you wish to connect to your secret identity Jabber account you must have Tor Browser open in the background or Pidgin simply won’t connect. Go ahead and open Tor Browser and keep it open for the rest of this tutorial.
If you’re using Linux, install the packages pidgin, pidgin-otr, and tor. In Ubuntu or Debian you can do this by typing “sudo apt-get install pidgin pidgin-otr tor” into a terminal, or by using the Ubuntu Software Center. Because you’re installing Tor system-wide in Linux, there’s no need to worry about keeping Tor Browser open in the background like in Windows or Mac OS X.
Open Pidgin. The first time you run it you’ll see a “Welcome to Pidgin!” screen. Click the Add button to add your secret identity account (if you already use Pidgin, you can add a new account by clicking the Accounts menu in the Buddy List window and choose Manage Accounts).
You should be at the Add Account window. Before you do anything else, switch to the Proxy tab. Set the proxy type to “Tor/Privacy (SOCKS5)”. In the Host field type “127.0.0.1”, and in the Port field type “9150” if you’re using Windows and “9050” if you’re using Linux. Choose a unique username for this account and type anything in password field. These settings will ensure that Pidgin only connects to this account using Tor. The username and password fields are optional, but if you use them Tor will choose different circuits for this account in Pidgin than it will for everything else, which increases your anonymity.
Switch back to the Basic tab. Under Protocol select “XMPP”. In the Username field type your username (mine is “pluto2”). In the Domain field type your Jabber server (mine is “wtfismyip.com”). In the Resource field type “anonymous”. In the Password field type your password, and optionally check the remember password box. When you’re all set, click the Add button.
If all goes well, you should see a Buddy List window with the status “Available”.
You are now anonymously connected to your secret identity account using Tor. The next step is to set up an OTR encryption key. Each person who wishes to use OTR needs to generate their own key, which is a file that gets stored locally on the device you use for chatting. Each key has a unique string of characters called a fingerprint associated with it – no two keys share the same fingerprint.
Let’s create your OTR key. In the Buddy List window, click the Tools menu and choose Plugins. You should see “Off-the-Record Messaging” as one of the plugins. Make sure you check the box next to it to enable it.
With “Off-the-Record Messaging” selected, click the Configure Plugin button. Select your secret identity account and click the Generate button to generate a new encryption key. When it’s done, you’ll see your new OTR fingerprint. While you’re at it, check the “Require private messaging” box.
In this example, I just created a new OTR key for my [email protected] account with the fingerprint A65B59E4 0D1FD90D D4B1BE9F F9163914 46A35AEE. If you want to have a private conversation with someone, tell them your Jabber username and server as well as your OTR fingerprint. After they create an anonymous Jabber account and an OTR key, get them to tell you what their username, server and fingerprint are too.
Once you start an encrypted conversation with them, you will be able to see their fingerprint and they will be able to see your fingerprint. If the fingerprint they gave you matches the fingerprint you see in Pidgin, you can mark that contact as trusted. And if the fingerprint you gave them matches the fingerprint they see in their chat program, they can mark you as trusted.
This step is confusing, but also important. If the fingerprints don’t match, this means that someone is attempting a man-in-the-middle attack against you. If this happens, don’t mark the contact as trusted and try again later.
I’m trying to have a private conversation with my friend. They told me their Jabber account is [email protected]
Now that I’ve set up my pluto2 account, I’m going to add 0060e404a9 as a contact. From the Buddy List window I click the Buddies menu and choose Add Buddy. I type “[email protected]” as the buddy’s username and click the Add button.
When you add a Jabber contact you can’t immediately tell if they’re online or not. First you need them to consent to let you see their status. So now I need to wait for 0060e404a9 to login and approve my contact request.
Oh good, 0060e404a9 has authorized me to see when they’re online, and is asking if I allow them to see when I’m online. I click the Authorize button.
Now that I have added 0060e404a9 as a contact the first time, they will appear in my buddy list when they’re online. Now all I need to do is double-click on their name to start chatting with them. I double-clicked on the 0060e404a9 contact and typed “hi”.
Before it sent my message, Pidgin started a new OTR encrypted session. Notice that it says “[email protected] has not been authenticated yet. You should authenticate this buddy.” You can also see the yellow word “Unverified” in the bottom-right part of the window. This means that while we have an encrypted chat going on, I can’t be 100% confident that there isn’t a man-in-the-middle attack going on.
Click on “Unverified” and choose “Authenticate buddy”. The Authenticate Buddy window offers three ways to authenticate, “Question and answer”, “Shared secret”, and “Manual fingerprint verification”. Choose the latter to view the fingerprints of both sides of the conversation.
While “Question and answer” and “Shared secret” are useful, I’m not going to go into how they work.
This contact’s OTR fingerprint appears to be 6F3D8148 DA029CDA 23C92CF7 45DA09C5 ED537DC4. Before continuing, I want to confirm that this is actually their fingerprint by contacting them out-of-band (not in this chat window, since it’s not trustworthy yet) to ask them.
Let’s see… they told me their fingerprint, and after comparing it one character at a time with what Pidgin tells me their fingerprint is, yup, this is their correct fingerprint. This means that there is not an attack on our encryption, and I can safely change “I have not” to “I have” and click Authenticate. Now the status of this conversation is “Private” instead of “Unverified”.
You only have to do this verification step the first time you start an encrypted conversation with a new contact. If I login tomorrow and start a new conversation with 0060e404a9, it should just work and be considered private.
And that’s it. To recap: We have created an anonymous Jabber account using Tor. We have configured the chat program Pidgin to login to this account over Tor, and we have made a new OTR encryption key for this account. We have added a contact to this account, and verified that their OTR fingerprint is correct. And now we can start chatting with them with an extraordinarily high degree of privacy.
Open the Google Play app and install Orbot, which is Tor for Android. Open the app and long-press the giant button in the middle to connect to the Tor network. You’ll need to be connected to Tor before you can configure your Jabber account.
Now open the Google Play app and install ChatSecure, which is a Jabber app that supports OTR encryption. The first time you open ChatSecure you’ll be presented with the option to set a master password. It’s a good idea to choose one unless you know what you’re doing. You’ll need this master password every time you start the ChatSecure app and connect to your anonymous account. If you want extra security, consider using a high-entropy passphrase for your master password.
Now swipe to the right until you get to the “Secret Identity!” page and tap the Add Account button.
ChatSecure will automatically create a new secret identity Jabber account for you over Tor. For me, it chose the username 0060e404a9 on the server jabber.calyxinstitute.org. Tap on your username to get to more details about it.
Tap the Advanced Account Options button, and change Chat Encryption to “Force / Require”.
You are now anonymously connected to your secret identity account using Tor.
Each person who wishes to use OTR needs to generate their own key, which is a file that gets stored locally on the device you use for chatting. Each key has a unique string of characters called a fingerprint associated with it – no two keys share the same fingerprint.
If you want to have a private conversation with someone, tell them your Jabber username and server. ChatSecure doesn’t create an OTR encryption key for you until you start your first encrypted conversation, so if this is a new account you won’t be able to tell them your fingerprint in advance.
After they create an anonymous Jabber account, get them to tell you what their username and server are too. Once you start an encrypted conversation with them, you will be able to see their fingerprint and they will be able to see your fingerprint.
At this point, use an out-of-band method — meaning, not involving typing to them in this chat, but through some other communication channel — to tell them what your OTR fingerprint is, and have them tell you what their OTR fingerprint is.
If the fingerprint they gave you matches the fingerprint you see in ChatSecure, you can mark that contact as trusted. And if the fingerprint you gave them matches the fingerprint they see in their chat program, they can mark you as trusted in their chat program.
This step is confusing, but also important. If the fingerprints don’t match, this means that someone is attempting a man-in-the-middle attack against you. If this happens, don’t mark the contact as trusted and try again later.
I’m trying to have a private conversation with my friend. They told me their Jabber account is [email protected] and their OTR fingerprint is 71863391 390AF4A8 D5692385 5A449038 7F69C09C.
Now that I’ve set up my 0060e404a9 burner account, I’m going to add pluto1 as a contact. In ChatSecure, I tap the “+” icon in the top-right and select “Add Contact”. I type [email protected] as their Jabber ID and tap the Send Invite button.
As soon as I add a new contact, ChatSecure lets me send them a message. But it’s better to wait until you’re sure the other person is online before contacting them. Both me and pluto3 need to be online at the same time to start an OTR encrypted conversation.
When you add a Jabber contact you can’t immediately tell if they’re online or not. First you need them to consent to let you see their status. So now I need to wait for pluto3 to login and approve my contact request.
Oh good, pluto3 has authorized me to see when they’re online, and is asking if I allow them to see when I’m online. I tap the Yes button.
Now that I have added pluto3 as a contact, I will be able to see when they’re online and send them messages. Notice that the lock in the top-right corner is currently unlocked, which means that OTR encryption isn’t being used yet. I’m going to tap the lock icon and choose Start Encryption.
Notice that the lock is closed, but has a question mark in it. I’m going to tap the lock again and tap Verify Contact.
I check pluto3’s OTR fingerprint on my screen against what they gave me initially, and good, the fingerprints match. This means that there is not an attack on our encryption.
My own OTR fingerprint is listed there as well. At this point I should tell me contact, using an out-of-band channel, what my fingerprint is so they can verify it on their end.
I tap the Manual button to manually confirm that the fingerprints match, and the question mark inside the lock icon changes to a green check mark.
You only have to do this verification step the first time you start an encrypted conversation with a new contact. If I login tomorrow and start a new conversation with pluto3, it should just work and be considered trusted.
And that’s it. To recap: We have installed Orbot and connected to the Tor network on Android, and we have installed ChatSecure and created an anonymous secret identity Jabber account. We have added a contact to this account, started an encrypted session, and verified that their OTR fingerprint is correct. And now we can start chatting with them with an extraordinarily high degree of privacy.
Photo: Courtesy of Tor Project
Correction: The first version of this article said that there was no way to use Jabber and OTR with Tor on iOS. ChatSecure for iOS actually has experimental support for Tor. July 16 2015 12:51pm ET
Good read, Micah. Can you emphasize some bulletpoints why to use tor if yout have ort and maybe vpn running too?
Micah, your article says to use “sudo apt-get install pidgin pidgin-otr tor” on Ubuntu or Debian systems. However, the Tor Project specifically recommends not to install Tor from Ubuntu’s universe repository:
“Do not use the packages in Ubuntu’s universe. In the past they have not reliably been updated. That means you could be missing stability and security fixes.”
– https://www.torproject.org/docs/debian.html.en
That page gives instructions for manually adding the Tor repo and signing key before using “sudo apt-get install tor”. Perhaps you could include this in the article or at least as a footnote link (I realize the steps on that page are rather complicated for many people and you’re probably trying to keep this article simple).
Indeed, right now the Universe repo has the outdated Tor 0.2.5.10, whereas the latest in the 0.2.5 series is 0.2.5.12 and the Tor repo has 0.2.6.10.
On Debian, users who don’t manually add the repo may not receive the latest stable Tor version, but they’ll still receive security updates, so it’s less of a concern there.
Thanks
ahoy342, arguably you’re probably better off grabbing the TBB (it fully supports obfs, socks proxying, etc, just as the base tor package does in the same manner, same ports, while giving you a decent browser to use as well; it also informs you of updates immediately). While arguably deprecated, most users are probably better off also grabbing vidalia if they don’t get TBB; most users are better off with TBB.
There are some DNS considerations and other minor problems in either solution (just running tor on your client, or grabbing TBB on the whole (one reason the Tor Browser + Chat package was discontinued) but these can be (more or less) remedied by choosing a jabber server that provides a hidden service address instead of (or in addition to, but you need to manually set the server to only the hidden onion address in the configuration page instead of the server’s fqdn in the client for the account) thus bypassing your system’s name resolution/etc.
Generally speaking, probably the better choice is to use Tails to chat (even if that means running it in VirtualBox), or Whonix (which requires two instances of VBox, but is more watertight) in order to prevent leaks.
This is in regards to ubuntu and debian specifically.
I say this because what you’re grabbing from repo is tor, which on the tor project pages is generally basically considered the ‘expert package’, not TBB. Most users will want more than that; it’s pretty unfriendly for the non-tech-savvy.
Onion Pi. FlashRouters. Home made PC or small computer as gateway to TOR or VPN (or both).
All your devices will then connect through it, including iPads and iPhones.
Can’t we just use wickr or signal? These two apps apparently are quite secure and certainly fall within the domain of the title of this article.
Do you value your metadata or your telephone number’s privacy? Do you want either of those connected to all of your conversations? Do you want third parties to have data that the government can access without (or with) warrants? Other stuff too, but that’s where I’d start by suggesting you not use stuff like wickr for any sort of ‘secret’ chatting.
One of the good things about jabber is it’s decentralised, and a lot of servers aren’t on American soil — nor are they generally run by commercial organisations; no profit motive; generally no message storage if you pick a good jabber server that respects user privacy.
Signal and Wickr are easy-to-use end-to-end encryption apps, but because they’re centralized services without an easy way to connect to them anonymously, you have to trust them with your metadata. This is fine for most day-to-day communication — I especially like Signal because of how transparent they are, with open source software and a commitment to reduce logging on their server to the bare minimum. But in the end, you still are putting your trust in a service. If you use Tor/Jabber/OTR, you ultimately don’t need to trust anyone, and you have a stronger guarantee of anonymous, private communication.
Nice article. I would like to see an in depth article on anonymous remailers as I believe this is one of the easiest ways to have an anonymous presence on the internet. I personally use use alt.anonymous.messages as my inbox with Quicksliver AAM. I also run an anonymous remailer which is hosted in Europe as my gift to the anonymity community.
It’s nice to know how to setup OTR and Pidgin, but it’s much easier to use Cryptocat.
If you want to chat I can be found on alt.privacy.anon-server
Cryptocat has a bad history of poorly implementing crypto.
There is a response from Milde Sahne that addresses your concerns about Cryptocat. If his information is out of date can you provide a more up to date reference that exposes “poorly implementing crypto”?
A response? Are you referring to his cut and paste from a Wikipedia page? The one where he left off the parts with problems in the past? Because that wasn’t a response to me, nor did it address my concerns about Cryptocat. ‘History of poorly implementing crypto’ is proven and any web search will show it. As will his Wikipedia page (he left that part out, but it’s in there too).
If you want to discuss current issues, that’s a different conversation entirely.
I was able to find this detailed audit https://nabla-c0d3.github.io/documents/iSEC_Cryptocat_iOS.pdf that was done in 2014 and I’m still trying to find out what mitigation was done resolve the issues identified in this report. I have used the Firefox application and don’t know if the issues raised in this report apply across the board to all OS’s, but it’s an eye opener on the complexity of getting this “stuff” right.
In general, the weakest link is the medium (which is to say the application, and usually that application’s library implementations) which is why it’s generally considered best practice to keep the codebase as slim as possible — because the fewer the opportunities to insert flaws, the (a) easier they are to find, and (b) the harder they become to take advantage of.
This usually translates most easily for people as ‘keep your private chat to the smallest app footprint possible’. Most people aren’t really about to go set up something like bitlbee with OTR (probably the smallest footprint available to use that’s had decent open-source auditing). Stuff like Pidgin and its ilk localise and minimise exposure to third party finagling by making its app do precisely what it’s supposed to do — act as a chat app, and nothing more (and I say this despite the crap that is libpurple, because in general from an auditing perspective there have been few ways to actually actively exploit it meaningfully — and many very good people have tried (which isn’t to say it can’t be done, by any means).
@tqbf and Matt Green had a pretty decent conversation about libotr/otr on Twitter recently which I think might serve as a good demonstration of how easily it is for people to disagree (and be proven right/wrong, in order of the participants) on stuff like chat crypto implementation and security. It’s more a good example of how people often think they can make informed guesses about things than a specific example about pidgin, but it always is good to remember even the people people call ‘experts’ can be wrong sometimes.
tl;dr, though, in general any time you involve your browser in your crypto you’re asking for trouble — and that’s not including cryptocat’s massively botched up crypto implementation errors before it switched to using OTR. I’d also point out that since you’re basically relying on a site that’s “in the middle” while you may have encryption (and I haven’t audited it in over a year, so I don’t know how well that is implemented any more), you are also creating a trail.
It’s possible using cryptocat as a one-off emergency solution is acceptable. It’s possible it’s moderately acceptable in comparison to certain other things, like chit-chat about random stuff you just don’t want random other people to see. But there’s no way in the world I’d use it if I were the target of anybody technologically formidable except in the case of a one-off emergency from a well-proxied connection I wouldn’t usually connect from.
It’s possible that this is a someone obsessive take, but I never said DO NOT USE CRYPTOCAT to the Wikipedia paster. I said not to recommend it. I do make a distinction. And I have reasons for saying people oughtn’t recommend it that go further than what I’ve said in this response.
On another topic entirely, with regards to your use of Usenet, aren’t you concerned about the personal fingerprint of your method, especially now that you’ve basically said how you’re doing things? Re: Anonymous remailers I have for a while now been expecting something sort of like http://dee.su/cables to gain some traction but it hasn’t yet. Truly anonymous messages/mail is a difficult problem to solve on a large scale. I was a big fan of anonymous remailers back in the late 90s. Nice to know some still exist.
Useful Idiots thanks for the detailed response. I have no dog in the fight on whether one should or should not use Cryptocat. However, I think you have made very valid points on why one should only use it in a crunch.
With respect to my use of Usenet as my inbox, no I’m not concerned about my personal fingerprint as I have many aliases to choose from and like the ease of creating a nym via Quicksilver AAM and sending out anonymous emails using Quicksilver Lite which uses mixmaster to funnel your correspondence through several remailers before it reaches its final destination. Also, there’s nothing for me to be concerned about as I am a law abiding citizen who just has a concern about my government doing things that are not granted in the Constitution.
I also wanted to say that there is no way of me leaving my fingerprint on alt.anonymous.messages as I use encrypted subjects so all of my messages will not only be encrypted but the subjects will also be encrypted. One will ask how do I find my messages on AAM? The answer is that I use a program call Quicksilver AAM that scans all the subjects on AAM and will ONLY add a message to my inbox, if the hash matches what what I have setup in QAAM.
If the hash for the subject matches I then need to decrypt the message with my Private GPG key. So there is no fingerprint left on AAM as my email address nor the subject are exposed in the clear, unless I want them to be exposed.
By fingerprint I meant more that it’s not highly common — it doesn’t easily blend. And the minute you make information about how you transmit ‘secret’ messages public, you lose any advantage you might have (assuming access to server logs). I may or may not have used a system like that in the past but not in a centralised way.
That’s part of why I asked what you think about cables and decentralised messaging though. While the content in your method can’t be readily read, it’s fundamentally maybe less ‘private’ than just using a pastebin — and it’s pretty much leaving a permanent trail, unless I’m misunderstanding. A lot can be inferred from your method.
I’m not suggesting you have super secret terrible things to discuss; I’m just wondering if you’ve thought about the negative aspects of your method (there’s negative aspects to every method).
Moody Blues “New Horizons”
T.I., “Dead and Gone”
? …I guess if you really believe that you’ll have more free time for elsewhere, anyway. Still appreciating the chicken long-rice suggestion though, and it’s part of my SnowMann Day dinner plan.
It’s not about free time elsewhere. Part of it is principle and sticking to it. Part of it is
“What’s Up”, 4 Non-Blondes.
U2, “Running To Stand Still” :(
Nice article. I’m glad to see the author participating in comments section. What’s your take in FVEY automating end point exploitation? How does OTR stand against that?
Like I said in the “Endpoint security” section above, if you get hacked OTR can’t help you. For this to work, you have to not get hacked. Fortunately FVEY doesn’t automatically hack everyone they can — there’s far too much risk of getting caught and wasting their limited supply of exploits.
hello!
what’s the onion address of this clearnet website?
We don’t currently run a Tor hidden service for the Intercept, but we might some day.
I’ve tried to comment many time through a Yopmail account and my comments are never published. Strange for an org that says it values privacy, to prevent people from using anonymous email.
Make an email up that’s not. Well, unless that becomes banned or criminal. It also doesn’t seem to let Tor or proxy users comment (like, often, it never shows up at all). So you can’t really comment and be semi-anonymous, no.
We fully support commenting using anonymous email addresses and from Tor. If your comment didn’t go through it probably got stuck in the moderation cue for being confused with spam.
How we gonna be sure this article isnt written by who wants monitor us? How we going understand this softwares are working somehow or not? Sorry I am not expert about those stuff but I care my privacy. Thanks
These are good questions. It’s always good to look out for snake-oil security products, or worse, products that actively spy on you. All of the tools I recommend in this post (Tor, Adium, Pidgin, ChatSecure) are open source encryption projects. While that doesn’t mean they’re perfect, it does mean that have a much greater degree of transparency compared to proprietary security tools. The best way to be sure about security advice is to find some voices you trust and do your own research on tools you’re considering using.
Micah, one flaw in this manual: You say one should reopen this page through tor, if one is not already accessing it via tor. This makes users vulnerable to de-anonymization via correlation. Right now the risk is pretty low, since many people are reading the same article — you blend in with other users. Once only a couple of people access this article per day, it will be possible to de-anonymize users: let’s say someone without tor visits it on August 19th, 5.26pm and then a connection from a tor node is made at 5.38pm. Then this strongly indicates that the two users must be the same.
(Note that HTTPS encryption is not enough to prevent this. In theory HTTPS masks which page of a certain website you are accessing (i.e. which Intercept article you are reading)… such that you “blend in” with all the other Intercept readers. However, it is possible to correlate using the amount of data transferred).
Great tutorial though! :)
This is the sort of thing kids ought to be learning in computer camp.
I’d rather kids learn that the boogie man is gonna get you if you stalk and harass people online. I see so much talk about bringing computers into the classroom — I don’t understand why Computer Ethics isn’t taught til university, and even then it’s generally later in a degree and a course with only a couple of hours a week.
We need Computer Ethics to be a class that kids take, now, on an ongoing basis, considering their exposure to technology at such early ages, starting from pre-school.
(The sad in me wishes to point out as a matter of course that kids should never need to have to learn stuff like this in the first place — attempting to fix the problem is better than any limited attempts at a solution that can always be attacked with an adversary with enough access and/or resources.)
what license is this released under? may i copy this and host it elsewhere? this is a great tutorial and I want to maximise access to this.
Great work. This tutorial is great. The more people we can get to encrypt their communications, the better. Your new site design looks sleek and works well. Thank you.
Fantastic article.
Thank Mr Lee.
You the man for all reasons.
.
Concerning virtual keyboards is Kaspersky virtual safe?
..
I love the new look fisrstlook.
Cheers and appreciation
Jimmy.
Also check out Cryptocat, if you’re in a hurry.
https://crypto.cat/
Cryptocat is an open source web and mobile application intended to allow secure, encrypted online chatting.[2][3] Cryptocat uses end-to-end encryption and encrypts chats on the client side, only trusting the server with data that is already encrypted. Cryptocat is offered as an app for Mac OS X or as a browser extension for Google Chrome,[4] Mozilla Firefox, Apple Safari, Opera and as a mobile app for iPhone.
In June 2013, Cryptocat was used by journalist Glenn Greenwald while in Hong Kong to meet NSA whistleblower Edward Snowden for the first time, after other encryption software failed to work.[10]
Along with Threema and Surespot, Cryptocat was ranked first in a study evaluating the security and usability of instant messaging encryption software, conducted by the German PSW Group in June 2014.[12]
In November 2014, Cryptocat received a top score on the Electronic Frontier Foundation’s secure messaging scorecard, along with “ChatSecure + Orbot”, TextSecure, “Signal / RedPhone”, Silent Phone, and Silent Text. They received points for having communications encrypted in transit, having communications encrypted with keys the providers don’t have access to (end-to-end encryption), making it possible for users to independently verify their correspondent’s identities, having past communications secure if the keys are stolen (forward secrecy), having their code open to independent review (open source), having their security designs well-documented, and having recent independent security audits.[13]
Cryptocat uses the Off-the-Record Messaging (OTR) protocol for encrypted private messaging, allowing two parties to chat in private. Cryptocat also uses its own group messaging protocol to allow for group instant messaging conversations. Since Cryptocat generates new key pairs for every chat, it implements a form of perfect forward secrecy.[15] Cryptocat also offers encrypted file and photo sharing, allowing users to send documents and photos to each other using end-to-end encryption.
Please don’t encourage the use of cryptocat. It’s had a history marbled with terrible crypto faux pas and should never be considered secure.
‘step-step’ should ‘step-by-step’.
I noticed the new design and said
‘is this The Intercept?’ Well, they finally
changed the design, after 18 months of complaining.
After such a fine step-step article, too.It was clear and concise.There are not too many articles you can say that about.Not an extra word.
But, when I got to ‘comments’, all hell broke loose.Please bring the old design back again?
Pretty please?
I’m typing this on itty-bitty window, with large type.I can see only 2 lines.I’m not responsible for typo’s and words left out.
“Training” societies in tolerating interceptions
http://bit.ly/1aDqyIP
Shorteners to what might be sketchy sites isn’t nice. Full links are better.
Actually… sorry, I had hoped I could get over the design aspects and provide some actual technical advice but the new site is making it too hard to focus. I keep wanting to correct my comments. I’m saving this article. I’ll try to compose an actual riposte (not that I think it’ll matter) and point out some problems with your methodology (and potential solutions), Micah.
Still a bad solution, but better than this:
“Meeting in person is often not possible. You might be too far away, or one side of the conversation might wish to remain anonymous from the other side. And even if you want to meet in person, how do you communicate this online to begin with while still hiding the fact that you’re communicating with this person at all?
To initiate first contact with Romeo, Juliet needs to create an anonymous secret identity that she uses just to make first contact with Romeo’s public identity. She could email Romeo from an anonymous email address. Most free email services require new users to provide a phone number to make an account, and some block Tor users altogether, which makes creating an anonymous account annoying. She could also make an anonymous social media account and use it to contact Romeo’s public account.”
Is to add in the creation of two separate accounts. Use the first only to communicate to one another the second. Thoroughly vet the other person on the first account. Use it only once. Never reuse that first set of accounts, even to auth anyone else.
Help!
I’ve lost my BOLD, why isn’t the same type-size as article, will I ever see the answer? TI finally had the comment section right, then today, I find it gone, utterly gone?
Why not bring back the old comment-
system?
This is crazy!
Please explain a secure way to communicate these keys with a remote individual. I have no desire to send an email to someone with my information.
Short of meeting in person there is no ‘secure way’. The best you can do is the question/answer verify with something truly arcane and known only to the two of you (preferably in person and not available online) to do the verification process — and never reuse that Q&A. It’s not ‘secure’ but it’s better than the other options (unless you have GPG communiques with one another already).
The easiest way to securely exchange you OTR fingerprint is via GPG. You would send your GPG Public key to your remote user and they would send you their GPG Public key. There are many YouTube tutorials on how to setup GPG. I personally use Thunderbird if I want to send a non-anonymous encrypted email, but I can also “roll” my own anonymous email using Mixmaster and the anonymous remailer network.
If you are a Gmail user there is an Addon called Mailvelope which allows you to use GPG to encrypt your email without using Gmail’s compose window, so your email message is never exposed in the clear on Gmail’s servers.
For the necessarily overly paranoid, there can be problems with this, as you’re fundamentally trusting there has been no interception during that key exchange. That’s one reason keyservers can be useful (but they can be subverted too, if an opponent submits a key that may not be yours but suggests it is and uses it to communicate with someone else). This is usually what Cryptoparties are best used for — hand to hand, person to person exchange.
Arguably this isn’t *most* peoples’ problem, but it’d be irresponsible to suggest it’s across-the-board safe, because absent true verification you’re trusting the network. GPG is good for secret content. It’s not good for hiding that you’re sending secret content. Steganography may have a hand in making things less obvious, but there really is no perfect way to ensure you’re speaking with who you think you’re speaking with aside from doing that initial key exchange and fingerprint comparison face-to-face. It’s a long-standing problem in crypto and one that a lot of us have dedicated a lot of time to trying to solve. Out of band is the second best way, but to do out of band you need to have a pre-arranged way to do so that also couldn’t be intercepted.
As a few of us have said repeatedly, everybody’s threat model is different. And it has some wiggle room if you’re discussing plans for, say, meeting for lunch the next day to interview a babysitter; the danger is applying the same level of caution (or lack thereof) when you need more — or not knowing the difference.
Note to designers: The reason that people adopt an “oldest first” comment format, especially in reply threads, is the same reason that giant leaps were made in physics and astronomy when Copernicus suggested a heliocentric model: No epicycles. Along with Indic numerals, it brought Europe out of the Dark Ages.
This interface requires so much scrolling and searching just to find something again, as to be a near perfect implementation of the European Right to Forget.
Why do the replies now come out in the same LIFO format as the comments? It’s very confusing. Is it a tribute to reverse Polish notation?
H(X) = \sum_{i} P(X_i)\log_b\frac{1}{P(X_i}
(checking for MathJax)
Sorry, check should have read,
\[ H(X) = \sum_{i} P(X_i)\log_b\frac{1}{P(X_i} \]
To the interface designers: Please visit the page https://www.mathjax.org. Mathematics is often the most concise, precise way to communicate something, for instance, the above definition of Shannon entropy is a great aid for explaining what a high-entropy passphrase is. Other great uses include being able to write the occasional formula when explaining physics (e.g. global warming) or encryption (e.g. what an elliptic curve is, or what a discrete logarithm problem is).
It isn’t very difficult to put the capability into your comments or the rest of your pages, and it’s open source, can be accessed securely, and is free. The support for the open source includes thousands of users worldwide.
Something tells me that Romeo and Juliet will have a tragic ending. Still, it’s nice to think of them happily exchanging encrypted messages for the time being.
Only if they got caught.
Implication being that they will be.
Also, you force loads just to check for the # of comments. Final comment. Have a great day/life (depending on if you remove this scripting monstrosity). Final post. Wish you all the best.
PS: I especially love how you can’t click and open things in new windows or avoid loading all the stories or in any way manuever, too — even if I were willing to continue and enable scripting in a sandbox, this is just horrific.
Is Conversations, an alternative IM app on Android which is also open source ok instead of ChatSecure?
Still in heavy development, almost impossible to audit in any meaningful way (yet).
Only if you can configure it to connect over Tor, and it actually works. If you don’t want to use ChatSecure, you should also follow the “Choosing a Jabber server” instructions and create an account using Tor Browser from a service that supports web-based account creation.
The fact that you said ‘Only if you can configure it to connect over Tor, and it actually works’ is pretty disingenuous. It’s almost as if you didn’t even look at the app before you answered (which I’m guessing you didn’t) on the Tor aspect, and chose to fail insecure on the rest of it. Why would you do that?
Did you people seriously just require fucking scripting to load and comment?
I’m out of here. Bye.
We’re working on making commenting work again without javascript. Hang tight.
Micah, *THANK* you. You’re the ONLY person that’s replied. But the problem’s not only the commenting; js in general is not a nice thing to foist upon people — if you can, can you please emphasise this to those who might not have the technical knowledge necessary to make such a call or not understand the ramifications?
(Not that I believe I can really comment much with this format as it is now, anyway; I’m trying but it’s incredibly hard and winds up coming out jumbled, sloppy, multipartite and ruder than usual (probably because I’m on the verge of a migraine after about 10 minutes).
Please see my recent comments to Dan on the article about the redesign (as well as my other new comments there).
Honestly, if I were a security reporter there I’d probably threaten to walk out over something like this. I’m not suggesting you should… But I am suggesting you should be somewhat PO’ed.
So here’s a real world problem for you Micah. Suppose Juliet, under the handle Persephone, has set all this up, or reads through your article and considers setting all this up, in order to establish such a chat with Romeo, who uses the handle Kingfisher, who only know each other from the comments list at the end of a journalist named Wtfismyip’s column on TI. So she sets up her system and creates an anonymous secret identity just to make contact with Kingfisher and Kingfisher’s public account isn’t really Kingfisher’s public account, it’s Wtfismyip’s column, and boy is it public.
If Kingfisher makes his PGP key available to Persephone, then Persephone can use it, but so can Charon, Cerberus, Patrocles, Hector, and especially Orpheus, who at least part of the time inhabits the same neighborhood as Persephone, and is prone to singing and walking and never looking back to see if anyone is listening.
It of course can be done, by doubling up on all the methods you went through in the article, and Kingfisher needs to create a public key and email account that he will be throwing away after receiving the first message from Persephone, so that the new (or real) public key isn’t known to anyone who might want to send uninvited mail, and at least one party to the conversation will be known to the other commenters to be soliciting direct communication with somebody. Poetry can often be pretty high entropy as a way of communicating in front of an audience, but if all the communications between Romeo and Juliet have until this point been in front of the audience, entropy will be in the eye of the beholder.
But sometimes, what people need is precisely this kind of anonymity, and not necessarily the ability to evade spooks. There are quite a few other types of either privacy, confidentiality, or pseudonymity which have no real methodology for maintaining, unfortunately.
In my own case, there are certain things that I need to be assured will never be connected publicly, and I don’t really care who knows them as long as they aren’t. That turns out to be quite a bit to defend.
Perhaps Persephone can make a throwaway email account using Tor and then reply to one of Kingfisher’s comments saying, “Hey Kingfisher, can you send me an email to this address?” As soon as Kingfisher sends the email, she can reply with Jabber and OTR credentials. And as soon as they successfully have an anonymous encrypted session, they can both create new Jabber accounts and burn their old ones.
Of course Persephone runs the risk of an imposter emailing her, pretending to be Kingfisher. But if all these characters are just anonymous commenters on TI there’s no real way to verify identities anyway, or even tell that they’re not all the same person.
Ah, there’s the rub. From the point of view of the journalist writing the article, and the point of view of the kind of privacy tools we have, these commenters are just anonymous commenters anyway. But they’re anonymous for a reason, and that complicates the process when they shuffle off the pseudonymous coil.
And that’s my point exactly. Tor provides anonymity, your procedure of throwaway accounts provides forward secrecy. But they depend on a certain amount of “system privacy,” and there aren’t systems in place for when that privacy isn’t there. Commenters rely on not saying things, essentially what journalists would call the “chilling effect” to preserve privacy out in the open. There’s another form of encryption being used, that of metaphorical references and oblique comments, information hiding in plain sight.
There is a lot working against pseudonymous people. The tools don’t exist for the same kinds of privacy, much of the mainstream press, and even the non-mainstream press blames their pseudonyms for all the rude behavior on the internet, many columnists believe they are trolls until proven otherwise. And the biggest information gatherers are constantly using increasingly sophisticated tools to try to link together all the accounts of each physical person, effectively removing the shields they have been using for their privacy or anonymity.
For me, those information gatherers represent a more dangerous and more real threat than the NSA.
I had an idea about this. One of the things I wanted to talk about… but that’s why I was noting the irony. Obscurity has a place in privacy and security (just not the only place). Is it selfish that I don’t want to discuss it in public?
(btw, I believe we both decided it was better to not try to figure something out — that wasn’t a dangle or anything, just found the timing amusing)
You see how obscurity has a use. We can discuss it in full, away from the vagaries of the idiots. But first go back to my original question about how on earth to do that.
I was one of those idiots who never got behind the whole ‘security via obscurity is bad’ thing. Security WITH obscurity is BETTER — it always has been. It’s just not good to rely on obscurity AS the security.
I don’t see the problem we face as a problem about two people on a site. I see the problem being about two people on *this* site. That makes the problem infinitely more difficult to solve (as you know) — and the better the solution, the closer (perhaps) the scrutiny. Hence my call on ‘irony’. The ways I’d have in mind require finesse and a common but arcane knowledge base, and a WHOLE lot of intuition; the problem with those ‘models’ is that they invite a heap of inappropriate ‘solutions’.
(Yes, I’m saying the answer to the first step can never just be about math).
I can gen a one-use-only, valid only one week GPG key just for you and paste the pubkey here, you can do the same, we can exchange a single GPG’ed message with one-off xmpp addresses (to be secured by each user individually) and a meeting time (I’ll let you suggest, use UTC), and we can then use those one-offs to verify (new, pre-created) different xmpp addresses and OTR fingerprints. It’s convoluted, but it could work?
LOL Ondelette.
Why not look into shadowcash project
Just noticed – the RSS feed reader Liferea has stopped working with the new webpage.
Mr Lee,
I see you have adopted a new look for TI. For a while I thought the Chinese hackers were at it here. The new page looks good.
This article is more like an instruction manual. I would hate to see it vanish below after a few days. Therefore, I suggest if you could provide a link to this and other such articles right at the top of the page so that future visitors to the site can also benefit? and I am sure people like -Mona- would like to keep coming back to this every time a new contact has to be added. Similarly, reader comments for jabber server accounts will be very useful to others.
Second this, please put the article up in PDF so it can be downloaded and saved.
BTW, the old interface contained a phrase above the fields for name and email that said, in part, “the email address will not be shared.”
That phrase is gone. Why?
The wording was lost in the redesign, but of course we won’t share your email address. Our privacy policy hasn’t changed: https://firstlook.org/theintercept/privacy-policy
Yeah it’s brilliant if you wanna enable frigging javascript and live content.
Someone out there wants to kiss T//I. It isn’t this author.
I think the quickest way for you to save this as a PDF is: Try printing this article in your web browser, and then print to PDF instead of to a printer. You can also find a list of all of my articles on my staff profile: https://firstlook.org/theintercept/staff/micah-lee/
Dank article, Micah. Keep spreading the crypto knowledge!
Keith Alexander? >_>
Hi Micah –
I’m sure the article was GREAT, but I haven’t read it yet…
But I want to comment on the new look (whoever did it…)…. I hate it. Really hate it. The black background seems so ominous (maybe that’s just me). But even worse than that, when scrolling down to find stories, it was hard to find where one left off and the other started. And it took me a while to find where comments were hiding.
That’s my two cents; I hope you good folks can do even a little tweaking. Thanks.
you left out one important part of using tor: do NOT allow flash under any circumstance. set noscript in the tor browser to “allow none” and temporarily allow javascript on a case-by-case basis but at your own risk.
also: read-only media (dvd/blu-ray) is better than a usb. usb drives can be written to and compromised whereas writing to a normal dvd is impossible and the ram gives you all the space you need to move things around.
nice one otherwise.
you mentioned skype a couple times in this piece. does tor only work for browsing (in its own browser), not for any other programs you might use simultaneously? or is OTR messaging your only option for communicating – just text, no video or audio chats?
You can route non-browser traffic through Tor, but it takes a bit of effort to setup correctly — you should use TAILS or Whonix to simplify the process for you. OTR is a text only protocol. Use it over Tor for added security.
You can make lots of different software go through Tor, but there are certainly limitations. The two core protocols that the Internet uses are TCP and UDP, but Tor only supports TCP. The main difference is TCP has built-in error correcting which makes it slower, while if UDP packets go missing they just disappear forever which makes it faster. Audio and video conversations online often rely on UDP, because it’s faster and it’s no big deal if there are a few missing packets, which means that those programs won’t work over Tor.
Also, if you want software to go over Tor you either need to transparently proxy it (look up Whonix to see a cool way of doing this with virtual machines) or the software needs to support SOCKS5 proxy servers, which Adium and Pidgin both support. And of course, you need to be able to anonymously create an account with the service you’re using too — something that I imagine might be hard with Skype, though I’m not sure. (Also, Skype doesn’t have real end-to-end encryption — Microsoft is able to spy on Skype calls and there’s nothing you can do to help that.)
Mumble is open source voice communication software (often used by gamers) that goes over TCP, and I’ve heard this works well over Tor, but of course you’d have to set up a server or find one to use. Not sure about video. And you can also make email software like Thunderbird (which supports PGP) go over Tor.
Microsoft purchased Skype several years ago. It is now HOTMAIL.
OTR is text translation from an image.
Tor is the internet transmission system that has been BUILT IN to ALL OPERATING SYSTEMS since Windows 7.
I have told you this several times. READ ALL THE COMMENTS.
You also appear to have NO CLUE re: ENCRYPTION of: Skype, Tor, Hotmail etc.
Be careful with something like Skype over Tor — you don’t want to do it. If you must, Guardian Project offers a (probably deprecated by now) voice plugin for ChatSecure/jabber; there are also other voice programs which are far less risky over Tor, though most still require you to give up some level of privacy to use them. I wouldn’t vouch for it but Jitsi is an example.
I haven’t seen this link posted here in a while, but it might help you out: https://prism-break.org/
Very nicely written. Appreciate the effort. Thanks!
Thanks! Amazing info. Keep ’em coming.
I’m still reading this and just got through the part about being hacked and using an alternate operating system. I think it is important to point out that even that doesn’t help if your physical device has been compromised. For example, if someone got into your house and put a logger inside your actual keyboard.
Though, of course, that requires someone to actually get to you personally, so you’d have to already be a suspect/target, and one taken seriously enough for the FBI or whatever to actually spend the time and money to send an agent to your house, but I’d still want to point it out since we’re taking about an attacker with resources. It’d be sad to spend all the time locking down the computer network just to be foiled by forgetting to lock house’s front door.
Great advice, Micah. By the time the readers are able to implement these safeguards, my AAC should be perfected, giving us a couple options to help ensure our communications are private. Our founders would be pleased with us.
Keep it on the down low, fellow Interceptarians, but I’ve been working with the West of Scotland Amateur Radio Society (Glasgow), several of Chester Nez’s grandchildren, the Jane Goodall Institute, The Gurdjieff Society of Massachusetts, several Kalahari San (Bushmen), 3 unnamed Major League Baseball first base coaches, Thami Jantjie, Albert Mehrabian, Steven Frederic Seagal, Professor Griff, 3,600 homing pigeons, Whitey Bulger, and
Charlotte Davis on an augmentative and alternative (AAC) mode of communication, incorporating ham radio technology, morse code, symbols, sign language, sacred movements, esoteric dance, balet, B-boying, pantomime, clicks and other mouth noises, primitive drumming, mating calls, facial expressions, eye blinks, some touch, ground slaps, foot stomps, some string and a lot of yogurt cups.
Yes, it is difficult to picture and even harder to understand. But, it should be operational in a few months, and we’ll be able to communicate in private for at least a few months, until the residents of Maryland decipher it.
You will know when it has been perfected.
Seriously though, Micah, thanks for putting so much effort into that. It is just so incredibly screwed up that we have to take such measures to have private conversations.
Something is terribly wrong.
Never, ever, disclose your number of homing pigeons. Unless you lied and aren’t using homing pigeons at all.
I still chuckle when I reread this. So thank you for that. Sadly there is some truth to absurdity, and some absurdity to truth.
It seems fairly – uncomplicated. If only…
Great article, thank you!
What about ChatSecure for iOS?
https://chatsecure.org/blog/
ChatSecure for iOS works great for OTR chat, but there’s no way to use it anonymously over Tor on iOS. End-to-end encryption is only half the battle. Hiding your metadata is the other half.
A little clumsy but you could always use this: https://learn.adafruit.com/onion-pi/overview
to connect iOS devices to TOR
Thanks Micah!
Great How-to – something to forward to my friends…
Just one little typo I found:… you mention jabber.at (Australia).
Well, its Austria :)
cheers from… there
Thanks! Fixed :)