RUCCI
JF-Expert Member
- Oct 6, 2011
- 1,701
- 1,714
When you pick up the phone and call someone, or send a text message, or write an email, or send a Facebook message, or chat using Google Hangouts, other people find out what youre saying, who youre talking to, and where youre located. Such private data might only be available to the service provider brokering your conversation, but it might also be visible to the telecom companies carrying your Internet packets, to spy and law enforcement agencies, and even to some nearby teenagers monitoring your Wi-Fi network with Wireshark.
But if you take careful steps to protect yourself, its possible to communicate online in a way thats private, secret and anonymous. Today Im going to explain in precise terms how to do that. Ill take techniques NSA whistleblower Edward Snowden used when contacting me two and a half years ago and boil them down to the essentials. In a nutshell, Ill show you how to create anonymous real-time chat accounts and how to chat over those accounts using an encryption protocol called Off-the-Record Messaging, or OTR.
If youre in a hurry, you can skip directly to where I explain, step by step, how to set this up for Mac OS X, Windows, Linux and Android. Then, when you have time, come back and read the important caveats preceding those instructions.
One caveat is to make sure the encryption youre using is the sort known as end-to-end encryption. With end-to-end encryption, a message gets encrypted at one endpoint, like a smartphone, and decrypted at the other endpoint, lets say a laptop. No one at any other point, including the company providing the communication service youre using, can decrypt the message. Contrast this with encryption that only covers your link to the service provider, like an HTTPS web connection. HTTPS will protect your message from potential snoops on your Wi-Fi network (like the teenager with Wireshark) or working for your telecom company, but not from the company on the other end of that connection, like Facebook or Google, nor from law enforcement or spy agencies requesting information from such companies.
A second, bigger caveat is that its important to protect not only the content of your communications but also the metadata behind those communications. Metadata, like who is talking to whom, can be incredibly revealing. When a source wants to communicate with a journalist, using encrypted email isnt enough to protect the fact that theyre talking to a journalist. Likewise, if youre a star-crossed lover hoping to connect with your romantic partner, and keep your feuding families from finding out about the hook-up, you need to protect not just the content of your love notes and steamy chats, but the very fact that youre talking in the first place. Lets take a quick look at how to do that.
Secret identities
Meet Juliet, who is trying to get in touch with Romeo. Romeo and Juliet know that if they talk on the phone, exchange emails or Skype chats, or otherwise communicate using traditional means, theres no way to hide from their powerful families the fact that theyre communicating. The trick is not to hide that theyre communicating at all, but rather that theyre Romeo and Juliet.
Juliet and Romeo decide to make new chat accounts. Juliet chooses the username Ceres, and Romeo chooses the username Eris. Now when Ceres and Eris have an encrypted conversation it will be harder for attackers to realize that this is actually Juliet and Romeo. When Juliets accounts are later audited for evidence of communicating with Romeo her short-tempered cousin is a bit overbearing, to say the least nothing incriminating will show up.
Of course, just making up new usernames alone isnt enough. Its still possible, and sometimes even trivial, to figure out that Ceres is actually Juliet and Eris is actually Romeo.
Juliet is logging into her Ceres account from the same IP address that shes using for everything else on her computer (e.g. emails with her favorite friar). If her Internet activity is being logged (it almost certainly is; all of our Internet activity is being logged), it would be easy to connect the dots. If the chat service is forced to hand over the IP address that the Ceres account connects from, theyll turn over Juliets IP address. Romeo has the same problem.
Third-party services, like telecom companies and email providers, have access to private information about their users, and according to the third-party doctrine, these users have no reasonable expectation of privacy for this information. And its not just illicit lovers who are exposed by this doctrine; even journalists, who can sometimes assert special privilege under the First Amendment, have to be wary of who handles their communications. In 2013, the Justice Department obtained the phone records of Associated Press journalists during a leak investigation. And many news organizations dont host their own email, making their email vulnerable to U.S. government requests for data the New York Times and Wall Street Journal outsource their email to Google, and USA Today outsources its email to Microsoft. (This is why we run our own email server at The Intercept.)
Anonymity
In order to keep the fact that shes communicating private, Juliet must keep a bulletproof separation between her Ceres identity and her real identity. At the moment, the easiest and safest way to do this is by using Tor, the open source and decentralized anonymity network.
Tor is designed to let you use the Internet anonymously. Its a decentralized network of volunteer nodes, computers that help forward and execute Internet requests on behalf of other computers. Tor keeps you anonymous by bouncing your connection through a series of these nodes before finally exiting to the normal Internet. If a single node is malicious, it wont be able to learn both who you are and what youre doing; it might know your IP address but not where on the Internet youre headed, or it might see where youre headed but have no idea what your IP address is.
Most people who have heard of Tor know about Tor Browser, which you can use to browse the web anonymously. But its also possible to use other software to visit Internet services other than the web anonymously, including chat and email.
If Romeo and Juliet use Tor to access their Eris and Ceres chat accounts, and if their conversation is end-to-end encrypted using OTR, then they can finally have a secret conversation online even in the face of pervasive monitoring.
Attackers from all sides
Now that Romeo and Juliet have registered new, anonymous chat accounts using Tor, lets probe all of the moving parts for weaknesses.
Juliets side: An attacker that is monitoring Juliets Internet traffic will be able to tell that part of it is Tor traffic, but they wont have any information about what shes using Tor for. If they check out who shes emailing, Skyping with, calling, and texting, they wont have any evidence that shes talking to Romeo. (Of course, using the Tor network in and of itself can be suspicious, which is why The Intercept recommends that sources who wish to remain anonymous contact us from a personal computer using a network connection that isnt associated with their employer. In other words, Juliet might seek out a Starbucks or public library, to be extra safe.)
Romeos side: An attacker monitoring Romeos Internet traffic will be able to tell that part of it is Tor traffic. If the attacker looks into who Romeo is emailing, calling, texting, and Skyping with, Juliet wont be on that list.
Chat servers side: The chat service itself will be able to tell that someone coming from a Tor IP address created the user Ceres, and someone coming from a Tor IP address created the user Eris, and that these two users are sending scrambled messages back and forth. It wont have any way of knowing that Ceres is actually Juliet or that Eris is actually Romeo, because their IP addresses are masked by Tor. And it wont have any way of knowing what Ceres and Eris are saying to each other because their messages are all encrypted with OTR. These accounts could just as easily belong to a whistleblower and a journalist, or to a human rights activist and her lawyer, as they could to two mutual crushes trading poetry.
Even with taking these measures, there is quite a bit of metadata you might leak if you arent careful. Here are some things to keep in mind:
Make sure to use Tor when you create your chat account, not just when you use it.
Make sure you never login to that account when youre not using Tor.
Make sure you dont choose a username that might betray your real identity dont use a pseudonym that youve used in the past, for example. Instead, make up a random username that doesnt have anything to do with you. People often think of anonymous accounts that they create as alter egos. They come up with a cool pseudonym and grow attached to that identity. But its better to think of secret identities as disposable and temporary: Their purpose is to mask your real identity, not to highlight a piece of it. A random string like bk7c7erd19 makes a better username than gameofthronesfan.
Dont re-use a password you use elsewhere. Reusing passwords is not only bad security, but could also de-anonymize you if an account associated with your real identity shares the same password associated with your a secret identity.
Be aware of which contacts you communicate from which secret identity account. If one of your contacts is exposed, it can increase the chances that other contacts you communicate with from the same account will also be exposed. Theres nothing wrong with making a new chat account for each project, or for each contact, to reduce the risk of your whole anonymous network unravelling.
Dont give any other identifying information to the chat service.
Be aware of your habits. If you login to your chat account in the morning when you start using your computer and log off in the evening when youre done with work, youll be leaking to the chat server what timezone youre in and what your work hours are. This might not matter to you, but if it does, its best to make appointments with your contacts for specific times to meet online.
Be aware of what else you do using your Tor IP address. If you use Tor to login to both your secret chat account and a chat account thats publicly associated with you, the server logs could be used to link your anonymous account to your real identity. You can force Tor to choose separate circuits for each account by choosing a unique SOCKS proxy username and password, but more on that below.
Tor isnt perfect
Tor represents state-of-the-art online anonymity, but providing true anonymity is a nearly impossible problem to solve. Theres an ongoing arms race with Tor developers and academic researchers on one side, and powerful attackers that would like to be able to secretly de-anonymize or censor Tor users on the other.
Tor has never been secure against a global adversary an adversary that can spy on all Tor nodes around the world in real-time because such an adversary would be able to see traffic from Tor users enter the network, watch it bounce around the world, and then watch it leave the network, making it clear which traffic belongs to which user.
But despite all this, Snowden documents published by The Guardian show that the combined spying power of the Five Eyes (the U.S., U.K., Canada, Australia and New Zealand) doesnt yet count as a global adversary, at least not as of June 2012 when that top-secret presentation was given. It appears that the Western intelligence agencies are only able to opportunistically de-anonymize random unlucky users, and have never been able to de-anonymize a specific user on demand.
As promising as this seems, Tor might not always protect your identity, especially if youre already under close surveillance. The story of Jeremy Hammonds arrest illustrates this point well.
The FBI suspected that Hammond might be part of the LulzSec hacker group, which went on a digital crime spree in 2011. Specifically, they suspected he might go by the pseudonym sup_g in an online chat room. They set up physical surveillance of Hammonds apartment in Chicago, watching what servers he connected to from his Wi-Fi network. An FBI affidavit states that a significant portion of the traffic from the Chicago Residence to the Internet was Tor-related traffic. The FBI used a low-tech traffic correlation attack to confirm that Hammond was indeed sup_g. When Hammond left his apartment, Tor traffic stopped flowing from his house and sup_g logged out of chat. When he came back home, Tor traffic started flowing again and sup_g appeared back online. Because he was already a prime suspect, Tor didnt protect his identity.
Tor isnt magic; its a tool. The human using it still needs to know what theyre doing if they wish to remain anonymous.
Endpoint security
Theres another caveat to all of this. If Juliets computer is hacked, the hacker will be able to know exactly what shes doing on it. Same with Romeo. You can encrypt as much as you want and bounce your encrypted traffic around the world to your hearts content, but if an attacker can read your keystrokes as you type them and see exactly whats on your screen, you cant hide from them.
Its extremely difficult to prevent your computer from getting hacked if youre the target of an attacker with resources. You can lower your risks of getting hacked by using a separate device that you only use for secure communication, because the computer you use for all your daily activities has far more opportunities to get hacked.
Another option is to use Tails for private conversations. Tails is an entirely separate operating system that you install on a USB stick and that can be used safely even if your normal operating system has been hacked. While Tails can give you a much higher degree of security when communicating privately online, it is a very advanced tool. New users will likely spend many frustrating days troubleshooting, especially if they arent already comfortable with Linux.
For most users its perfectly fine to use your regular operating system to have private conversations online despite the risk of getting hacked; its certainly preferable to giving up and leaking metadata that you shouldnt leak. Its also much more convenient, and is an easy way to get started if you just casually want some privacy and nothing serious is at stake.
First contact
When you want to have a private conversation with someone online, its not always clear how to start. If you can meet in person, establishing your private communication channel is simple: Just trade usernames, chat servers, and OTR fingerprints (more on this below) when you meet up.
Meeting in person is often not possible. You might be too far away, or one side of the conversation might wish to remain anonymous from the other side. And even if you want to meet in person, how do you communicate this online to begin with while still hiding the fact that youre communicating with this person at all?
To initiate first contact with Romeo, Juliet needs to create an anonymous secret identity that she uses just to make first contact with Romeos public identity. She could email Romeo from an anonymous email address. Most free email services require new users to provide a phone number to make an account, and some block Tor users altogether, which makes creating an anonymous account annoying. She could also make an anonymous social media account and use it to contact Romeos public account.
If possible, she should encrypt the first contact messages that she sends to Romeo. Its much more straightforward to do this if Romeo publishes a PGP key. At The Intercept all of our journalists publish our PGP keys on our staff profiles. If youre a source wanting to make first contact with a journalist that works for an organization with SecureDrop, you could use that to make first contact without having to worry about making new accounts anonymously or dealing with PGP keys. The Intercept uses SecureDrop.
When she makes first contact, Juliet should tell Romeo what chat server she has made an account on, what her username is, what her OTR fingerprint is, and what time shell be waiting online. She might also need to give Romeo instructions for getting set up himself, perhaps linking to this article.
When Juliet and Romeo are both anonymously logged into secret identity accounts and are having an OTR-encrypted conversation, theyre almost there. Depending on how Juliet made first contact, a close look at Romeos email or social media accounts might reveal the username of Juliets secret identity she had to tell it to him somehow, after all. It could be possible for investigators to work from there to uncover Romeos secret identity as well.
To prevent anything like this from happening, its a good idea for Juliet and Romeo to burn these chat accounts and move onto new ones, leaving no trails behind. Indeed, whenever Juliet and Romeo feel like it makes sense, they should abandon their old chat accounts in favor of new ones, complete with new OTR keys. There are hundreds of public chat servers, and making new accounts costs nothing.
From theory to practice
Now that you understand the operational security theory behind maintaining secret identities, its time to actually practice.
This might sound daunting, but Im confident you can do it. Just follow these step-by-step instructions for Mac OS X, Windows, Linux, and Android. (Unfortunately theres no way to connect to chat servers anonymously on iPhones.) Try practicing with it a friend first.
Jabber and Off-the-Record
Ive been discussing chat servers, but what I actually mean is Jabber (also known as XMPP) servers. Jabber is an open protocol for real-time chat its not a specific service in the way that Signal, WhatsApp, or Facebook is. Its a decentralized and federated service, kind of like email. I can send an email from my theintercept.com address to your gmail.com address, because The Intercepts and Gmails email servers rely on the same standard protocol.
Similarly, anyone can run a Jabber server, and many organizations do, including Calyx Institute, Riseup, Chaos Computer Club, and DuckDuckGo, to name a few. There are hundreds of other public Jabber servers. Many organizations run private Jabber servers for their employees, including The Intercepts parent company First Look Media (firstlook.org). The chat service HipChat is powered by Jabber under the hood, and its competitor Slack offers a Jabber gateway.
Since Jabber is decentralized, akiko@jabber.calyxinstitute.org (this is a Jabber account, not an email address) can chat with boris@dukgo.co. But if both sides of a conversation both Romeo and Juliet, in our example use the same server for their Jabber accounts, theyll leak less metadata about their conversations. Messages will stay within in the same server rather than getting sent over the internet.
Unlike email, most Jabber servers let anyone create accounts using Tor, and dont require that you provide any identifying information at all. In fact, many Jabber servers run Tor hidden services to make it so Tor users can connect without having to leave the Tor network at all. That is quite an advanced topic, however, and to keep it simpler I wont use hidden services in the tutorials below.
Off-the-Record (OTR) is an encryption protocol that can add end-to-end encryption to any chat service, including Jabber. In order to have an encrypted chat, both sides of the conversation need to use chat software that supports OTR. There are several options, but the tutorials below will use Adium for Mac users, Pidgin for Windows and Linux users, and ChatSecure for Android users. ChatSecure is also available for iOS, but theres no way to use it with Tor on an iOS device.
Choosing a Jabber server
If youre planning on setting up your secret identity chat account in Android, skip straight down to the Android section. ChatSecure for Android has great built-in support for creating anonymous throw-away secret identity accounts.
For everyone else, stop. Download and install Tor Browser. Open it, and load this article in that browser instead of the one you were using. Youre using Tor now? Good. This is an important step because I dont want you to leave your real IP address in the web logs of every Jabber server youre considering using that would be a clue that could later be used to deanonymize your secret identity.
There are hundreds of Jabber servers to choose from. You can find lists of some of the public Jabber servers here and here. Which should you choose?
The server wont know who you are (youll connect using Tor) or what youre saying (youll use OTR to encrypt your messages), so you dont need to trust it. Still, you might want to pick one that you think is unlikely to hand over logs to your government, and that is happy with Tor users making secret identity accounts.
The most common way that people create Jabber accounts is directly through their chat software. While its easy to configure chat programs to use Tor when you login to your account, its difficult to make sure it uses Tor when creating new accounts (unless youre using Tails, in which case you dont have to worry because all your traffic uses Tor). Because of this, I recommend that you choose a Jabber server that lets you create a new account on their websites, so you can do it from Tor Browser instead of your chat program.
Here are a few Jabber servers that you can create new accounts on using Tor Browser, chosen at random from the public lists: ChatMe (based in Italy), CodeRollers (based in Romania), Darkness XMPP (based in Russia), KodeRoot (based in the U.S.), Jabber.at (based in Austria), Hot-Chilli (based in Germany), XMPP.jp (based in Japan), and the list goes on and on.
Ready to get started? Pick a Jabber server. Make up a username thats not associated with your real identity in any way. Make up a password that you dont use for anything else.
Create a Jabber account using Tor Browser. Now keep note of the server you created it on, your username and your password, and move on to the next sections for Android or Mac OS X or Windows and Linux.
Anonymous encrypted chat in Mac OS X
If you havent already, create a new Jabber account using Tor Browser by following the instructions in the Choosing a Jabber server section above. Make sure you know which Jabber server you created your account on and what your username and password are.
For this example, I created a Jabber account on the server xmpp.jp with the username pluto1.
Installing Adium and configuring your secret account over Tor
Download and install Adium, which is a Mac chat program that supports OTR encryption.
Make sure Tor Browser is open. While Tor Browser is open, a Tor service will be running in the background on your computer. When you close Tor Browser, the Tor service stops running. This means every time you wish to connect to your secret identity Jabber account you must have Tor Browser open in the background or Adium simply wont connect. Go ahead and open Tor Browser and keep it open for the rest of this tutorial.
Open Adium. The first time you open it youll see the Adium Assistant Wizard. Close this window well manually add an account so we can have access to advanced settings.
With the Contacts window selected, click Adium in the menu bar at the top and choose Preferences. Make sure the Accounts tab at the top of the window is selected. Click the + button in the bottom left to add a new account, and select XMPP (Jabber) from the dropdown.
Before doing anything else, switch to the Proxy tab. Check Connect using proxy and choose SOCKS5 from the dropdown list. In the Server field type 127.0.0.1 and in the Port field type 9150. Choose a unique username for this account and type anything in password field. These settings will ensure that Adium only connects to this account using Tor. The username and password fields are optional, but if you use them Tor will choose different circuits for this account in Adium than it will for everything else, which increases your anonymity.
Switch to the Privacy tab. Under the Encryption dropdown change Encrypt chats as requested to Force encryption and refuse plaintext.
Switch to the Options tab. Change whats listed in Resource (by default the name of your computer) to anonymous. Also, under Security check Require SSL/TLS.
Now switch back to the Account tab. Type your Jabber ID. My username is pluto1 and my Jabber server is xmpp.jp, so my Jabber ID is pluto1@xmpp.js. Type your password, and click OK to try connecting to this account when youre done.
Adium should now attempt to connect to your secret identity account over Tor. If all goes well, it should list your new account and say Online.
Encryption keys and fingerprints
You are now anonymously connected to your secret identity account using Tor. The next step is to set up an OTR encryption key. Each person who wishes to use OTR needs to generate their own key, which is a file that gets stored locally on the device you use for chatting. Each key has a unique string of characters called a fingerprint associated with it no two keys share the same fingerprint.
Lets create your OTR key. With the Contacts window selected, click Adium in the menu bar and choose Preferences. Go to the Advanced tab, and click on Encryption in the left sidebar. Select your secret identity account and click the Generate button to generate a new encryption key. When its done youll see your new OTR fingerprint.
In this example, I just created a new OTR key for my pluto1@xmpp.jp account with the fingerprint C4CA056C 922C8579 C6856FBB 27F397B3 2817B938. If you want to have a private conversation with someone, tell them your Jabber username and server as well as your OTR fingerprint. After they create an anonymous Jabber account and an OTR key, get them to tell you what their username, server and fingerprint are too.
Once you start an encrypted conversation with them, you will be able to see their fingerprint and they will be able to see your fingerprint. If the fingerprint they gave you matches the fingerprint you see in Adium, you can mark that contact as trusted. And if the fingerprint you gave them matches the fingerprint they see in their chat program, they can mark you as trusted.
This step is confusing, but also important. If the fingerprints dont match, this means that someone is attempting a man-in-the-middle attack against you. If this happens, dont mark the contact as trusted and try again later.
Adding contacts and conversing in private
Im trying to have a private conversation with my friend. They told me their Jabber account is pluto2@wtfismyip.com and their OTR fingerprint is A65B59E4 0D1FD90D D4B1BE9F F9163914 46A35AEE.
Now that Ive set up my pluto1 account, Im going to add pluto2 as a contact. First I select the Contacts window and then click the Contact menu bar at the top and choose Add Contact. I set Contact Type to XMPP, and enter pluto2@wtfismyip.com as their Jabber ID. Then I click the Add button to add them as a contact.
When you add a Jabber contact you cant immediately tell if theyre online or not. First you need them to consent to let you see their status. So now I need to wait for pluto2 to login and approve my contact request.
Oh good, pluto2 has authorized me to see when theyre online, and is asking if I allow them to see when Im online. Im selecting the their contact and clicking the Authorize button.
Now that I have added pluto2 as a contact the first time, they will appear on my contact list when theyre online. Now all I need to do is double-click on their name to start chatting with them.
I double-clicked on the pluto2 contact and typed hi.
Before it sent my message, Adium started a new OTR encrypted session. Notice that it says pluto2@wtfismyip.coms identity not verified. This means that while we have an encrypted chat going on, I cant be 100% confident that there isnt a man-in-the-middle attack going on.
It also popped up an OTR Fingerprint Verification box. Does the fingerprint that pluto2 gave me match the fingerprint that I see in that box?
Im comparing the fingerprint pluto2 gave me earlier with what Adium is telling me pluto2s fingerprint is, one character at a time. Let me see yup, theyre the same. This means that there is not an attack on our encryption, and I can safely click Accept. If I didnt have pluto2s OTR fingerprint, I would ask pluto2 what it is using an out-of-band method (not using this chat, since I dont know if this chat is trustworthy yet) and then verify that they match. If I dont have time for that now, I would click Verify Later.
You only have to do this verification step the first time you start an encrypted conversation with a new contact. If I login tomorrow and start a new conversation with pluto2, it should just work and be considered trusted.
And thats it. To recap: We have created an anonymous Jabber account using Tor. We have configured the chat program Adium to login to this account over Tor, and we have made a new OTR encryption key for this account. We have added a contact to this account, and verified that their OTR fingerprint is correct. And now we can start chatting with them with an extraordinarily high degree of privacy.
Anonymous encrypted chat in Windows and Linux
If you havent already, create a new Jabber account using Tor Browser by following the instructions in the Choosing a Jabber server section above. Make sure you know which Jabber server you created your account on and what your username and password are.
For this example, I created a Jabber account on the server wtfismyip.com with the username pluto2.
Windows and Linux instructions are in the same section because youll use the same piece of software, Pidgin. The steps are nearly identical for both operating systems, but Ill point out where they differ.
Installing Pidgin and configuring your secret account over Tor
If youre using Windows, download and install Pidgin, and then download and install the OTR plugin for Pidgin. Make sure Tor Browser is open. While Tor Browser is open, a Tor service will be running in the background on your computer. When you close Tor Browser, the Tor service stops running. This means every time you wish to connect to your secret identity Jabber account you must have Tor Browser open in the background or Pidgin simply wont connect. Go ahead and open Tor Browser and keep it open for the rest of this tutorial.
If youre using Linux, install the packages pidgin, pidgin-otr, and tor. In Ubuntu or Debian you can do this by typing sudo apt-get install pidgin pidgin-otr tor into a terminal, or by using the Ubuntu Software Center. Because youre installing Tor system-wide in Linux, theres no need to worry about keeping Tor Browser open in the background like in Windows or Mac OS X.
Open Pidgin. The first time you run it youll see a Welcome to Pidgin! screen. Click the Add button to add your secret identity account (if you already use Pidgin, you can add a new account by clicking the Accounts menu in the Buddy List window and choose Manage Accounts).
You should be at the Add Account window. Before you do anything else, switch to the Proxy tab. Set the proxy type to Tor/Privacy (SOCKS5). In the Host field type 127.0.0.1, and in the Port field type 9150 if youre using Windows and 9050 if youre using Linux. Choose a unique username for this account and type anything in password field. These settings will ensure that Pidgin only connects to this account using Tor. The username and password fields are optional, but if you use them Tor will choose different circuits for this account in Pidgin than it will for everything else, which increases your anonymity.
Switch back to the Basic tab. Under Protocol select XMPP. In the Username field type your username (mine is pluto2). In the Domain field type your Jabber server (mine is wtfismyip.com). In the Resource field type anonymous. In the Password field type your password, and optionally check the remember password box. When youre all set, click the Add button.
If all goes well, you should see a Buddy List window with the status Available.
Encryption keys and fingerprints
You are now anonymously connected to your secret identity account using Tor. The next step is to set up an OTR encryption key. Each person who wishes to use OTR needs to generate their own key, which is a file that gets stored locally on the device you use for chatting. Each key has a unique string of characters called a fingerprint associated with it no two keys share the same fingerprint.
Lets create your OTR key. In the Buddy List window, click the Tools menu and choose Plugins. You should see Off-the-Record Messaging as one of the plugins. Make sure you check the box next to it to enable it.
With Off-the-Record Messaging selected, click the Configure Plugin button. Select your secret identity account and click the Generate button to generate a new encryption key. When its done, youll see your new OTR fingerprint. While youre at it, check the Require private messaging box.
In this example, I just created a new OTR key for my pluto2@wtfismyip.com account with the fingerprint A65B59E4 0D1FD90D D4B1BE9F F9163914 46A35AEE. If you want to have a private conversation with someone, tell them your Jabber username and server as well as your OTR fingerprint. After they create an anonymous Jabber account and an OTR key, get them to tell you what their username, server and fingerprint are too.
Once you start an encrypted conversation with them, you will be able to see their fingerprint and they will be able to see your fingerprint. If the fingerprint they gave you matches the fingerprint you see in Pidgin, you can mark that contact as trusted. And if the fingerprint you gave them matches the fingerprint they see in their chat program, they can mark you as trusted.
This step is confusing, but also important. If the fingerprints dont match, this means that someone is attempting a man-in-the-middle attack against you. If this happens, dont mark the contact as trusted and try again later.
Adding contacts and conversing in private
Im trying to have a private conversation with my friend. They told me their Jabber account is 0060e404a9@jabber.calyxinstitute.org.
Now that Ive set up my pluto2 account, Im going to add 0060e404a9 as a contact. From the Buddy List window I click the Buddies menu and choose Add Buddy. I type 0060e404a9@jabber.calyxinstitute.org as the buddys username and click the Add button.
When you add a Jabber contact you cant immediately tell if theyre online or not. First you need them to consent to let you see their status. So now I need to wait for 0060e404a9 to login and approve my contact request.
Oh good, 0060e404a9 has authorized me to see when theyre online, and is asking if I allow them to see when Im online. I click the Authorize button.
Source: https://goo.gl/bV6ETo
But if you take careful steps to protect yourself, its possible to communicate online in a way thats private, secret and anonymous. Today Im going to explain in precise terms how to do that. Ill take techniques NSA whistleblower Edward Snowden used when contacting me two and a half years ago and boil them down to the essentials. In a nutshell, Ill show you how to create anonymous real-time chat accounts and how to chat over those accounts using an encryption protocol called Off-the-Record Messaging, or OTR.
If youre in a hurry, you can skip directly to where I explain, step by step, how to set this up for Mac OS X, Windows, Linux and Android. Then, when you have time, come back and read the important caveats preceding those instructions.
One caveat is to make sure the encryption youre using is the sort known as end-to-end encryption. With end-to-end encryption, a message gets encrypted at one endpoint, like a smartphone, and decrypted at the other endpoint, lets say a laptop. No one at any other point, including the company providing the communication service youre using, can decrypt the message. Contrast this with encryption that only covers your link to the service provider, like an HTTPS web connection. HTTPS will protect your message from potential snoops on your Wi-Fi network (like the teenager with Wireshark) or working for your telecom company, but not from the company on the other end of that connection, like Facebook or Google, nor from law enforcement or spy agencies requesting information from such companies.
A second, bigger caveat is that its important to protect not only the content of your communications but also the metadata behind those communications. Metadata, like who is talking to whom, can be incredibly revealing. When a source wants to communicate with a journalist, using encrypted email isnt enough to protect the fact that theyre talking to a journalist. Likewise, if youre a star-crossed lover hoping to connect with your romantic partner, and keep your feuding families from finding out about the hook-up, you need to protect not just the content of your love notes and steamy chats, but the very fact that youre talking in the first place. Lets take a quick look at how to do that.
Secret identities
Meet Juliet, who is trying to get in touch with Romeo. Romeo and Juliet know that if they talk on the phone, exchange emails or Skype chats, or otherwise communicate using traditional means, theres no way to hide from their powerful families the fact that theyre communicating. The trick is not to hide that theyre communicating at all, but rather that theyre Romeo and Juliet.
Juliet and Romeo decide to make new chat accounts. Juliet chooses the username Ceres, and Romeo chooses the username Eris. Now when Ceres and Eris have an encrypted conversation it will be harder for attackers to realize that this is actually Juliet and Romeo. When Juliets accounts are later audited for evidence of communicating with Romeo her short-tempered cousin is a bit overbearing, to say the least nothing incriminating will show up.
Of course, just making up new usernames alone isnt enough. Its still possible, and sometimes even trivial, to figure out that Ceres is actually Juliet and Eris is actually Romeo.
Juliet is logging into her Ceres account from the same IP address that shes using for everything else on her computer (e.g. emails with her favorite friar). If her Internet activity is being logged (it almost certainly is; all of our Internet activity is being logged), it would be easy to connect the dots. If the chat service is forced to hand over the IP address that the Ceres account connects from, theyll turn over Juliets IP address. Romeo has the same problem.
Third-party services, like telecom companies and email providers, have access to private information about their users, and according to the third-party doctrine, these users have no reasonable expectation of privacy for this information. And its not just illicit lovers who are exposed by this doctrine; even journalists, who can sometimes assert special privilege under the First Amendment, have to be wary of who handles their communications. In 2013, the Justice Department obtained the phone records of Associated Press journalists during a leak investigation. And many news organizations dont host their own email, making their email vulnerable to U.S. government requests for data the New York Times and Wall Street Journal outsource their email to Google, and USA Today outsources its email to Microsoft. (This is why we run our own email server at The Intercept.)
Anonymity
In order to keep the fact that shes communicating private, Juliet must keep a bulletproof separation between her Ceres identity and her real identity. At the moment, the easiest and safest way to do this is by using Tor, the open source and decentralized anonymity network.
Tor is designed to let you use the Internet anonymously. Its a decentralized network of volunteer nodes, computers that help forward and execute Internet requests on behalf of other computers. Tor keeps you anonymous by bouncing your connection through a series of these nodes before finally exiting to the normal Internet. If a single node is malicious, it wont be able to learn both who you are and what youre doing; it might know your IP address but not where on the Internet youre headed, or it might see where youre headed but have no idea what your IP address is.
Most people who have heard of Tor know about Tor Browser, which you can use to browse the web anonymously. But its also possible to use other software to visit Internet services other than the web anonymously, including chat and email.
If Romeo and Juliet use Tor to access their Eris and Ceres chat accounts, and if their conversation is end-to-end encrypted using OTR, then they can finally have a secret conversation online even in the face of pervasive monitoring.
Attackers from all sides
Now that Romeo and Juliet have registered new, anonymous chat accounts using Tor, lets probe all of the moving parts for weaknesses.
Juliets side: An attacker that is monitoring Juliets Internet traffic will be able to tell that part of it is Tor traffic, but they wont have any information about what shes using Tor for. If they check out who shes emailing, Skyping with, calling, and texting, they wont have any evidence that shes talking to Romeo. (Of course, using the Tor network in and of itself can be suspicious, which is why The Intercept recommends that sources who wish to remain anonymous contact us from a personal computer using a network connection that isnt associated with their employer. In other words, Juliet might seek out a Starbucks or public library, to be extra safe.)
Romeos side: An attacker monitoring Romeos Internet traffic will be able to tell that part of it is Tor traffic. If the attacker looks into who Romeo is emailing, calling, texting, and Skyping with, Juliet wont be on that list.
Chat servers side: The chat service itself will be able to tell that someone coming from a Tor IP address created the user Ceres, and someone coming from a Tor IP address created the user Eris, and that these two users are sending scrambled messages back and forth. It wont have any way of knowing that Ceres is actually Juliet or that Eris is actually Romeo, because their IP addresses are masked by Tor. And it wont have any way of knowing what Ceres and Eris are saying to each other because their messages are all encrypted with OTR. These accounts could just as easily belong to a whistleblower and a journalist, or to a human rights activist and her lawyer, as they could to two mutual crushes trading poetry.
Even with taking these measures, there is quite a bit of metadata you might leak if you arent careful. Here are some things to keep in mind:
Make sure to use Tor when you create your chat account, not just when you use it.
Make sure you never login to that account when youre not using Tor.
Make sure you dont choose a username that might betray your real identity dont use a pseudonym that youve used in the past, for example. Instead, make up a random username that doesnt have anything to do with you. People often think of anonymous accounts that they create as alter egos. They come up with a cool pseudonym and grow attached to that identity. But its better to think of secret identities as disposable and temporary: Their purpose is to mask your real identity, not to highlight a piece of it. A random string like bk7c7erd19 makes a better username than gameofthronesfan.
Dont re-use a password you use elsewhere. Reusing passwords is not only bad security, but could also de-anonymize you if an account associated with your real identity shares the same password associated with your a secret identity.
Be aware of which contacts you communicate from which secret identity account. If one of your contacts is exposed, it can increase the chances that other contacts you communicate with from the same account will also be exposed. Theres nothing wrong with making a new chat account for each project, or for each contact, to reduce the risk of your whole anonymous network unravelling.
Dont give any other identifying information to the chat service.
Be aware of your habits. If you login to your chat account in the morning when you start using your computer and log off in the evening when youre done with work, youll be leaking to the chat server what timezone youre in and what your work hours are. This might not matter to you, but if it does, its best to make appointments with your contacts for specific times to meet online.
Be aware of what else you do using your Tor IP address. If you use Tor to login to both your secret chat account and a chat account thats publicly associated with you, the server logs could be used to link your anonymous account to your real identity. You can force Tor to choose separate circuits for each account by choosing a unique SOCKS proxy username and password, but more on that below.
Tor isnt perfect
Tor represents state-of-the-art online anonymity, but providing true anonymity is a nearly impossible problem to solve. Theres an ongoing arms race with Tor developers and academic researchers on one side, and powerful attackers that would like to be able to secretly de-anonymize or censor Tor users on the other.
Tor has never been secure against a global adversary an adversary that can spy on all Tor nodes around the world in real-time because such an adversary would be able to see traffic from Tor users enter the network, watch it bounce around the world, and then watch it leave the network, making it clear which traffic belongs to which user.
But despite all this, Snowden documents published by The Guardian show that the combined spying power of the Five Eyes (the U.S., U.K., Canada, Australia and New Zealand) doesnt yet count as a global adversary, at least not as of June 2012 when that top-secret presentation was given. It appears that the Western intelligence agencies are only able to opportunistically de-anonymize random unlucky users, and have never been able to de-anonymize a specific user on demand.
As promising as this seems, Tor might not always protect your identity, especially if youre already under close surveillance. The story of Jeremy Hammonds arrest illustrates this point well.
The FBI suspected that Hammond might be part of the LulzSec hacker group, which went on a digital crime spree in 2011. Specifically, they suspected he might go by the pseudonym sup_g in an online chat room. They set up physical surveillance of Hammonds apartment in Chicago, watching what servers he connected to from his Wi-Fi network. An FBI affidavit states that a significant portion of the traffic from the Chicago Residence to the Internet was Tor-related traffic. The FBI used a low-tech traffic correlation attack to confirm that Hammond was indeed sup_g. When Hammond left his apartment, Tor traffic stopped flowing from his house and sup_g logged out of chat. When he came back home, Tor traffic started flowing again and sup_g appeared back online. Because he was already a prime suspect, Tor didnt protect his identity.
Tor isnt magic; its a tool. The human using it still needs to know what theyre doing if they wish to remain anonymous.
Endpoint security
Theres another caveat to all of this. If Juliets computer is hacked, the hacker will be able to know exactly what shes doing on it. Same with Romeo. You can encrypt as much as you want and bounce your encrypted traffic around the world to your hearts content, but if an attacker can read your keystrokes as you type them and see exactly whats on your screen, you cant hide from them.
Its extremely difficult to prevent your computer from getting hacked if youre the target of an attacker with resources. You can lower your risks of getting hacked by using a separate device that you only use for secure communication, because the computer you use for all your daily activities has far more opportunities to get hacked.
Another option is to use Tails for private conversations. Tails is an entirely separate operating system that you install on a USB stick and that can be used safely even if your normal operating system has been hacked. While Tails can give you a much higher degree of security when communicating privately online, it is a very advanced tool. New users will likely spend many frustrating days troubleshooting, especially if they arent already comfortable with Linux.
For most users its perfectly fine to use your regular operating system to have private conversations online despite the risk of getting hacked; its certainly preferable to giving up and leaking metadata that you shouldnt leak. Its also much more convenient, and is an easy way to get started if you just casually want some privacy and nothing serious is at stake.
First contact
When you want to have a private conversation with someone online, its not always clear how to start. If you can meet in person, establishing your private communication channel is simple: Just trade usernames, chat servers, and OTR fingerprints (more on this below) when you meet up.
Meeting in person is often not possible. You might be too far away, or one side of the conversation might wish to remain anonymous from the other side. And even if you want to meet in person, how do you communicate this online to begin with while still hiding the fact that youre communicating with this person at all?
To initiate first contact with Romeo, Juliet needs to create an anonymous secret identity that she uses just to make first contact with Romeos public identity. She could email Romeo from an anonymous email address. Most free email services require new users to provide a phone number to make an account, and some block Tor users altogether, which makes creating an anonymous account annoying. She could also make an anonymous social media account and use it to contact Romeos public account.
If possible, she should encrypt the first contact messages that she sends to Romeo. Its much more straightforward to do this if Romeo publishes a PGP key. At The Intercept all of our journalists publish our PGP keys on our staff profiles. If youre a source wanting to make first contact with a journalist that works for an organization with SecureDrop, you could use that to make first contact without having to worry about making new accounts anonymously or dealing with PGP keys. The Intercept uses SecureDrop.
When she makes first contact, Juliet should tell Romeo what chat server she has made an account on, what her username is, what her OTR fingerprint is, and what time shell be waiting online. She might also need to give Romeo instructions for getting set up himself, perhaps linking to this article.
When Juliet and Romeo are both anonymously logged into secret identity accounts and are having an OTR-encrypted conversation, theyre almost there. Depending on how Juliet made first contact, a close look at Romeos email or social media accounts might reveal the username of Juliets secret identity she had to tell it to him somehow, after all. It could be possible for investigators to work from there to uncover Romeos secret identity as well.
To prevent anything like this from happening, its a good idea for Juliet and Romeo to burn these chat accounts and move onto new ones, leaving no trails behind. Indeed, whenever Juliet and Romeo feel like it makes sense, they should abandon their old chat accounts in favor of new ones, complete with new OTR keys. There are hundreds of public chat servers, and making new accounts costs nothing.
From theory to practice
Now that you understand the operational security theory behind maintaining secret identities, its time to actually practice.
This might sound daunting, but Im confident you can do it. Just follow these step-by-step instructions for Mac OS X, Windows, Linux, and Android. (Unfortunately theres no way to connect to chat servers anonymously on iPhones.) Try practicing with it a friend first.
Jabber and Off-the-Record
Ive been discussing chat servers, but what I actually mean is Jabber (also known as XMPP) servers. Jabber is an open protocol for real-time chat its not a specific service in the way that Signal, WhatsApp, or Facebook is. Its a decentralized and federated service, kind of like email. I can send an email from my theintercept.com address to your gmail.com address, because The Intercepts and Gmails email servers rely on the same standard protocol.
Similarly, anyone can run a Jabber server, and many organizations do, including Calyx Institute, Riseup, Chaos Computer Club, and DuckDuckGo, to name a few. There are hundreds of other public Jabber servers. Many organizations run private Jabber servers for their employees, including The Intercepts parent company First Look Media (firstlook.org). The chat service HipChat is powered by Jabber under the hood, and its competitor Slack offers a Jabber gateway.
Since Jabber is decentralized, akiko@jabber.calyxinstitute.org (this is a Jabber account, not an email address) can chat with boris@dukgo.co. But if both sides of a conversation both Romeo and Juliet, in our example use the same server for their Jabber accounts, theyll leak less metadata about their conversations. Messages will stay within in the same server rather than getting sent over the internet.
Unlike email, most Jabber servers let anyone create accounts using Tor, and dont require that you provide any identifying information at all. In fact, many Jabber servers run Tor hidden services to make it so Tor users can connect without having to leave the Tor network at all. That is quite an advanced topic, however, and to keep it simpler I wont use hidden services in the tutorials below.
Off-the-Record (OTR) is an encryption protocol that can add end-to-end encryption to any chat service, including Jabber. In order to have an encrypted chat, both sides of the conversation need to use chat software that supports OTR. There are several options, but the tutorials below will use Adium for Mac users, Pidgin for Windows and Linux users, and ChatSecure for Android users. ChatSecure is also available for iOS, but theres no way to use it with Tor on an iOS device.
Choosing a Jabber server
If youre planning on setting up your secret identity chat account in Android, skip straight down to the Android section. ChatSecure for Android has great built-in support for creating anonymous throw-away secret identity accounts.
For everyone else, stop. Download and install Tor Browser. Open it, and load this article in that browser instead of the one you were using. Youre using Tor now? Good. This is an important step because I dont want you to leave your real IP address in the web logs of every Jabber server youre considering using that would be a clue that could later be used to deanonymize your secret identity.
There are hundreds of Jabber servers to choose from. You can find lists of some of the public Jabber servers here and here. Which should you choose?
The server wont know who you are (youll connect using Tor) or what youre saying (youll use OTR to encrypt your messages), so you dont need to trust it. Still, you might want to pick one that you think is unlikely to hand over logs to your government, and that is happy with Tor users making secret identity accounts.
The most common way that people create Jabber accounts is directly through their chat software. While its easy to configure chat programs to use Tor when you login to your account, its difficult to make sure it uses Tor when creating new accounts (unless youre using Tails, in which case you dont have to worry because all your traffic uses Tor). Because of this, I recommend that you choose a Jabber server that lets you create a new account on their websites, so you can do it from Tor Browser instead of your chat program.
Here are a few Jabber servers that you can create new accounts on using Tor Browser, chosen at random from the public lists: ChatMe (based in Italy), CodeRollers (based in Romania), Darkness XMPP (based in Russia), KodeRoot (based in the U.S.), Jabber.at (based in Austria), Hot-Chilli (based in Germany), XMPP.jp (based in Japan), and the list goes on and on.
Ready to get started? Pick a Jabber server. Make up a username thats not associated with your real identity in any way. Make up a password that you dont use for anything else.
Create a Jabber account using Tor Browser. Now keep note of the server you created it on, your username and your password, and move on to the next sections for Android or Mac OS X or Windows and Linux.
Anonymous encrypted chat in Mac OS X
If you havent already, create a new Jabber account using Tor Browser by following the instructions in the Choosing a Jabber server section above. Make sure you know which Jabber server you created your account on and what your username and password are.
For this example, I created a Jabber account on the server xmpp.jp with the username pluto1.
Installing Adium and configuring your secret account over Tor
Download and install Adium, which is a Mac chat program that supports OTR encryption.
Make sure Tor Browser is open. While Tor Browser is open, a Tor service will be running in the background on your computer. When you close Tor Browser, the Tor service stops running. This means every time you wish to connect to your secret identity Jabber account you must have Tor Browser open in the background or Adium simply wont connect. Go ahead and open Tor Browser and keep it open for the rest of this tutorial.
Open Adium. The first time you open it youll see the Adium Assistant Wizard. Close this window well manually add an account so we can have access to advanced settings.
With the Contacts window selected, click Adium in the menu bar at the top and choose Preferences. Make sure the Accounts tab at the top of the window is selected. Click the + button in the bottom left to add a new account, and select XMPP (Jabber) from the dropdown.
Before doing anything else, switch to the Proxy tab. Check Connect using proxy and choose SOCKS5 from the dropdown list. In the Server field type 127.0.0.1 and in the Port field type 9150. Choose a unique username for this account and type anything in password field. These settings will ensure that Adium only connects to this account using Tor. The username and password fields are optional, but if you use them Tor will choose different circuits for this account in Adium than it will for everything else, which increases your anonymity.
Switch to the Privacy tab. Under the Encryption dropdown change Encrypt chats as requested to Force encryption and refuse plaintext.
Switch to the Options tab. Change whats listed in Resource (by default the name of your computer) to anonymous. Also, under Security check Require SSL/TLS.
Now switch back to the Account tab. Type your Jabber ID. My username is pluto1 and my Jabber server is xmpp.jp, so my Jabber ID is pluto1@xmpp.js. Type your password, and click OK to try connecting to this account when youre done.
Adium should now attempt to connect to your secret identity account over Tor. If all goes well, it should list your new account and say Online.
Encryption keys and fingerprints
You are now anonymously connected to your secret identity account using Tor. The next step is to set up an OTR encryption key. Each person who wishes to use OTR needs to generate their own key, which is a file that gets stored locally on the device you use for chatting. Each key has a unique string of characters called a fingerprint associated with it no two keys share the same fingerprint.
Lets create your OTR key. With the Contacts window selected, click Adium in the menu bar and choose Preferences. Go to the Advanced tab, and click on Encryption in the left sidebar. Select your secret identity account and click the Generate button to generate a new encryption key. When its done youll see your new OTR fingerprint.
In this example, I just created a new OTR key for my pluto1@xmpp.jp account with the fingerprint C4CA056C 922C8579 C6856FBB 27F397B3 2817B938. If you want to have a private conversation with someone, tell them your Jabber username and server as well as your OTR fingerprint. After they create an anonymous Jabber account and an OTR key, get them to tell you what their username, server and fingerprint are too.
Once you start an encrypted conversation with them, you will be able to see their fingerprint and they will be able to see your fingerprint. If the fingerprint they gave you matches the fingerprint you see in Adium, you can mark that contact as trusted. And if the fingerprint you gave them matches the fingerprint they see in their chat program, they can mark you as trusted.
This step is confusing, but also important. If the fingerprints dont match, this means that someone is attempting a man-in-the-middle attack against you. If this happens, dont mark the contact as trusted and try again later.
Adding contacts and conversing in private
Im trying to have a private conversation with my friend. They told me their Jabber account is pluto2@wtfismyip.com and their OTR fingerprint is A65B59E4 0D1FD90D D4B1BE9F F9163914 46A35AEE.
Now that Ive set up my pluto1 account, Im going to add pluto2 as a contact. First I select the Contacts window and then click the Contact menu bar at the top and choose Add Contact. I set Contact Type to XMPP, and enter pluto2@wtfismyip.com as their Jabber ID. Then I click the Add button to add them as a contact.
When you add a Jabber contact you cant immediately tell if theyre online or not. First you need them to consent to let you see their status. So now I need to wait for pluto2 to login and approve my contact request.
Oh good, pluto2 has authorized me to see when theyre online, and is asking if I allow them to see when Im online. Im selecting the their contact and clicking the Authorize button.
Now that I have added pluto2 as a contact the first time, they will appear on my contact list when theyre online. Now all I need to do is double-click on their name to start chatting with them.
I double-clicked on the pluto2 contact and typed hi.
Before it sent my message, Adium started a new OTR encrypted session. Notice that it says pluto2@wtfismyip.coms identity not verified. This means that while we have an encrypted chat going on, I cant be 100% confident that there isnt a man-in-the-middle attack going on.
It also popped up an OTR Fingerprint Verification box. Does the fingerprint that pluto2 gave me match the fingerprint that I see in that box?
Im comparing the fingerprint pluto2 gave me earlier with what Adium is telling me pluto2s fingerprint is, one character at a time. Let me see yup, theyre the same. This means that there is not an attack on our encryption, and I can safely click Accept. If I didnt have pluto2s OTR fingerprint, I would ask pluto2 what it is using an out-of-band method (not using this chat, since I dont know if this chat is trustworthy yet) and then verify that they match. If I dont have time for that now, I would click Verify Later.
You only have to do this verification step the first time you start an encrypted conversation with a new contact. If I login tomorrow and start a new conversation with pluto2, it should just work and be considered trusted.
And thats it. To recap: We have created an anonymous Jabber account using Tor. We have configured the chat program Adium to login to this account over Tor, and we have made a new OTR encryption key for this account. We have added a contact to this account, and verified that their OTR fingerprint is correct. And now we can start chatting with them with an extraordinarily high degree of privacy.
Anonymous encrypted chat in Windows and Linux
If you havent already, create a new Jabber account using Tor Browser by following the instructions in the Choosing a Jabber server section above. Make sure you know which Jabber server you created your account on and what your username and password are.
For this example, I created a Jabber account on the server wtfismyip.com with the username pluto2.
Windows and Linux instructions are in the same section because youll use the same piece of software, Pidgin. The steps are nearly identical for both operating systems, but Ill point out where they differ.
Installing Pidgin and configuring your secret account over Tor
If youre using Windows, download and install Pidgin, and then download and install the OTR plugin for Pidgin. Make sure Tor Browser is open. While Tor Browser is open, a Tor service will be running in the background on your computer. When you close Tor Browser, the Tor service stops running. This means every time you wish to connect to your secret identity Jabber account you must have Tor Browser open in the background or Pidgin simply wont connect. Go ahead and open Tor Browser and keep it open for the rest of this tutorial.
If youre using Linux, install the packages pidgin, pidgin-otr, and tor. In Ubuntu or Debian you can do this by typing sudo apt-get install pidgin pidgin-otr tor into a terminal, or by using the Ubuntu Software Center. Because youre installing Tor system-wide in Linux, theres no need to worry about keeping Tor Browser open in the background like in Windows or Mac OS X.
Open Pidgin. The first time you run it youll see a Welcome to Pidgin! screen. Click the Add button to add your secret identity account (if you already use Pidgin, you can add a new account by clicking the Accounts menu in the Buddy List window and choose Manage Accounts).
You should be at the Add Account window. Before you do anything else, switch to the Proxy tab. Set the proxy type to Tor/Privacy (SOCKS5). In the Host field type 127.0.0.1, and in the Port field type 9150 if youre using Windows and 9050 if youre using Linux. Choose a unique username for this account and type anything in password field. These settings will ensure that Pidgin only connects to this account using Tor. The username and password fields are optional, but if you use them Tor will choose different circuits for this account in Pidgin than it will for everything else, which increases your anonymity.
Switch back to the Basic tab. Under Protocol select XMPP. In the Username field type your username (mine is pluto2). In the Domain field type your Jabber server (mine is wtfismyip.com). In the Resource field type anonymous. In the Password field type your password, and optionally check the remember password box. When youre all set, click the Add button.
If all goes well, you should see a Buddy List window with the status Available.
Encryption keys and fingerprints
You are now anonymously connected to your secret identity account using Tor. The next step is to set up an OTR encryption key. Each person who wishes to use OTR needs to generate their own key, which is a file that gets stored locally on the device you use for chatting. Each key has a unique string of characters called a fingerprint associated with it no two keys share the same fingerprint.
Lets create your OTR key. In the Buddy List window, click the Tools menu and choose Plugins. You should see Off-the-Record Messaging as one of the plugins. Make sure you check the box next to it to enable it.
With Off-the-Record Messaging selected, click the Configure Plugin button. Select your secret identity account and click the Generate button to generate a new encryption key. When its done, youll see your new OTR fingerprint. While youre at it, check the Require private messaging box.
In this example, I just created a new OTR key for my pluto2@wtfismyip.com account with the fingerprint A65B59E4 0D1FD90D D4B1BE9F F9163914 46A35AEE. If you want to have a private conversation with someone, tell them your Jabber username and server as well as your OTR fingerprint. After they create an anonymous Jabber account and an OTR key, get them to tell you what their username, server and fingerprint are too.
Once you start an encrypted conversation with them, you will be able to see their fingerprint and they will be able to see your fingerprint. If the fingerprint they gave you matches the fingerprint you see in Pidgin, you can mark that contact as trusted. And if the fingerprint you gave them matches the fingerprint they see in their chat program, they can mark you as trusted.
This step is confusing, but also important. If the fingerprints dont match, this means that someone is attempting a man-in-the-middle attack against you. If this happens, dont mark the contact as trusted and try again later.
Adding contacts and conversing in private
Im trying to have a private conversation with my friend. They told me their Jabber account is 0060e404a9@jabber.calyxinstitute.org.
Now that Ive set up my pluto2 account, Im going to add 0060e404a9 as a contact. From the Buddy List window I click the Buddies menu and choose Add Buddy. I type 0060e404a9@jabber.calyxinstitute.org as the buddys username and click the Add button.
When you add a Jabber contact you cant immediately tell if theyre online or not. First you need them to consent to let you see their status. So now I need to wait for 0060e404a9 to login and approve my contact request.
Oh good, 0060e404a9 has authorized me to see when theyre online, and is asking if I allow them to see when Im online. I click the Authorize button.
Source: https://goo.gl/bV6ETo
Last edited by a moderator: