
This chart covers the kind of information we should all have access to about the software we use. It would be fantastic to see more projects and companies follow Cryptocat's lead, and tell their users who can see their data.
Jabber with OTR



What does it let you do? Jabber, also called XMPP (thanks for another great name, computer scientists!), isn't a specific program or service. It's a protocol, which is a term for an established procedure for doing something on the net. In particular, Jabber is a protocol for text-based chat, also called Instant Messaging, between two people.
OTR ("Off the Record") is a plug-in that encrypts text chat content so that only you and the person you’re corresponding with can read it.
"Only the actual content of your messages is encrypted with OTR, but usually the XMPP channel is secured with SSL as well," says Chris Ballinger, creator of Chatsecure, a Jabber client for iOS devices. Ballinger listed some of the metadata that is visible if your service doesn't use SSL, which is separate from OTR message encryption. (Again, see part one for details.) Ballinger's list included:
- When you started or stopped typing
- Your availability
- Your status messages
- When you send or received a message
- The sender and recipient of each message (full Jabber ID)
- Your buddy list
- A constant stream of your buddies status updates.
What does it replace? It can replace SMS on phones, or IM and Facebook Chat online. Unlike proprietary services like Facebook Chat and Google Hangouts, Jabber lets you talk to anyone who also speaks Jabber, even if they're not using the same service you are.
The Jabber protocol isn’t itself secure or private, though most Jabber services will use SSL to encrypt your traffic. With OTR, which is built into some clients and is a separate add-on for others, you can encrypt your messages so that even the Jabber server can’t read them; only the person you’re talking to can. OTR is one of the easiest forms of encryption. All you need is an OTR-capable chat program.
OTR-encrypted IM is reportedly the way Edward Snowden initially corresponded with Guardian journalist Glenn Greenwald.
Jabber Clients
Chatsecure for iOS Devices
By default, Chatsecure tries to use SSL to talk to your Jabber server, but it can switch off SSL. The advanced options allow you to "Force TLS," which is another name for SSL.
Gibberbot for Android devices
The creator of Gibberbot, the Guardian Project, specifically makes software for people who need security. Using the software can be difficult, but it doesn’t let you make too many mistakes. Gibberbot won’t connect to a server without using SSL. Gibberbot can also be used with Tor, which we’ll come to in a bit.
Pidgin for Windows/Linux; Adium for Mac OS X
You download Pidgin for Windows and Linux from pidgin.im and Adium for Mac OS X from adium.im.
While they’re easy to use and also interoperate well with services like Facebook Chat and AIM as well as Jabber, these programs might not be secure by default, so you should check your settings. In both of them you have to hunt through menus to “edit” or “modify” your Jabber account. On Pidgin, SSL is under the “Advanced” menu as "Require encryption" inside the accounts screen and may already be enabled. On Adium, it’s under “Options” as "Require SSL/TLS." You have to enable SSL to be sure you're using it.
More Articles
- Government Accountability Office Findings - Antibiotic Resistance: Federal Agencies Have Taken Steps to Combat the Threat, But Additional Actions Needed
- Rose Madeline Mula Writes: I’ve Got A Secret – NOT!
- Jo Freeman Reviews: Mythologies of State and Monopoly Power by Michael E. Tigar
- PBS' Frontline Online: How Amazon Convinced Millions of People to Welcome “Listening Devices” Into Their Homes
- England's Information Commissioner's Office, Publishes Code to Protect Children’s Privacy Online: "We need our laws to protect children in the digital world too”
- Opening Statement of Marie L. Yovanovitch to the House of Representatives Permanent Select Committee on Intelligence, Committee on Foreign Affairs, & Committee on Oversight and Reform October 11, 2019
- If You Have Any Variety of Smart Beds, Sleep Apps Or Mattress Pads, They Know When You Sleep, Toss and Turn and May Be Able to Tell When You're Having Sex
- GAO: A Comprehensive Re-evaluation Needed to Better Promote Future Retirement Security
- Are Border Walls Necessary? What the Research Says About Them
- Document: SECDEF Mattis’ Resignation Letter