- Global Voices Community Blog - https://community.globalvoices.org -

Your Weekly Security Tip: OTR!

Categories: Security Tips

In the last episode [1], I talked about CryptoCat, which allows for secure, ephemeral, group chats in a browser plug-in. Today I want to give you abrief introduction to OTR, or off-the-record messaging, which some folks at the summit were trained on.

DigiGes_PRISM01 [2]

Yes we scan – PRISM surveillance program protest at Checkpoint Charlie

OTR is a protocol [3] that allows for two people using certain chat protocols (such as Gchat or XMPP) to chat securely and encrypted. The main non-technical difference between CryptoCat and OTR is that OTR allows for end-to-end encryption [4] wherein each person possesses their own key.

OMG I'M SO CONFUSED!

Take a deep breath. Let me start over: The reason you might want to use OTR is that it allows you to have a chat with someone that only you and that person can see. The encryption means that the chat cannot be intercepted by government agencies, hackers, or other adversaries. Key verification [5] adds another layer of security, because it allows you to ensure that the other person you're chatting with is who they say they are, and not some stranger impersonating them.

Okay, I think I get it. So how do I use OTR?

OTR is available for Mac, and Windows users. It's also available for Android phones.

I've installed Adium/Pidgin/ChatSecure. What next?

First, pick your chat client.* If you're already using Gchat, that's the easiest way to start quickly and learn, or you can create a Jabber account (Try Dukgo [9] or check out this list [10])

Please read the guides linked above (or the guides in Security in a Box [11]!) to understand how to use the tools. If you don't understand something in the guides, let me know so I can fix it. Then, once you're ready…

LET'S TEST IT! Ask your friend to install any previously mentioned client, and chat them up for a test.

*Unfortunately, Google is being mean and has stopped allowing Gchat users to chat securely with users of other protocols. This means you can have an encrypted Gchat-to-Gchat conversation, or one between two Jabber clients, but not Gchat-to-Jabber or Facebook-to-Jabber.