Silk Road forums

Discussion => Security => Topic started by: Megatherium on June 29, 2011, 11:26 am

Title: Jabber/XMPP + OTR
Post by: Megatherium on June 29, 2011, 11:26 am
GPG has been the standard choice for encrypted communication around these parts which is fully understandable. I personally though prefer using IM because a lot of points and questions can turn up after you've sent your email and it takes basically ages to reach a final agreement.

So how can we IM securely with each other? The answer is in the Topic.

XMPP is a protocol which can do a lot of things, one of them being Jabber: instant messaging. There are a bunch of servers: http://www.jabberes.org/servers/ which you can use and sure you can be paranoid about who runs them, but the point is as moot as with GPG because the encryption happens end to end with OTR (off the record messaging) which encrypts your whole communication and has plausible deniability because in the end you can't tell which user used which key. See: http://www.cypherpunks.ca/otr/ (people being a bit longer around will know that cypherpunks have a quite a reputation among cryptologists).

All you basically need to is download a IM program that supports XMPP and OTR (I use pidgin), select a server and create an account (can all be done within pidgin) and the you can add contacts that are written like TestGuy@jabber.org. In the plugins menu activate OTR and don't forget to check (uncheck?) that no history of OTRed sessions is made. When talking with a contact and activating OTR it will first say unverified. There are several ways of authenticating your contact, the easiest probably being one of you asks a question which only the other can answer (may be something agreed upon before your first jabber contact via other means).

I'm just putting it out there because it is as safe a gpg und IMHO more comfortable.

Feedback, comments, etc. all welcome.
Title: Re: Jabber/XMPP + OTR
Post by: g4bb3r on June 29, 2011, 09:18 pm
You should also be using Tor as a proxy when signing in, otherwise the jabber server will have your IP.
Title: Re: Jabber/XMPP + OTR
Post by: streetpharmacy on June 29, 2011, 10:55 pm
Even better: Use a .onion jabber server  ;)
Title: Re: Jabber/XMPP + OTR
Post by: Megatherium on June 30, 2011, 09:59 pm
I somehow get you gist, but give me a reality check here: is it really that bad in the USA that they're shooting subpoenas left and raids right all under the patriot act that the plausible deniability from OTR won't cut it. If this is truly the world of 2011' small time narcotic enterpreneurs then even Orwell would've pissed his pants. If this is truly your legal reality and not some kind of paranoid delusion than I feel a bit chosen... wow.
Title: Re: Jabber/XMPP + OTR
Post by: smartattack on January 09, 2012, 11:59 pm
I just set up a jabber account on jabber.ccc.de using pidgin and tor as proxy. I use jabber.ccc.de because apparently it has a .onion addrres (okj7xc6j2szr2y75.onion) but it doesn't work (works fine with the normal address). One more question: I can't figure if i should check the "use remote dns with socks4 proxies" option or not.
Title: Re: Jabber/XMPP + OTR
Post by: cloud9ne on January 10, 2012, 04:13 am
okj7xc6j2szr2y75.onion is down according to @jabbercccde due to maintenance (new HDs)
Title: Re: Jabber/XMPP + OTR
Post by: jtemp102311 on January 10, 2012, 04:49 am
I somehow get you gist, but give me a reality check here: is it really that bad in the USA that they're shooting subpoenas left and raids right all under the patriot act that the plausible deniability from OTR won't cut it. If this is truly the world of 2011' small time narcotic enterpreneurs then even Orwell would've pissed his pants. If this is truly your legal reality and not some kind of paranoid delusion than I feel a bit chosen... wow.

:)
Title: Re: Jabber/XMPP + OTR
Post by: smartattack on January 10, 2012, 11:57 am
okj7xc6j2szr2y75.onion is down according to @jabbercccde due to maintenance (new HDs)
Thanks for the info.
What about the remote dns option?
Title: Re: Jabber/XMPP + OTR
Post by: cloud9ne on January 11, 2012, 09:16 am
the ccc website provides DNS servers for anonymity/non censorship as some ISPs censor their DNS servers

remote dns means you use that proxy's DNS (you want this) and not your own ISPs dns so they can't see what you're doing, but if you've changed all your dns to the above ccc servers it doesn't matter

run this page into google translate
http://www.ccc.de/censorship/dns-howto/
Title: Re: Jabber/XMPP + OTR
Post by: smartattack on January 11, 2012, 11:34 am
Ok, thanks again cloud9ne.