Still working to recover. Please don't edit quite yet.
encrypted chat clients
An encrypted chat client allows you to text chat online without any worries of eavesdropping by your ISP, workplace, or other entity in an interconnected network. Instant messaging tools and IRC connections are one of the least secure communication tools available. While not yet perfect, the tools listed below make the process of chatting online more secure and anywhere from very anonymous to confirming your identity using digital signatures.
- Problem: There's too many to chose from below - which one do I pick?
- Answer: So far, there is no standard in IM security yet so the person you are talking to must download and install the same client you have. See the "Tested" group below for suggestions.
If you have tried an IM client, please share your experience on the discussion page.
Contents
Tested
- AIM - One of the most popular IM clients, it is also the most attacked by programs like AIMSniff. As of AOL's Windows IM client 5.2+, users have access to encrypted communications. If you don't wish to spend any money on a real security certificate, AIMEncrypt.com offers their own self-signed cert (SSL-based). However, the description on their site gives the impression that they know nothing about encryption, merely a distribution point for their certificate.
- Filetopia www.filetopia.com - Available for Windows and WINE emulation - a peer-to-peer service that includes a fully encrypted interface to its growing network. Under gradual, continual developed, this service is ambitious, attempting to offer secure voice communication as well as secure file sharing service and secure chat. Probably the easiest encrypted chat client available. However, there is no way to confirm a person's identity online, as with some PGP and GPG-enabled clients.
- For Internet connections that block specific file-sharing ports, Filetopia allows the use of random port selection.
- GAIM - the only recommended cross-platform solution and one of the most popular SourceForge projects, allows an encryption plugin gaim-encryption.sourceforge.net for the GAIM Instant Messaging tool. Uses the chat networks AIM (Oscar and TOC protocols), ICQ, MSN Messenger, Yahoo Messenger, IRC, Jabber, Gadu-Gadu, and Zephyr simultaneously. Also supports those networks' features like away messages and profiles.
- Once installed, go into "Plugins" under "Preferences" and chose the checkbox next to Gaim-Encryption. The rest of the process is seamless. See the GAIM Encryption Plugin for more information.
- WASTE - A beta-release software product and protocol that enables secure distributed communication for small (on the order of 10-50 nodes) trusted groups of users. Provides instant messaging, group chat, file browsing/searching, file transfer.
- Test Results: this system works if one user has a traceable IP address. For instance, users behind an ISP-controlled NAT may be unable to use this system. (As of June 2005)
- PRIVARIA - a free, open-source, GPL Groupware product with encryption and authentication.
- Test Results: Windows installation and setup found to be very buggy. Abandoned test after the 3rd error message.
- MirandaIM www.miranda-im.org - Available with many security-related plugins as well as GPG support for identity confirmation. Quote from web site:
- "Open-source, GPL multi-protocol instant messenger client that uses very little memory and is extremely fast. Requires no installation and can be fit on a single floppy. Its powerful plugin system makes Miranda IM very flexible. Only the most basic features are built in, but there are currently more than 150 free plugins available for download that allows users to extend the functionality of Miranda IM."
- Test Results: Testing shows that two plugins SecureIM and GPG do function but require some effort to enable. Non-technical users (most people) may flinch at the setup time involved. (As of Feb 2004)
Untested:
Multi-Platform
- SILC - Secure Internet Live Conferencing silcnet.org - A stable protocol, toolkit, server and client implementations using public key cryptography to confirm identity; Alice can also make sure she's chatting with Bob and not anyone else.
- Silky http://silky.sf.net/ - An OS-independent graphical SILC client. Uses GTK.
- Invisible IRC Project www.invisiblenet.net/iip - A well-developed project to create a secure connection using any IRC program.
- Jabber client with SSL Jabber.org Clients with SSL capability that can also communicate with users of other instant messaging systems (AIM, ICQ, Yahoo, MSN, etc), though not securely. Only other Jabber clients will be able to connect securely. IRC is advertised, it largely doesn't work and some installation tests so far have been buggy.
- Supporting Clients:
- JAJC Just Another Jabber Client jajc.ksn.ru Very feature-rich, but proprietary and Windows-only. Allows PGP and SSL support
- Exodus exodus.jabberstudio.org
- MyJabber www.myjabber.net
- PSI http://psi.affinix.com/
- rhymbox rhymbox.com
- Tipic.com http://www.tipic.com/ - SSL
- PGP for ICQ Downloadable with both International PGP 8.0 freeware. May also be available in the International PGP version. Presumably, not free for corporate use.
- IMpasse - www.im-passe.com (commercial, for-cost tool) works for AIM, Yahoo, and MSN
- Project SCIM (Secure Cryptographic Instant Messaging) projectscim.com - Free, Java-based Public Key software for many operating systems (Mac, Windows, UNIX, etc). Allows for peer-to-peer communications which will not involve SCIM's central server.
- PSST psst.sourceforge.net - Unmaintained, encrypted, peer-to-peer voice and text chat without central server. Works on Windows, Linux and DOS. The development of this project seems to be stopped but it is opensource so it is possible to take the sources to add some features.
- OTR (Off-the-Record Messaging) www.cypherpunks.ca/otr - Off-the-Record (OTR) Messaging allows you to have private conversations over instant messaging by providing: Encryption; No one else can read your instant messages. Authentication; You are assured the correspondent is who you think it is. Deniability; The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified. Perfect forward secrecy; If you lose control of your private keys, no previous conversation is compromised.
- There is a local proxy which encrypts AIM protcol conversations and functions on many platforms (linux, windows, MacOS) a GAIM plugin is also available.
- This solution does not encrypt file transfers at this time.
Windows-Only
- SIMP - winfosec.com/simp.php a blessedly simple program that allows secure chat connections. Free for commercial or non-commercial use, no registration, no central server, no advertisements, and open-source (although the license concerning future development is unclear). Requires:
- 1. Have a mutual password with the other person (not a [[Public-Key Cryptosystem|public key] system) and ...
- 2. You know your IP address and the address of your recipient. That's it!
- SIMP-pro/lite - www.secway.fr
- Simp Pro secures your MSN, Yahoo!, ICQ, AOL instant messenger, Jabber and Google Talk clients.
For corporate environments and more demanding users, SimpPro encrypts and authenticates messages as well as file transfers (MSN Messenger only), making it the most comprehensive instant messenger security add-on. It is also easily administered using GPOs.
- With Simp Lite, free version of the Simp product line, you can secure one of the following services:
MSN Messenger, Yahoo! Messenger, ICQ/AOL Instant Messenger (AIM), Jabber/Google Talk. Fully compatible with Simp Pro and Simp Server.
- Crypto Heaven www.cryptoheaven.com - (commercial, for-cost tool) - some very nice features for businesses or organizations that need a secure community solution including medical establishments with its HIPAA compliance.
- PGP-ICQ samopal.org/soft/pgpicq homepage - a different program, open-source, that also looks good.
- Encrypted Messenger - www.secureshuttle.com - an apparently free service that provides a secure messaging tool and many other features including secure file transfer, secure voice messaging, IRC-style "rooms," or meeting places for groups.
- Cipher Chat - free software that requires both client and server installation. Not open-source, apparently unmaintained and should not be considered highly secure.
Mac OS X only
- Fire http://fire.sf.net/ - open source multi-protocol application supporting GPG encryption.
Non-Windows (*NIX)
- Yeemp homepage - uses GPG over SSL and is largely decentralized.
- GAIL www.gale.org/docs - open-source, GPL IM tool in beta stage that has its own wiki.
- KVIRC www.kvirc.net - KDE IRC client in the beta stage with SSL support, including DCC file-transfer and certificates. Check the FAQ for information on the SSL features. May require IPv6 compliance.
- LICQ Licq.org has SSL support and a GPG plugin available for authentication. Available for any POSIX-compliant system.
- Irssi Irssi.org an IRC client with SSL support. Also there are various scripts for using encrypted IRC between queries and channels.
Related:
This article is based on a public domain infoAnarchy article: Encrypted_Chat_Clients | iA |