Encrypted Chat Clients
Allow you to text chat online without any worries of eavesdropping by your ISP, workplace, or other entity in an interconnected network. Instant messaging tools and IRC connections are one of the least secure communication tools available. While not yet perfect, the tools listed below make the process of chatting online more secure and anywhere from very anonymous to confirming your identity using digital signatures.
- Problem: There's too many to chose from below - which one do I pick?
- Answer: So far, there is no standard in IM security yet so the person you are talking to must download and install the same client you have. See the "Tested" group below for suggestions.
If you have tried an IM client, please share your experience on the discussion page.
- OTR (Off-the-Record Messaging) www.cypherpunks.ca/otr - Off-the-Record (OTR) Preferred iA system, provides Cross-Platform messaging allows you to have private conversations over instant messaging by providing: Encryption; No one else can read your instant messages. Authentication; You are assured the correspondent is who you think it is. Deniability; The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified. Perfect forward secrecy; If you lose control of your private keys, no previous conversation is compromised.
- There is a GAIM plugin available from the OTR homepage.
- There is a Miranda IM plugin available from the Miranda plugin repository, there's a guide on using it
- There is a IRSSI plugin available from the irssi-otr project
- The Adium X instant messenger client for MacOS X has OTR support out of the box!
- There is a local proxy which encrypts AIM protcol conversations and functions on many platforms (Linux, Windows, MacOS)
- Note: at this writing, this system does not encrypt file transfers.
- AIM - One of the most popular IM clients, it is also the most attacked by programs like AIMSniff. As of AOL's Windows IM client 5.2+, users have access to encrypted communications. If you don't wish to spend any money on a real security certificate, AIMEncrypt.com offers their own self-signed cert (SSL-based). However, the description on their site gives the impression that they know nothing about encryption, merely a distribution point for their certificate.
- Filetopia www.filetopia.com - Available for Windows and WINE emulation - a peer-to-peer service that includes a fully encrypted interface to its growing network. Under gradual, continual developed, this service is ambitious, attempting to offer secure voice communication as well as secure file sharing service and secure chat. Probably the easiest encrypted chat client available. However, there is no way to confirm a person's identity online, as with some PGP and GPG-enabled clients.
- For Internet connections that block specific file-sharing ports, Filetopia allows the use of random port selection.
- GAIM - the only recommended cross-platform solution and one of the most popular SourceForge projects, allows an encryption plugin OTR (described below) available for many IM services or the gaim-encryption.sourceforge.net exclusively for the GAIM Instant Messaging tool. Allows multiple chat networks AIM (Oscar and TOC protocols), ICQ, MSN Messenger, Yahoo Messenger, IRC, Jabber, Gadu-Gadu, and Zephyr to be encrypted simultaneously.
- For GAIM encryption plugin, once installed, go into "Plugins" under "Preferences" and chose the checkbox next to Gaim-Encryption. The rest of the process is seamless. See the GAIM Encryption Plugin for more information.
- WASTE - A beta-release software product and protocol that enables secure distributed communication for small (on the order of 10-50 nodes) trusted groups of users. Provides instant messaging, group chat, file browsing/searching, file transfer.
- Miranda IM www.miranda-im.org - Available with many security-related plugins as well as GPG support for identity confirmation. Quote from web site:
- "Open-source, GPL multi-protocol instant messenger client that uses very little memory and is extremely fast. Requires no installation and can be fit on a single floppy. Its powerful plugin system makes Miranda IM very flexible. Only the most basic features are built in, but there are currently more than 150 free plugins available for download that allows users to extend the functionality of Miranda IM."
- Test Results: Testing shows that two plugins SecureIM and GPG do function but require some effort to enable. Non-technical users (most people) may flinch at the setup time involved. (As of Feb 2004)
- SILC - Secure Internet Live Conferencing silcnet.org - A stable protocol, toolkit, server and client implementations using public key cryptography to confirm identity; Alice can also make sure she's chatting with Bob and not anyone else.
- Invisible IRC Project www.invisiblenet.net/iip - A well-developed project to create a secure connection using any IRC program.
- Jabber client with SSL Jabber.org Clients with SSL capability that can also communicate with users of other instant messaging systems (AIM, ICQ, Yahoo, MSN, etc), though not securely. Only other Jabber clients will be able to connect securely. IRC is advertised, it largely doesn't work and some installation tests so far have been buggy.
- Supporting Clients:
- PGP for ICQ Downloadable with both International PGP 8.0 freeware. May also be available in the International PGP version. Presumably, not free for corporate use.
- IMpasse - www.im-passe.com (commercial, for-cost tool) works for AIM, Yahoo, and MSN
- Project SCIM (Secure Cryptographic Instant Messaging) projectscim.com - Free, Java-based Public Key software for many operating systems (Mac, Windows, UNIX, etc). Allows for peer-to-peer communications which will not involve SCIM's central server.
- PSST psst.sourceforge.net - Unmaintained, encrypted, peer-to-peer voice and text chat without central server. Works on Windows, Linux and DOS. The development of this project seems to be stopped but it is opensource so it is possible to take the sources to add some features.
- SIMP - winfosec.com/simp.php a blessedly simple program that allows secure chat connections. Free for commercial or non-commercial use, no registration, no central server, no advertisements, and open-source (although the license concerning future development is unclear). Requires:
- 1. Have a mutual password with the other person (not a [[Public-Key Cryptosystem|public key] system) and ...
- 2. You know your IP address and the address of your recipient. That's it!
- SIMP-pro/lite - www.secway.fr
- Simp Pro secures your MSN, Yahoo!, ICQ, AOL instant messenger, Jabber and Google Talk clients.
For corporate environments and more demanding users, SimpPro encrypts and authenticates messages as well as file transfers (MSN Messenger only), making it the most comprehensive instant messenger security add-on. It is also easily administered using GPOs.
- With Simp Lite, free version of the Simp product line, you can secure one of the following services:
MSN Messenger, Yahoo! Messenger, ICQ/AOL Instant Messenger (AIM), Jabber/Google Talk. Fully compatible with Simp Pro and Simp Server.
- Crypto Heaven www.cryptoheaven.com - (commercial, for-cost tool) - some very nice features for businesses or organizations that need a secure community solution including medical establishments with its HIPAA compliance.
- Encrypted Messenger - www.secureshuttle.com - an apparently free service that provides a secure messaging tool and many other features including secure file transfer, secure voice messaging, IRC-style "rooms," or meeting places for groups.
- Cipher Chat - free software that requires both client and server installation. Not open-source, apparently unmaintained and should not be considered highly secure.
Mac OS X only
- KVIRC www.kvirc.net - KDE IRC client in the beta stage with SSL support, including DCC file-transfer and certificates. Check the FAQ for information on the SSL features. May require IPv6 compliance.
- LICQ Licq.org has SSL support and a GPG plugin available for authentication. Available for any POSIX-compliant system.
- Irssi Irssi.org an IRC client with SSL support. Also there are various scripts for using encrypted IRC between queries and channels.