Tor, XMPP, GPG, Internet security
by Jim Morgan
Several times over the last few months I have been in conversations which have made me more than a little uncomfortable. I’ve had people tell me things that I believe I only said in emails to which these people weren’t privy. I had one person initiate a text conversation by asking if the number he was texting was my phone or if it was the number where all my texts end up online.
What? I had no idea any of my text messages were online!!!
Now I realize that I am probably being more than a little paranoid, but it has happened often enough to me that I was worried.
My initial reaction was to close down all of my accounts and walk away. The internet was not worth having my life an open book for the world to see.
Being a net junkie I wasn’t quite ready to give it all up.
Besides, I have met some folks online that I consider as friends and I didn’t want to lose contact with them because of my paranoia.
I decided to fire up the IM client so I could keep up with my friends. I have never really been all that heavy into instant messaging but I found out a couple of rather exciting things about xmpp, which is my preferred way to im.
Firstly, xmpp is open protocol. This means no one “owns” it. When one use AIM or Skype or a host of other im services you are trapped into using the company providing the service and you can only communicate with people on that service. Not so with xmpp.
For a long time I have had an account with jabber.org, possibly the best known xmpp service around. I recently discovered that jabber.org is not totally free (libre) software. I found out about core.im which does use libre software in their service. I switched to core.im, reloaded my friends and was back to chatting in no time.
Neither jabber.org nor core.im track your ip addresses. Nor do they log your chats.
Privacy- what a cool idea!
I discovered that one can get their rss feeds through xmpp. I use jabrss, which is software libre. Whenever my feed updates it shoots a message to me on my im client.
I did discover that one can keep a blog using only xmpp. The site is juick.com. It is easy to use and seems pretty reliable, but it is not software libre so I have decided not to use it.
With some xmpp servers one can get transports which allow you to carry on chats with folks who may be on legacy chat services like Yahoo, AIM, and ICQ. I even discovered a couple of services which allow you to text message a phone!
The social web has become lifeblood for many of us. Using xmpp one can send and receive updates from Identica, Twitter and probably many other services.
The crowning jewel was when I found out that the search engine duckduckgo had an xmpp interface. Simply add email@example.com as a contact on your list and when you want to see something online just send a message to duckduckgo and it will send you the search results. Ddg doesn’t log or track your ip address at all.
For those of you who use google talk or Facebook chat, those are xmpp services.
My im client of choice also accesses irc. So I figured the combination of xmpp, irc, an anonymized browser with java and cookies disabled would be all that I would need for an enjoyable and hopefully safe web adventure.
About two weeks ago I discovered the wonderful world of encryption while messing around with my im client. I can encrypt my chats! Wow! I had heard about encryting emails before but didn’t quite understand how it worked.
While messing with the im client I discovered how easy it is to send and receive encrypted messages so I jumped in an gave it a try on the email. Dang, that’s too easy!
My im client on both my phone and my computer run through a proxy so that I can gain some anonymity. I haven’t figured out how to do that with my email clients yet but I am working on it. With encrypted messages and tor proxying email may become worthy again.
I have decided to keep all of the accounts that I was about to walk away from. Only I will remain a little paranoid. It’s not that I am worried about repercussions, as such. Now that I have learned a little bit about internet security, I am more concerned about our loss of privacy and anonymity.