It is nice to think that we all have personal privacy when carrying on a conversation, however the information you are sharing with the other individual is sent in a plain text. This means that anyone who has the ability to ’sniff’ your network traffic can read your conversation with little to no difficulty. Individuals with this ability might range from IT representatives at an organization you work for to a knowledgeable person sitting in the coffee shop with you.
Pidgin
I have used Pidgin for several years in windows, and when I made the switch to Linux I was pleased to find it was bundled with the distribution I chose (Ubuntu). Pidgin is a cross platform compatible multi-protocol chat utility that has many useful plugins.
Pidgin Encryption
Pidgin-Encryption is a plugin that transparently encrypts your instant messages using the RSA algorithm.
Analysis: Do I really need this kind of software?
Some people say; ‘oh your so paranoid’. You have to claw at what privacy and security you can ensure in this world. I wont spend time ranting about how our privacy ebbs away each moment, that is for another post. Here are two images, one is a conversation I was having with someone without using the pidgin-encryption plugin:
Un-Secure:
Ethereal sniffing packets on an un-secured conversation
Notice that the person was asking me ‘IS THIS SECURE?’ in the packet that I have selected. This is what anyone can see if you are using your instant messaging without any encryption.
Secure:
Ethereal sniffing packes on a secured aim conversation
Now you can see that the message has been obscured into cipher text.
Installation and Use:
If you are using AIM, then you must switch your protocol to ICQ. Chatting will function the exact same way because ICQ/AIM are interchangeable now. AIM however does not support using the pidgin encryption plugin at the time of me writing this post.
**Written for Pidgin 2.4.2 with Pidgin-Encryption 3.0 and people communicating using AIM/ICQ**
Windows:
1. Download Pidgin-Encrpytion: http://pidgin-encrypt.sourceforge.net/ Install the executable, should be very strait forward
2. Change your account protocol to ICQ, or create a new account using the ICQ Protocol
1. In pidgin, go to Accounts->Manage (Ctrl+A)
2. If you have already created an account then you must uncheck it (sign out) and then edit the protocol to be ICQ
3. Enable the Pidgin-Encryption plugin by going to Tools->Plugins (Ctrl+U), just scroll down until you locate the plugin and check the box.
Linux – Ubuntu:
1. Use Synaptics package manager to obtain Pidgin-Encrpytion or run:
sudo apt-get install pidgin-encryption
2. Change your account protocol to ICQ, or create a new account using the ICQ Protocol
1. In pidgin, go to Accounts->Manage (Ctrl+A)
2. If you have already created an account then you must uncheck it (sign out) and then edit the protocol to be ICQ
3. Enable the Pidgin-Encryption plugin by going to Tools->Plugins (Ctrl+U), just scroll down until you locate the plugin and check the box.
The software will now generate your private key. When speaking with other people who have the plugin installed and enabled you will see a small padlock on the IM window. Enable encryption by clicking on the padlock and you are ready to go!
File Permission Issue:
I have seen pidgin more than once spit an error out regarding the permissions of the files your keys are stored in:
In this scenario you can run this command to apply the proper permissions:
sudo chmod go= ~/.purple/id ~/.purple/id.priv ~/.purple/known_keys