How to circumvent Data Retention, Part 2 – OTR encryption

In a previous post (in Swedish) I discussed how to use remailers combined with GPG encryption to bypass certain feautures of data retention and wiretapping. There are however plenty of other protocols to secure, and the more we know, the less we suffer from recent intrusion in our wires.

Instant messaging is very popular among users, but the corporate standards all suffer from serious flaws. For example MSN-messenger, which is pre-installed on Windows machines, suffers from random censorship when pasting P2P links and is insecure enough to spread malware that will compromise your system. Skype is key-escrowed, so using that is equal to shout straight into the records of you local regime.

Your first rule of thumb is to choose a protocol which is open and maintained by a community, which is open enough for you to be able to host it on your own machine as a server. With the internet, escaping corporate enslavement is very easy. The basic rule with any protocol is – If you can host a service yourself, even only hypothetically, there is a line of flight from machinic enslavement!.

One such protocol is XMPP, which is supported by popular clients such as Pidgin, Adium, Empathy, Trillian and Mcabber. You can host your own XMPP server on an average Linux server, and then calmly wave goodbye to Microsoft and Skype. Second rule of thumb is: Do not ask your provider to secure your rights, enforce your rights by building your own infrastructure.

But, we don’t have to go as far as to install a server just to chat. Instead you can team up with your friends and share a server as a community. Telecomix did that, and the result is xmpp.telecomix.org. It’s very fancy!

Even though XMPP is usually encrypted between you and the server, you may add and extra layer of security with the next level method of Off The Record (OTR) encryption.

Let me explain why. A serious attacker on your chat-conversation, be it intrusive state surveillance or some random aggressor, may try to hijack the server by pretending to be the real one. This happens every now and then on your travels to certain states.

To remedy this effect, large-scale servers such as jabber.org use corporate signed certificates to make sure that you can trust them. However, corporate certificates can be bought and stolen, so it is a better idea to make your own ones.

Xmpp.telecomix.org has a self signed certificate. This means that your client will warn you that it is unable to find a valid signature for it. This is good, and means that we will validate it outside the automatic system. In your client you select ”view certificate” and you make sure that the fingerprint corresponds to:

5D:9F:B2:15:90:A0:DE:CD:FD:A3:6E:2A:A8:FB:F1:38:D8:40:12:EB

Now, of course, also my blog may be hijacked from wherever you are connecting (now we are talking paranoia, but it is important to understand the machinery of trust and ciphers). To remedy this, you may at any time demand to see the certificate again from a Telecomix sysop. Go to chat.telecomix.org and talk to us directly if you wish.

To add the extra layer of OTR encryption you need a good client that supports it. I am using Pidgin on Linux, which is dead easy to install – just hit sudo apt-get install pidgin pidgin-otr and you will get both the client and the OTR-plugin. Pidgin also runs smoothly on my Nokia N900 under Maemo Linux. On a Mac you may use Adium and I think that Windows users may hit Trillian to also use OTR.

While the first layer of encryption simply is general for the client and server (just like https), OTR is specific between two users. You and a friend are Off The Record in a literal sense.

Time for some screen shots to lighten up this very technical blog post:

Your first step is to create an account. Just add a cool nickname and set it to create an account on xmpp.telecomix.org (or some other XMPP server that you like).

As mentioned before, you must now check the certificate for Telecomix. View details and check the fingerprint (above) and make sure it corresponds to what your client tells you.

Then add buddies, above is a picture of me adding jaywalk. (The reason for him showing up in all my tutorials is because we hang out and hack in Gothenburg very often to tinker on next level cryptography).

Okay! You are still reading! Now it is time for serious military grade ciphers, so you are adviced to re-fill your cup of coffee because now it is time to trust. We trust in DJs, we sometimes trust in facebook.com, but most of all we trust our friends. This is why our ciphers will always be stronger than those of states!

If you have successfully installed the pidgin-otr plugin, you shall activate it under tools -> plugins. Then you will get an extra feature in all the chat windows thay you have.

OTR now creates a specific encryption key for each chat-conversation you will have. This means that you must verify that every friend of yours is who he or she appears to be on XMPP. To solve that you have a few methods at hand.

If you are in the same room, you will have the highest level of security. Just press the manual fingerprint verification, and look over each others shoulders to make sure the prints are correct. You may also phone your friend and read you fingerprint to him or her, since we recognize each others voices very easily.

You may also have a shared secret. You can make one up and share with your friend.

Once you have verified an OTR session, the chat window says ”private”, and you now speak in ciphers with your friend. It is end-to-end, from your computer to your friends computer, and anyone listening in during the vast intertubes, will only see ciphertext.

As with all uses of cryptography, there is no such thing as perfect security. You already know this, but it is worth mentioning that there may be advanced attacks on OTR and XMPP, so use everything cautiously. However, with plaintext communication in corporate systems, you know for sure that you are monitored. With good crypto, you have made it very hard for any authority to to gain unauthorized access to your conversations with friends.

Stay secure, stay Off The Record!

19 reaktioner till “How to circumvent Data Retention, Part 2 – OTR encryption”

  1. Sharpless: Thanks for the comment! As long as it supports the OTR plugin, it’s probably good. Don’t have a windows environment to test, but it is very important also to know how these systems work when working with these matters

  2. There is a jabber-specific CA at xmpp.net which is free of charge and provides certificates that most clients accept.

    The security may well be questioned but I can’t see how it could be worse than self-signed.

  3. OTR is just a weak version of GPG/PGP.

    PGP exists from many years. PGP can also be used for e-mails. PGP provides very strong security, and builds a trust network.

    So, why use OTR?

  4. Great article!
    I’m using an Austrian server right now, but will jot down the telecomix server for recommended resources to friends.

    I prefer Pidgin myself on Windows, and me and a friend have been using the OTR plugin for a while now. Works like a charm.

    Just to feel a little extra comfy (actual quality of actual comfortness to be discussed another day), I use the Pidgin Portable version for Windows, which I run inside a mounted TrueCrypt-encrypted volume, together with Thunderbird Portable (with Enigmail). At the end of the day — or when I close my netbook — my IM and mail software is tucked away in an encrypted file. (Which by accident, also makes it easy to backup).

  5. Jonas: Thanks for the comment! Won’t there be a risk for man in the middle attack if certificates can be bought or stolen, just like https?

    Grunt: Yes, as far as I understand it, OTR is weaker than GPG. The main reason for writing about OTR is its simplicity of use. And it’s always good to know your way around several encryption methods. But I also use GPG keys for instant messaging.

    Sir Trenton: Yes, encryption of the software itself is always a good idea. I prefer full disk encryption though, such as the LVM encryption which is the default one in Debian Linux.

  6. Christopher: When I run Linux, I use full disk encryption as well.
    However, most of my friends (and others) are 1. on Windows, 2. considering full disk encryption ‘too techie’ and too big a risk to muck things up.
    Hence I recommend them to at least pop in software like IMs and mail in a TC or FreeOTFE volume. 🙂

  7. I have a general question about, for example, VPN networks…

    Let’s say I get a VPN account to become a little more anonymous on the net. If I log into, for example, MSN using my new VPN tunnel, wouldn’t that destroy my privacy a bit? From FRA headquarters:

    – Hey, there is a guy here doing something we don’t want him to do.
    – Ok, what is his IP?
    – It’s from one of the VPN tunnels we struggle with.
    – Ok. See if someone is logged in on MSN using that IP.
    – There is. Jonas, he’s called. And he logged in on the same account using a Telia IP the other day.
    – Nice. Let’s get him.

    Is this a problem, or am I just being paranoid? =)

    Best regards, Jonas

  8. Sir Trenton: Yes, everything is so much easier in Linux when it comes to encryption.

    Jonas: Excellent comment! Yes, this is a very important vulnerability. VPNs can easily be mapped using your method, thus revealing the user. Some VPNs are better than others. No matter how strong they are, the weak point here is the user’s habits.

    But the main problem here is the MSN protocol. It goes through central and commercial servers, is mainly unencrypted, and very much discoverable.

    When/if you want to be fully anonymous, you should have designated accounts and software, even designated physical machines. And you need to think about what you do in every step of the process.

    So, for example, my account above (chrisk@xmpp.telecomix.org) is of course only my ”official” side.

  9. >OTR is just a weak version of GPG/PGP.

    No it’s not. They are quite different animals. For a complete rundown of why not please read the OTR authors own paper http://www.cypherpunks.ca/otr/otr-wpes.pdf , but one key differency is that OTR provides perfect forward secrecy (PFS).

    With PFS, even if some one gets hold of your private key they still cannot decrypt your old OTR messages.

    Why do you feel that it is weaker than GPG?

  10. Excellent stuff here! (Thanks for the hint Jesper)

    1. Too bad Skype opened the back door. I think they resisted Government pressure for quit a while, didn’t they? When did they officially go key-escrow?

    2. On a very similar idea to Jonas: Let’s asssume that a ( hypothetical 🙂 user in ( for example ) Sweden uses a VPN server outside his own country, to ask a question on a blog that resides in Sweden. Then encrypted and corresponding plain text traffic would pass the eyes of ( hypothetical ) electronic surveillance. Wouldn’t it be fairly easy, using a very moderate amount of brute force, for a government agency to match those two data streams in order to gain access to everything in ( that session of ) the VPN tunnel? So, not only the users identity but everything he does during that session?

    I am correct in assuming that subsequent VPN sessions would be safe, if he avoids visiting servers in his own country?

    Wouldn’t it actually be safer (in the case of the Swedish surveillance model) to avoid VPN for servers inside Sweden?

    x=

  11. Henrik: Yes. I haven’t read up properly on OTR yet, but perfect forward security is kind of cool.

    Väderkvarnen:

    1. I don’t have link to when they went bananas on selling keys to foreign states. Maybe when amazon bought them…

    2. Sure, it is probably possible. You probably make it harder with some constant random bittorrent or darknet application running in the background to force a lot of data. But I think this is also a possible intrusion even in darknets that are too small.

    The safest way is probably to spread your traffic over several jurisdictions. After all, data is much faster than bureaucracy!

  12. I think you meant to say: ”Maybe when eBay bought them.” 🙂

    Anyway, I have been trying to find info on Skype’s handling of the key escrow system. I only saw the ZDnet article you link to elsewhere, which mentions TOM-Skype in China; totally different IMHO. And I saw a couple of recent articles and blog-posts speculating about future risks with Skype technology vs. further legislation.

    I do not at all question the risks. Just curious about present day status. Links please? Thanks.

    X=

  13. Unfortunately, the OTR fingerprints are invisible when using Pidgin on a N900. There is too much text in the OTR plugin’s dialog box so the fingerprints would be outside the N900’s display and there is no way to scroll the dialog down to the fingerprints. Nice idea, bad implementation.

Kommentera

E-postadressen publiceras inte. Obligatoriska fält är märkta *

Time limit is exhausted. Please reload CAPTCHA.