harvey
10-03-2013, 11:00 AM
https://dl.dropboxusercontent.com/u/10621288/grove/image/guide/pidgin/bird.png
INFORMATION
This guide will explain how to use the OTR protocol for private communications using Pidgin for Windows/Linux.
NOTE
There are alternative ways of using the OTR protocol for communications on other operating systems:
GibberBot (http://link.cur.lv/gibberbot) (Android)
ChatSecure (http://link.cur.lv/chatsecure) (IOS)
Adium (http://link.cur.lv/adium) (Mac)
DOWNLOAD
Pidgin (http://link.cur.lv/pidgin)
OTR Plugi (http://link.cur.lv/otr)n
Download and install Pidgin to "C:\Program Files\Pidgin " on to your computer.
Download and install the OTR plugin to "C:\Program Files\Pidgin-OTR " on to your computer.
Pidgin and the OTR plugin are open source, so they are trusted software.
SETUP ACCOUNT
Run Pidgin, and click "Accounts", then click "Manage Accounts", and then click the "Add..." button.
Under the "Basic" tab, change the "Login Options" "Protocol" to XMPP, as we are going to use Jabber (http://link.cur.lv/jabber) for this.
For the "Username", pick any username you wish. This should be random, and completely un-related to you in any form.
For the "Domain", use "dukgo.com ". (NOTE: DukGo (http://link.cur.lv/dukgo) domain is recommended because it is owned by DuckDuckGo (hhttp://link.cur.lv/duckduckgo), a company that highly supports internet privacy and does not keep any logs.)
For "Resource", leave this blank, as it is optional. The less information on an account, the better.
For "Password", use a very strong password. (NOTE: Read the Password Management (http://link.cur.lv/password-management) tutorial.)
For "Remember password", leave this un-checked. In-case your computer was ever to be compromised, there is no passwords stored or automatic logins occurring.
For "Local alias", pick any alias you wish. This should be random, and completely un-related to you in any form.
Lastly, check "Create this new account on the server".
https://dl.dropboxusercontent.com/u/10621288/grove/image/guide/pidgin/account%201.png
Under the "Advanced" tab, change your settings to look exactly like the settings below:
https://dl.dropboxusercontent.com/u/10621288/grove/image/guide/pidgin/account%202.png
Under the "Proxy" tab, you can configure Pidgin to use a proxy, which is high recommended. (Read the Proxy section (http://link.cur.lv/proxy-anonymous) of the Anonymous tutorial.)
NOTE: The proxy settings can be configured either per-account, in the account proxy settings, or globally in the Pidgin client proxy settings.
SETUP CLIENT
Click "Tools" and then click "Preferences". Change your settings to look exactly like the settings below:
https://dl.dropboxusercontent.com/u/10621288/grove/image/guide/pidgin/settings%201.png
https://dl.dropboxusercontent.com/u/10621288/grove/image/guide/pidgin/settings%202.png
The proxy tab can be used to setup your client to use a proxy. (Read the Proxy section of the Anonymous tutorial.)
NOTE: The proxy settings can be configured either per-account, in the account proxy settings, or globally in the Pidgin clients proxy settings.
SETUP PLUGIN
Click "Tools", and then click "Plugins".
Find the "Off-the-Record Messaging" plugin, and enable it with the check box. (NOTE: It is recommend to disable all other plugins.)
Click the OTR plugin, and then click the "Configure Plugin" button, on the bottom.
Click the "Generate" button in "My private keys", and wait for it to generate you a fingerprint for your account. (NOTE: This may take a while to complete.)
Change your settings to look exactly like the settings below:
https://dl.dropboxusercontent.com/u/10621288/grove/image/guide/pidgin/otr.png
CHATTING
Now that your Pidgin client it set up correctly, you can start using it to have private communications with people.
Have another person follow this tutorial, so their client is setup correctly, as well.
Get your friends username and jabber server. For example, if your username is "test", and the server is "test.com", their name is going to be "[email protected]".
Click "Buddies", and then click "New Instant Message..." and type in their name.
Keep in mind, not everyone who uses jabber to message people have OTR setup, so once the IM window opens, click "OTR" and click "Start private conversation".
You will be alerted in the IM window when your conversation is off the record.
OTHER
The most important thing to remember, is the concept behind this. Nothing is logged, and you have no name.
You do not use a username or alias related to you. You do not say any names, or anything that could be used to identify you.
You do not add contacts or authorized fingerprints. That can prove you know and/or associated with that person, if compromised.
You do not accept files being transferred to you directly on Pidgin.
This account should be used for off the record messaging only, do not use it to message friends. Make a separate account for that.
If you do make a separate account for messaging friends via any service (Jabber, Facebook, Aim, etc...) do not use the same proxy settings for this account.
Say your client is behind Tor, your supa sekret OTR jabber is using the same IP as your Facebook account on Pidgin.
You are not anonymous, unless behind a proxy or VPN. You are just having a private conversation. Ensure you are on a secure computer that does not have your keystrokes or network being monitored.
You should know what plausible deniability is also. It is a legal concept that refers to lack of evidence proving an allegation.
While there are no logs stored during an OTR conversation, the session itself is still going on. The person you are conversing with could be compromised.
Have some type of code word setup in the greetings you give your buddy to determine if the chat is compromised, or actually coming from our real buddy.
Here is an example of the theory in practice:
Alice : Hey friend, are you there?
Alice : I would like to chat!
Bob : Hi friend, I am here!
Bob : Let's have a chat!
Alice and Bob both talk it over and determine that any time they chat, they will begin the chat exactly like above, to ensure a safe communication session.
In the event that Bob has their account compromised, that person wont know how to start a conversation correctly using this concept, when sending or receiving a message from Alice.
Here is an example of a compromised chat:
Alice : Hey friend, are you there?
Alice : I would like to chat!
Bob : Yeah, what's up?
Alice : Oh nothing, just donating my money to a local church, brb man...
As you can see, Bob did not know the correct code word greeting concept that Alice and the real Bob determined. Bob is compromised, so end communication immediately.
The above example is one that should not be used, every code word greeting should be unique per-buddy.
Make sure you are also wearing your tin-foil hat inside of your home made of tin-foil before doing anything!
--------------------------------------------------
This tutorial, and all my other guides, can also be viewed on my DropBox here (http://link.cur.lv/supasekret).
I wrote all of these guides to help people understand how to do a number of things on the internet correctly.
Please do not rip or take credit for my guides, you may share them, but share the Dropbox or this thread.
Enjoy.
INFORMATION
This guide will explain how to use the OTR protocol for private communications using Pidgin for Windows/Linux.
NOTE
There are alternative ways of using the OTR protocol for communications on other operating systems:
GibberBot (http://link.cur.lv/gibberbot) (Android)
ChatSecure (http://link.cur.lv/chatsecure) (IOS)
Adium (http://link.cur.lv/adium) (Mac)
DOWNLOAD
Pidgin (http://link.cur.lv/pidgin)
OTR Plugi (http://link.cur.lv/otr)n
Download and install Pidgin to "C:\Program Files\Pidgin " on to your computer.
Download and install the OTR plugin to "C:\Program Files\Pidgin-OTR " on to your computer.
Pidgin and the OTR plugin are open source, so they are trusted software.
SETUP ACCOUNT
Run Pidgin, and click "Accounts", then click "Manage Accounts", and then click the "Add..." button.
Under the "Basic" tab, change the "Login Options" "Protocol" to XMPP, as we are going to use Jabber (http://link.cur.lv/jabber) for this.
For the "Username", pick any username you wish. This should be random, and completely un-related to you in any form.
For the "Domain", use "dukgo.com ". (NOTE: DukGo (http://link.cur.lv/dukgo) domain is recommended because it is owned by DuckDuckGo (hhttp://link.cur.lv/duckduckgo), a company that highly supports internet privacy and does not keep any logs.)
For "Resource", leave this blank, as it is optional. The less information on an account, the better.
For "Password", use a very strong password. (NOTE: Read the Password Management (http://link.cur.lv/password-management) tutorial.)
For "Remember password", leave this un-checked. In-case your computer was ever to be compromised, there is no passwords stored or automatic logins occurring.
For "Local alias", pick any alias you wish. This should be random, and completely un-related to you in any form.
Lastly, check "Create this new account on the server".
https://dl.dropboxusercontent.com/u/10621288/grove/image/guide/pidgin/account%201.png
Under the "Advanced" tab, change your settings to look exactly like the settings below:
https://dl.dropboxusercontent.com/u/10621288/grove/image/guide/pidgin/account%202.png
Under the "Proxy" tab, you can configure Pidgin to use a proxy, which is high recommended. (Read the Proxy section (http://link.cur.lv/proxy-anonymous) of the Anonymous tutorial.)
NOTE: The proxy settings can be configured either per-account, in the account proxy settings, or globally in the Pidgin client proxy settings.
SETUP CLIENT
Click "Tools" and then click "Preferences". Change your settings to look exactly like the settings below:
https://dl.dropboxusercontent.com/u/10621288/grove/image/guide/pidgin/settings%201.png
https://dl.dropboxusercontent.com/u/10621288/grove/image/guide/pidgin/settings%202.png
The proxy tab can be used to setup your client to use a proxy. (Read the Proxy section of the Anonymous tutorial.)
NOTE: The proxy settings can be configured either per-account, in the account proxy settings, or globally in the Pidgin clients proxy settings.
SETUP PLUGIN
Click "Tools", and then click "Plugins".
Find the "Off-the-Record Messaging" plugin, and enable it with the check box. (NOTE: It is recommend to disable all other plugins.)
Click the OTR plugin, and then click the "Configure Plugin" button, on the bottom.
Click the "Generate" button in "My private keys", and wait for it to generate you a fingerprint for your account. (NOTE: This may take a while to complete.)
Change your settings to look exactly like the settings below:
https://dl.dropboxusercontent.com/u/10621288/grove/image/guide/pidgin/otr.png
CHATTING
Now that your Pidgin client it set up correctly, you can start using it to have private communications with people.
Have another person follow this tutorial, so their client is setup correctly, as well.
Get your friends username and jabber server. For example, if your username is "test", and the server is "test.com", their name is going to be "[email protected]".
Click "Buddies", and then click "New Instant Message..." and type in their name.
Keep in mind, not everyone who uses jabber to message people have OTR setup, so once the IM window opens, click "OTR" and click "Start private conversation".
You will be alerted in the IM window when your conversation is off the record.
OTHER
The most important thing to remember, is the concept behind this. Nothing is logged, and you have no name.
You do not use a username or alias related to you. You do not say any names, or anything that could be used to identify you.
You do not add contacts or authorized fingerprints. That can prove you know and/or associated with that person, if compromised.
You do not accept files being transferred to you directly on Pidgin.
This account should be used for off the record messaging only, do not use it to message friends. Make a separate account for that.
If you do make a separate account for messaging friends via any service (Jabber, Facebook, Aim, etc...) do not use the same proxy settings for this account.
Say your client is behind Tor, your supa sekret OTR jabber is using the same IP as your Facebook account on Pidgin.
You are not anonymous, unless behind a proxy or VPN. You are just having a private conversation. Ensure you are on a secure computer that does not have your keystrokes or network being monitored.
You should know what plausible deniability is also. It is a legal concept that refers to lack of evidence proving an allegation.
While there are no logs stored during an OTR conversation, the session itself is still going on. The person you are conversing with could be compromised.
Have some type of code word setup in the greetings you give your buddy to determine if the chat is compromised, or actually coming from our real buddy.
Here is an example of the theory in practice:
Alice : Hey friend, are you there?
Alice : I would like to chat!
Bob : Hi friend, I am here!
Bob : Let's have a chat!
Alice and Bob both talk it over and determine that any time they chat, they will begin the chat exactly like above, to ensure a safe communication session.
In the event that Bob has their account compromised, that person wont know how to start a conversation correctly using this concept, when sending or receiving a message from Alice.
Here is an example of a compromised chat:
Alice : Hey friend, are you there?
Alice : I would like to chat!
Bob : Yeah, what's up?
Alice : Oh nothing, just donating my money to a local church, brb man...
As you can see, Bob did not know the correct code word greeting concept that Alice and the real Bob determined. Bob is compromised, so end communication immediately.
The above example is one that should not be used, every code word greeting should be unique per-buddy.
Make sure you are also wearing your tin-foil hat inside of your home made of tin-foil before doing anything!
--------------------------------------------------
This tutorial, and all my other guides, can also be viewed on my DropBox here (http://link.cur.lv/supasekret).
I wrote all of these guides to help people understand how to do a number of things on the internet correctly.
Please do not rip or take credit for my guides, you may share them, but share the Dropbox or this thread.
Enjoy.