Instant Messaging (IM)

Мгновенные сообщения

Instant messaging is a convenient way to communicate with people online. In privacy terms, it's a bit better and easier to secure than email but in some situations a telephone call will offer you better privacy.

Мгновенные сообщения это удобный способ общения. С точки зрения приватности, мгновенные сообщения защитить немного проще чем электронные письма[создать]

Instant messaging software creates data stored on your computer (logs of your communications), transmits communications over the network (the messages traveling back and forth), and leaves communications stored on other computers (logs kept by the people you talk to, and sometimes logs kept by the IM provider).

Программы для мгновенных сообщений создают и сохраняют данные на вашем компьютере (историю вашей переписки), передают сообщения по сети (сообщения путешествуют взад и в перед), и оставляют следы на других компьютерах (историю переписки могут хранить люди с которыми вы общаетесь, также некоторые данные остаются у провайдера).

If you use IM without taking special precautions, you can assume that all of these records will be available to adversaries. The easiest way for an adversary to obtain the contents of your communications is from you, your correspondent, or your service provider, if any of those parties logs (stores) the messages. The more difficult way is to intercept the messages as they travel over the network.

Если вы используете мгновенные сообщения без необходимых предосторожностей, вы должны понимать что все эти данные могут быть доступны недоброжелателю. Самый простой способ получить данные вашей переписки это взять их у вас, вашего собеседника или у провайдера, при условии что кто-то из вас хранит историю переписки. Труднее перехватить сообщения во время их передачи.

Encrypt Your Instant Messaging Conversations as They Travel

Шифрование мгновенных сообщений во время передачи

To protect messages from interception as they travel over the network, you need to use encryption. Fortunately, there is an excellent instant messaging encryption system called OTR (Off The Record). Confusingly, Google has a different instant messaging privacy feature which is also called "Off The Record". To disambiguate them, this page will talk bout "OTR encryption" and "Google OTR". It's actually possible to be using them both at the same time.

Для защиты ваших сообщений во время передачи по сети, нужно использовать шифрование. К счастью, существует превосходная система шифрования "на лету" – OTR (Off The Record).У Google есть другая функция для обеспечения приватности мгновенных сообщений которая тоже называется "Off The Record". Что бы не запутаться будем называть их "OTR шифрование" и "Google OTR". Обе системы можно использовать одновременно.

If you and the person you are talking to both use OTR encryption, you have excellent protection for communications on the network, and you will prevent your IM provider from storing the content of your communications (though they may still keep records of who you talk to).

The easiest way to use OTR encryption is to use Pidgin or Adium X for your IMs (Pidgin is a program that will talk to your friends over the MSN, Yahoo!, Google, Jabber, and AIM networks; Adium X is similar program specifically for Mac OS X). If you're using Pidgin, install the the OTR encryption plugin for that client. Adium X comes with OTR built in.

With OTR encryption installed, you still need to do a few things for network privacy:

1. Read and understand OTR encryptions's information.
2. Make sure the people you are talking to also use OTR encryption, and make sure it's active. (In Pidgin, check for OTR:private or OTR:unverfied in the bottom right corner.)
3. Follow OTR encryption's instructions to "Confirm" any person you need to have sensitive conversations with. This reduces the risk of an interloper (including the government with a warrant) being able to trick you into talking to them instead of the person you meant to talk to. Recent versions of OTR encryption allow you to do this just by agreeing on a shared secret word that you both have to type ("what was the name of the friend who introduced us?"). Older versions required that both users check that their client reported the right fingerprint for the other client.

Understand and Control IM Logging on Your Machine

To protect the privacy of your IM conversations, you will need to decide what to do about logs kept on your computer. You have three choices:

• Configure your IM client to not keep logs
• Encrypt your hard disk
• Accept the risk that anyone who has access to your computer can read your old messages

If at some point you decide to configure your IM client not to keep logs, you may want to go back and delete previous logs using secure deletion software.

Be Aware of Logging on Others' Machines

As noted above, using OTR encryption will ensure that your IM service provider should be unable to log the contents of your communications. They will, however, be in a position to record who you talk to, and possibly record the timing and length of the messages you exchange.

OTR encryption does not stop the people you are talking to from logging your conversations. Unless you trust that they have disabled logging in their client or that they encrypt their hard disk and will not turn over its contents, you should assume that an adversary could obtain records of your conversations from the other party, either voluntarily or through subpoena or search.

Google OTR

Google OTR is a feature of the Google instant messaging service that allows you to request that neither Google nor the people your talk to should be able to log your conversations. Unfortunately, there is no plausible enforcement mechanism for this feature. The people you talk to could be using a different IM client (like Pidgin or Adium) that can log regardless of whether Google OTR is enabled — or they could take screenshots of your conversations. Your client might be able to tell you whether they are using a client that follows the OTR rules (such as Gmail or Gchat), but that won't tell you whether they are taking screenshots. The bottom line is that Google OTR is nice in theory but insecure in practice. Turn it on, but don't expect it to work if the other party uses a non-Google client or actively wants to record the converstion.

Назад | Дальше