Messaging privately and securely with the XMPP/Jabber Protocol
The one thing missing from Version 2 of the paper was the XMPP/Jabber Protocol and OTR (off-the-record) for messaging privately and securely. XMPP is very nice because it is a federate protocol, which means you can run your own server and have XMPP work on your own domain. Probably the best feature of XMPP is that OTR is built into it fluently. Off-The-Record (https://otr.cypherpunks.ca/) allows you to have private conversations over IM by providing encryption, authentication, deniability, and perfect forward secrecy. All things necessary in keeping yourself secure. When I initiate a conversation with someone over XMPP with OTR enabled, it stops the server from being able to see messages in plaintext as OTR is client-to-client not client-server-client. Once you have connected to someone over XMPP and enabled support for OTR in your client, you can verify their OTR fingerprint with them to make sure you are containing the real person and not someone in the middle.
Some really good clients that support XMPP are:
- ChatSecure (iOS) - https://chatsecure.org/
- Conversations.IM (Android) - https://conversations.im/
- Adium (MacOS) - https://adium.im/
- Pidgin (Linux/GNU & Windows) - https://pidgin.im/
Another neat aspect of OTR is that it is used in more areas than just XMPP. Clients like Adium (see above) make use of the OTR Protocol over IRC as well. One could connect to an IRC server and communicate securely in private messages with another individual whom has a client that supports OTR over IRC as well. This eliminates any chance of the server being able to log/monitor these private instances.