Dear Curtis, The best solution at the moment is to use the Jabber protocol for IM and SSL to connect to the servers, for the iPhone there are apps like:
* IMO * Monal * beejive (looks promising) * IM+ (looks promising) Though this is not encrypting the communication, the server connections are, just make sure there is no server in the middle. Please see the attached for my research, thus far...
How to have safe and secure instant messaging. (work in progress) First off, never use free corporate IM apps and always look for an OpenSource app that has Off the Record (OTR) encryption (as a plug in or built in). Even Skype in unsafe, it may have end to end encryption but is perhaps insecure as it can reveal the geographic location of both parties. Plus it has dubious arrangements with governments (and therefore intells) about divulging the records of its users. Even going to the extent of producing an extra government friendly version for the Chinese government to be able to hack into the user records. In any case you should use Jabber for your instant messaging platform, because it is: open source and non corporate, see: http://www.jabber.org/, plus is spread over 10000s of servers world wide, so can't ever have any down time due to server failures or upgrades. You can choose from a list of servers here: http://xmpp.org/services/ even if your chosen server is down chances are all the others won't be, so, can be best in some circumstances to have two accounts. One on the main jabber.org and another on a more local jabber server. So look for one that supports the XMPP protocol, which Jabber and well-known services such as Google Talk, Live Journal Talk, Nimbuzz, and Ovi all use. The desktop the best open-source software solutions are: On Mac Use the OpenSource Adium: http://www.adium.im/ Includes the OpenSource OTR plug in: http://www.cypherpunks.ca/otr/ (which allows for real time encrypted chats on the fly. (couldn't be easier) On Windows PCs / Linux Use the OpenSource Pidgin: http://www.pidgin.im/ But you must download separately the OpenSource OTR plug in: http://www.cypherpunks.ca/otr/ Cross-platform (multi - operating system capable) Psi - The Cross-Platform Jabber/XMPP Client for Power Users Psi is a multi-platform and standards-based instant messaging client available for Windows, Linux, Mac and more. http://psi-im.org/ Psi has what it calls "always-on security" (but its not alone in this) Using the same SSL technology that makes it possible for you to safely shop on the web, Psi automatically encrypts its communication with compatible IM servers to provide a secure connection over untrusted networks like public WiFi access points. For advanced security needs, Psi can also encrypt messages end-to-end with OpenPGP. But as of now "Off the Record"" (OTR) is only available as a plug in and on their wish list, see: http://forum.psi-im.org/thread/3872 and please join to add support to the OTR feature request. A developer has responded with: "There is a plugin available which works in general. But you have to patch the sources. (http://public.beuth-hochschule.de/~s30935/) I can't say anything about the future plans for Psi, but probably OTR will always be a plugin. The question is, when the plugin interface is stable and finished." Mobile phone/Device/PDA software solutions are: First off, same applies, never use free corporate mobile IM apps, as they don't work for nothing and so must be making money from your activities & conversations and make sure it supports Jabber via the XMPP protocol. (preferably with OTR, but as yet I have been unable to source such, please let me know if you do). The below text is from: http://www.flingtech.com/2009/01/trust-issues-iphone-im-apps.html "Fring is another company that goes to lengths to obscure their real identity. They hide the fact that they are from Israel. They know people aren't going to read their terms of use and notice that it is governed by the laws of the State of Israel. Some of my friends were shocked when I told them -- they stopped using Fring services and changed their Skype passwords." These Mobile Phone / PDA apps, allow you to use Jabber: * Quicksilver By Quantescape: looks very positive, and developers listen and are pushing for OTR ASAP * beejive (looks promising) * Bombus * BuddyMob * Chatopus * IM+ (looks promising) * imov Messenger * Jabber Mix Client * Monal (looks promising) but only one account at a time, is pretty poor these days, who has just one jabber IM account * Trillian - http://www.robtex.com/dns/trillian.im.html#records * Jabiru * Lampiro * m-im * mChat * OctroTalk * Talkonaut * Vayusphere * Mundu IM (OSE) (looks promising) As far as I know, as of writing, the best apps I have found for mobile IM is BeeJive: http://www.beejive.com though not yet with OTR, its promised. Please join in the requests in the forum or by email to the company to push it development along. And IM+: http://www.shapeservices.com/en/products/details.php?product=im these too have promised (OTR: http://www.cypherpunks.ca/otr/) so please join the lobby in the forums and pester the fuck out of the companies to make what they can do, better. Please if you can find a mobile (OpenSource is unlikely, but desirable) app, that uses OTR, please inform us, so we can update this draft! In any case, if no OTR in your instant messaging app, you must use OpenSource Jabber IM (XMPP) protocol: http://www.jabber.org/ its non corporate, plus is spread over 10000s of servers world wide, so can't ever have any down time due to server failures or upgrades, this needs you to have more than one account on different servers, but is not a problem as it all runs seamlessly in your multi-platform chat software). Jabber instant messaging can also be used in a Web Browser, with the below software, but some require installing on websevers. In any case make sure, is using via a webpage, that you are using https and not just http. And do not use for too long, even when over https as sessions can be cracked if used for too long (long is over 10mins). * Afflux * Claros Chat * emite * iJab * Jabbear * JWChat * SamePlace * SparkWeb * Tigase Messenger * Tigase Minichat * TrophyIM * wija - currently supports OpenPGP end-to-end encryption of messaging. * xmppchat But, way of a basic precaution, if you are unable to find a physical address for a softwares producer and/or receive no response, after enquiring about security, consider them suspect. News and Replies from developers: wija (Jabber/XMPP) - Swing-based graphical client in Java. GNU GPL.http://www.media-art-online.org/wija/ Kenji, thendeveloper says: The software is still being developed. Hopefully, I can release a new version this year. (I have OTR in the wish list.) For collaboration, please email: [email protected] or IM [email protected]
I totally agree there is BIG gap in the availability of mobile encryption, but Skype I would not trust. They have to obtain licences to operate on many countries and we know what that means. thanks rains On 17 Feb 2011, at 07:05, Curtis Ward wrote: > To: GPGTools Dev Group; Re: OpenPGP + any iPhone & Android opensource IM > client. > > BCC'd: 4 very important individuals. > > I just picked up an iPhone 4 two weeks ago and already I see a problem with > regards to privacy. Because these messages are traveling over public, not > private, airwaves, there needs to be very good security. Public airwaves > don't require warrants to be monitored by United States Law Enforcement. > Right now, all of those methods of fast communication are vulnerable to > govn't scrutiny. Even Skype has had it's encryption broken by the German > govn't. > > AND, now Skype is the only encrypted IM option available on my iPhone that I > can find. There doesn't appear to be an OpenPGP-based IM solution pushed > through either the Android or the iPhone markets. > > I beg you for one now. > > The State of Washington is about to violate the privacy of 40,000 patients. > The State should be successfully held at a distance from doctors and patients > with good instant messaging encryption. They have already seized & copied > citizen voter petitions and patient records this occurred (this later > occurred just a few weeks ago). > > The simpler the interface, the more of a chance that you'd be saving 40,000 > patient's lives by getting them to adopt it on their smartphones without fear > of intrusion by the State. I just tried playing nice with the State of > Washington Legislature for 5 months. They do not play nice and are not > interested in their most vulnerable citizens. > > At the least, I need to know what it would cost for you to make one and how > quickly you could do so. Phil Zimmerman is too busy (already asked him). > > Sincerest regards, > Curtis Ward > > 425-610-4135 (VOIP phone: not secure or private) > > _______________________________________________ > gpgtools-users mailing list > [email protected] > FAQ: http://www.gpgtools.org/faq.html > Changes: http://lists.gpgtools.org/mailman/listinfo/gpgtools-users > Unsubscribe: > http://lists.gpgtools.org/mailman/options/gpgtools-users/[email protected]?unsub=Unsubscribe&unsubconfirm=1 > > This email sent to: [email protected] -------------------------------------------------------------- FRIENDS OF PEOPLES CLOSE TO NATURE ~ INTERCULTURAL w: fPcN interCultural: https://www.fPcN-global.org w: fPcN Germany: http://www.naturvoelker.org e: [email protected] (only secure with GPG or S/MIME) Jabber IM: [email protected] (only secure with OTR) --------------------------------------------------------------
smime.p7s
Description: S/MIME cryptographic signature
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ gpgtools-users mailing list [email protected] FAQ: http://www.gpgtools.org/faq.html Changes: http://lists.gpgtools.org/mailman/listinfo/gpgtools-users Unsubscribe: http://lists.gpgtools.org/mailman/options/gpgtools-users/[email protected]?unsub=Unsubscribe&unsubconfirm=1 This email sent to: [email protected]
