Chatting in Secret While We’re All Being Watched

How to have encrypted chats across four computing platforms — without compromising your identity or partner.

When you pick up the phone and call someone, or send a text message, or write an email, or send a Facebook message, or chat using Google Hangouts, other people find out what you’re saying, who you’re talking to, and where you’re located. Such private data might only be available to the service provider brokering your conversation, but it might also be visible to the telecom companies carrying your Internet packets, to spy and law enforcement agencies, and even to some nearby teenagers monitoring your Wi-Fi network with Wireshark.

But if you take careful steps to protect yourself, it’s possible to communicate online in a way that’s private, secret and anonymous. Today I’m going to explain in precise terms how to do that. I’ll take techniques NSA whistleblower Edward Snowden used when contacting me two and a half years ago and boil them down to the essentials. In a nutshell, I’ll show you how to create anonymous real-time chat accounts and how to chat over those accounts using an encryption protocol called Off-the-Record Messaging, or OTR.

If you’re in a hurry, you can skip directly to where I explain, step by step, how to set this up for Mac OS X, Windows, Linux and Android. Then, when you have time, come back and read the important caveats preceding those instructions.

One caveat is to make sure the encryption you’re using is the sort known as “end-to-end” encryption. With end-to-end encryption, a message gets encrypted at one endpoint, like a smartphone, and decrypted at the other endpoint, let’s say a laptop. No one at any other point, including the company providing the communication service you’re using, can decrypt the message. Contrast this with encryption that only covers your link to the service provider, like an HTTPS web connection. HTTPS will protect your message from potential snoops on your Wi-Fi network (like the teenager with Wireshark) or working for your telecom company, but not from the company on the other end of that connection, like Facebook or Google, nor from law enforcement or spy agencies requesting information from such companies.

A second, bigger caveat is that it’s important to protect not only the content of your communications but also the metadata behind those communications. Metadata, like who is talking to whom, can be incredibly revealing. When a source wants to communicate with a journalist, using encrypted email isn’t enough to protect the fact that they’re talking to a journalist. Likewise, if you’re a star-crossed lover hoping to connect with your romantic partner, and keep your feuding families from finding out about the hook-up, you need to protect not just the content of your love notes and steamy chats, but the very fact that you’re talking in the first place. Let’s take a quick look at how to do that.

Secret identities

Meet Juliet, who is trying to get in touch with Romeo. Romeo and Juliet know that if they talk on the phone, exchange emails or Skype chats, or otherwise communicate using traditional means, there’s no way to hide from their powerful families the fact that they’re communicating. The trick is not to hide that they’re communicating at all, but rather that they’re Romeo and Juliet.

Juliet and Romeo decide to make new chat accounts. Juliet chooses the username “Ceres,” and Romeo chooses the username “Eris.” Now when Ceres and Eris have an encrypted conversation it will be harder for attackers to realize that this is actually Juliet and Romeo. When Juliet’s accounts are later audited for evidence of communicating with Romeo — her short-tempered cousin is a bit overbearing, to say the least — nothing incriminating will show up.

Of course, just making up new usernames alone isn’t enough. It’s still possible, and sometimes even trivial, to figure out that Ceres is actually Juliet and Eris is actually Romeo.

Juliet is logging into her Ceres account from the same IP address that she’s using for everything else on her computer (e.g. emails with her favorite friar). If her Internet activity is being logged (it almost certainly is; all of our Internet activity is being logged), it would be easy to connect the dots. If the chat service is forced to hand over the IP address that the Ceres account connects from, they’ll turn over Juliet’s IP address. Romeo has the same problem.

Third-party services, like telecom companies and email providers, have access to private information about their users, and according to the third-party doctrine, these users have “no reasonable expectation of privacy” for this information. And it’s not just illicit lovers who are exposed by this doctrine; even journalists, who can sometimes assert special privilege under the First Amendment, have to be wary of who handles their communications. In 2013, the Justice Department obtained the phone records of Associated Press journalists during a leak investigation. And many news organizations don’t host their own email, making their email vulnerable to U.S. government requests for data — the New York Times and Wall Street Journal outsource their email to Google, and USA Today outsources its email to Microsoft. (This is why we run our own email server at The Intercept.)

Anonymity

In order to keep the fact that she’s communicating private, Juliet must keep a bulletproof separation between her Ceres identity and her real identity. At the moment, the easiest and safest way to do this is by using Tor, the open source and decentralized anonymity network.

Tor is designed to let you use the Internet anonymously. It’s a decentralized network of volunteer “nodes,” computers that help forward and execute Internet requests on behalf of other computers. Tor keeps you anonymous by bouncing your connection through a series of these nodes before finally exiting to the normal Internet. If a single node is malicious, it won’t be able to learn both who you are and what you’re doing; it might know your IP address but not where on the Internet you’re headed, or it might see where you’re headed but have no idea what your IP address is.

Most people who have heard of Tor know about Tor Browser, which you can use to browse the web anonymously. But it’s also possible to use other software to visit Internet services other than the web anonymously, including chat and email.

If Romeo and Juliet use Tor to access their Eris and Ceres chat accounts, and if their conversation is end-to-end encrypted using OTR, then they can finally have a secret conversation online — even in the face of pervasive monitoring.

Juliet and Romeo, having a secret encrypted conversation from anonymous chat accounts (Martha Pettit)

Attackers from all sides

Now that Romeo and Juliet have registered new, anonymous chat accounts using Tor, let’s probe all of the moving parts for weaknesses.

Juliet’s side: An attacker that is monitoring Juliet’s Internet traffic will be able to tell that part of it is Tor traffic, but they won’t have any information about what she’s using Tor for. If they check out who she’s emailing, Skyping with, calling, and texting, they won’t have any evidence that she’s talking to Romeo. (Of course, using the Tor network in and of itself can be suspicious, which is why The Intercept recommends that sources who wish to remain anonymous contact us from a personal computer using a network connection that isn’t associated with their employer. In other words, Juliet might seek out a Starbucks or public library, to be extra safe.)

Romeo’s side: An attacker monitoring Romeo’s Internet traffic will be able to tell that part of it is Tor traffic. If the attacker looks into who Romeo is emailing, calling, texting, and Skyping with, Juliet won’t be on that list.

Chat server’s side: The chat service itself will be able to tell that someone coming from a Tor IP address created the user Ceres, and someone coming from a Tor IP address created the user Eris, and that these two users are sending scrambled messages back and forth. It won’t have any way of knowing that Ceres is actually Juliet or that Eris is actually Romeo, because their IP addresses are masked by Tor. And it won’t have any way of knowing what Ceres and Eris are saying to each other because their messages are all encrypted with OTR. These accounts could just as easily belong to a whistleblower and a journalist, or to a human rights activist and her lawyer, as they could to two mutual crushes trading poetry.

Even with taking these measures, there is quite a bit of metadata you might leak if you aren’t careful. Here are some things to keep in mind:

  • Make sure to use Tor when you create your chat account, not just when you use it.
  • Make sure you never login to that account when you’re not using Tor.
  • Make sure you don’t choose a username that might betray your real identity — don’t use a pseudonym that you’ve used in the past, for example. Instead, make up a random username that doesn’t have anything to do with you. People often think of anonymous accounts that they create as alter egos. They come up with a cool pseudonym and grow attached to that identity. But it’s better to think of secret identities as disposable and temporary: Their purpose is to mask your real identity, not to highlight a piece of it. A random string like “bk7c7erd19” makes a better username than “gameofthronesfan.”
  • Don’t re-use a password you use elsewhere. Reusing passwords is not only bad security, but could also de-anonymize you if an account associated with your real identity shares the same password associated with your a secret identity.
  • Be aware of which contacts you communicate with from which secret identity accounts. If one of your contacts is exposed, it can increase the chances that other contacts you communicate with from the same account will also be exposed. There’s nothing wrong with making a new chat account for each project, or for each contact, to reduce the risk of your whole anonymous network unravelling.
  • Don’t give any other identifying information to the chat service.
  • Be aware of your habits. If you login to your chat account in the morning when you start using your computer and log off in the evening when you’re done with work, you’ll be leaking to the chat server what timezone you’re in and what your work hours are. This might not matter to you, but if it does, it’s best to make appointments with your contacts for specific times to meet online.
  • Be aware of what else you do using your Tor IP address. If you use Tor to login to both your secret chat account and a chat account that’s publicly associated with you, the server logs could be used to link your anonymous account to your real identity. You can force Tor to choose separate circuits for each account by choosing a unique SOCKS proxy username and password, but more on that below.

Tor isn’t perfect

Tor represents state-of-the-art online anonymity, but providing true anonymity is a nearly impossible problem to solve. There’s an ongoing arms race with Tor developers and academic researchers on one side, and powerful attackers that would like to be able to secretly de-anonymize or censor Tor users on the other.

Tor has never been secure against a “global adversary” — an adversary that can spy on all Tor nodes around the world in real-time — because such an adversary would be able to see traffic from Tor users enter the network, watch it bounce around the world, and then watch it leave the network, making it clear which traffic belongs to which user.

But despite all this, Snowden documents published by The Guardian show that the combined spying power of the Five Eyes (the U.S., U.K., Canada, Australia and New Zealand) doesn’t yet count as a “global adversary,” at least not as of June 2012 when that top-secret presentation was given. It appears that the Western intelligence agencies are only able to opportunistically de-anonymize random unlucky users, and have never been able to de-anonymize a specific user on demand.

As promising as this seems, Tor might not always protect your identity, especially if you’re already under close surveillance. The story of Jeremy Hammond’s arrest illustrates this point well.

The FBI suspected that Hammond might be part of the LulzSec hacker group, which went on a digital crime spree in 2011. Specifically, they suspected he might go by the pseudonym “sup_g” in an online chat room. They set up physical surveillance of Hammond’s apartment in Chicago, watching what servers he connected to from his Wi-Fi network. An FBI affidavit states that “a significant portion of the traffic from the Chicago Residence to the Internet was Tor-related traffic.” The FBI used a low-tech traffic correlation attack to confirm that Hammond was indeed “sup_g.” When Hammond left his apartment, Tor traffic stopped flowing from his house and “sup_g” logged out of chat. When he came back home, Tor traffic started flowing again and “sup_g” appeared back online. Because he was already a prime suspect, Tor didn’t protect his identity.

Tor isn’t magic; it’s a tool. The human using it still needs to know what they’re doing if they wish to remain anonymous.

Endpoint security

There’s another caveat to all of this. If Juliet’s computer is hacked, the hacker will be able to know exactly what she’s doing on it. Same with Romeo. You can encrypt as much as you want and bounce your encrypted traffic around the world to your heart’s content, but if an attacker can read your keystrokes as you type them and see exactly what’s on your screen, you can’t hide from them.

It’s extremely difficult to prevent your computer from getting hacked if you’re the target of an attacker with resources. You can lower your risks of getting hacked by using a separate device that you only use for secure communication, because the computer you use for all your daily activities has far more opportunities to get hacked.

Another option is to use Tails for private conversations. Tails is an entirely separate operating system that you install on a USB stick and that can be used safely even if your normal operating system has been hacked. While Tails can give you a much higher degree of security when communicating privately online, it is a very advanced tool. New users will likely spend many frustrating days troubleshooting, especially if they aren’t already comfortable with Linux.

For most users it’s perfectly fine to use your regular operating system to have private conversations online despite the risk of getting hacked; it’s certainly preferable to giving up and leaking metadata that you shouldn’t leak. It’s also much more convenient, and is an easy way to get started if you just casually want some privacy and nothing serious is at stake.

First contact

When you want to have a private conversation with someone online, it’s not always clear how to start. If you can meet in person, establishing your private communication channel is simple: Just trade usernames, chat servers, and OTR fingerprints (more on this below) when you meet up.

Meeting in person is often not possible. You might be too far away, or one side of the conversation might wish to remain anonymous from the other side. And even if you want to meet in person, how do you communicate this online to begin with while still hiding the fact that you’re communicating with this person at all?

To initiate first contact with Romeo, Juliet needs to create an anonymous secret identity that she uses just to make first contact with Romeo’s public identity. She could email Romeo from an anonymous email address. Most free email services require new users to provide a phone number to make an account, and some block Tor users altogether, which makes creating an anonymous account annoying. She could also make an anonymous social media account and use it to contact Romeo’s public account.

If possible, she should encrypt the first contact messages that she sends to Romeo. It’s much more straightforward to do this if Romeo publishes a PGP key. At The Intercept all of our journalists publish our PGP keys on our staff profiles. If you’re a source wanting to make first contact with a journalist that works for an organization with SecureDrop, you could use that to make first contact without having to worry about making new accounts anonymously or dealing with PGP keys. The Intercept uses SecureDrop.

When she makes first contact, Juliet should tell Romeo what chat server she has made an account on, what her username is, what her OTR fingerprint is, and what time she’ll be waiting online. She might also need to give Romeo instructions for getting set up himself, perhaps linking to this article.

When Juliet and Romeo are both anonymously logged into secret identity accounts and are having an OTR-encrypted conversation, they’re almost there. Depending on how Juliet made first contact, a close look at Romeo’s email or social media accounts might reveal the username of Juliet’s secret identity — she had to tell it to him somehow, after all. It could be possible for investigators to work from there to uncover Romeo’s secret identity as well.

To prevent anything like this from happening, it’s a good idea for Juliet and Romeo to burn these chat accounts and move onto new ones, leaving no trails behind. Indeed, whenever Juliet and Romeo feel like it makes sense, they should abandon their old chat accounts in favor of new ones, complete with new OTR keys. There are hundreds of public chat servers, and making new accounts costs nothing.

From theory to practice

Now that you understand the operational security theory behind maintaining secret identities, it’s time to actually practice.

This might sound daunting, but I’m confident you can do it. Just follow these step-by-step instructions for Mac OS X, Windows, Linux, and Android. (Unfortunately there’s no way to connect to chat servers anonymously on iPhones.) Try practicing with it a friend first.

Jabber and Off-the-Record

I’ve been discussing “chat servers,” but what I actually mean is Jabber (also known as XMPP) servers. Jabber is an open protocol for real-time chat – it’s not a specific service in the way that Signal, WhatsApp, or Facebook is. It’s a decentralized and federated service, kind of like email. I can send an email from my @theintercept.com address to your @gmail.com address, because The Intercept‘s and Gmail’s email servers rely on the same standard protocol.

Similarly, anyone can run a Jabber server, and many organizations do, including Calyx Institute, Riseup, Chaos Computer Club, and DuckDuckGo, to name a few. There are hundreds of other public Jabber servers. Many organizations run private Jabber servers for their employees, including The Intercept‘s parent company First Look Media (theintercept.com). The chat service HipChat is powered by Jabber under the hood, and its competitor Slack offers a Jabber gateway.

Since Jabber is decentralized, akiko@jabber.calyxinstitute.org (this is a Jabber account, not an email address) can chat with boris@dukgo.co. But if both sides of a conversation — both Romeo and Juliet, in our example — use the same server for their Jabber accounts, they’ll leak less metadata about their conversations. Messages will stay within in the same server rather than getting sent over the internet.

Unlike email, most Jabber servers let anyone create accounts using Tor, and don’t require that you provide any identifying information at all. In fact, many Jabber servers run Tor hidden services to make it so Tor users can connect without having to leave the Tor network at all. That is quite an advanced topic, however, and to keep it simpler I won’t use hidden services in the tutorials below.

Off-the-Record (OTR) is an encryption protocol that can add end-to-end encryption to any chat service, including Jabber. In order to have an encrypted chat, both sides of the conversation need to use chat software that supports OTR. There are several options, but the tutorials below will use Adium for Mac users, Pidgin for Windows and Linux users, and ChatSecure for Android users. ChatSecure is also available for iOS, but using it with Tor isn’t fully supported on an iOS device.

Choosing a Jabber server

If you’re planning on setting up your secret identity chat account in Android, skip straight down to the Android section. ChatSecure for Android has great built-in support for creating anonymous throw-away secret identity accounts.

For everyone else, stop. Download and install Tor Browser. Open it, and load this article in that browser instead of the one you were using. You’re using Tor now? Good. This is an important step because I don’t want you to leave your real IP address in the web logs of every Jabber server you’re considering using – that would be a clue that could later be used to deanonymize your secret identity.

There are hundreds of Jabber servers to choose from. You can find lists of some of the public Jabber servers here and here. Which should you choose?

The server won’t know who you are (you’ll connect using Tor) or what you’re saying (you’ll use OTR to encrypt your messages), so you don’t need to trust it. Still, you might want to pick one that you think is unlikely to hand over logs to your government, and that is happy with Tor users making secret identity accounts.

The most common way that people create Jabber accounts is directly through their chat software. While it’s easy to configure chat programs to use Tor when you login to your account, it’s difficult to make sure it uses Tor when creating new accounts (unless you’re using Tails, in which case you don’t have to worry because all your traffic uses Tor). Because of this, I recommend that you choose a Jabber server that lets you create a new account on their websites, so you can do it from Tor Browser instead of your chat program.

Here are a few Jabber servers that you can create new accounts on using Tor Browser, chosen at random from the public lists: ChatMe (based in Italy), CodeRollers (based in Romania), Darkness XMPP (based in Russia), KodeRoot (based in the U.S.), Jabber.at (based in Austria), Hot-Chilli (based in Germany), XMPP.jp (based in Japan), and the list goes on and on.

Ready to get started? Pick a Jabber server. Make up a username that’s not associated with your real identity in any way. Make up a password that you don’t use for anything else.

Create a Jabber account using Tor Browser. Now keep note of the server you created it on, your username and your password, and move on to the next sections for Android or Mac OS X or Windows and Linux.

Choose your operating system:

(There is no guide for iOS because, although ChatSecure for iOS has experimental support for Tor, the developers don’t recommend people rely on it for their anonymity until it has been further audited by security experts.)

Anonymous encrypted chat in Mac OS X

If you haven’t already, create a new Jabber account using Tor Browser by following the instructions in the “Choosing a Jabber server” section above. Make sure you know which Jabber server you created your account on and what your username and password are.

For this example, I created a Jabber account on the server xmpp.jp with the username “pluto1”.

Installing Adium and configuring your secret account over Tor

Download and install Adium, which is a Mac chat program that supports OTR encryption.

Make sure Tor Browser is open. While Tor Browser is open, a Tor service will be running in the background on your computer. When you close Tor Browser, the Tor service stops running. This means every time you wish to connect to your secret identity Jabber account you must have Tor Browser open in the background or Adium simply won’t connect. Go ahead and open Tor Browser and keep it open for the rest of this tutorial.

Open Adium. The first time you open it you’ll see the Adium Assistant Wizard. Close this window – we’ll manually add an account so we can have access to advanced settings.

With the Contacts window selected, click Adium in the menu bar at the top and choose Preferences. Make sure the Accounts tab at the top of the window is selected. Click the “+” button in the bottom left to add a new account, and select “XMPP (Jabber)” from the dropdown.

A new dialog will appear that lets you configure an account.

Before doing anything else, switch to the Proxy tab. Check “Connect using proxy” and choose “SOCKS5” from the dropdown list. In the Server field type “127.0.0.1” and in the Port field type “9150”. Choose a unique username for this account and type anything in password field. These settings will ensure that Adium only connects to this account using Tor. The username and password fields are optional, but if you use them Tor will choose different circuits for this account in Adium than it will for everything else, which increases your anonymity.

Switch to the Privacy tab. Under the “Encryption” dropdown change “Encrypt chats as requested” to “Force encryption and refuse plaintext”.

Switch to the Options tab. Change what’s listed in Resource (by default the name of your computer) to “anonymous”. Also, under Security check “Require SSL/TLS”.

Now switch back to the Account tab. Type your Jabber ID. My username is “pluto1” and my Jabber server is “xmpp.jp”, so my Jabber ID is “pluto1@xmpp.jp”. Type your password, and click OK to try connecting to this account when you’re done.

Adium should now attempt to connect to your secret identity account over Tor. If all goes well, it should list your new account and say “Online”.

Encryption keys and fingerprints

You are now anonymously connected to your secret identity account using Tor. The next step is to set up an OTR encryption key. Each person who wishes to use OTR needs to generate their own key, which is a file that gets stored locally on the device you use for chatting. Each key has a unique string of characters called a fingerprint associated with it – no two keys share the same fingerprint.

Let’s create your OTR key. With the Contacts window selected, click Adium in the menu bar and choose Preferences. Go to the Advanced tab, and click on Encryption in the left sidebar. Select your secret identity account and click the Generate button to generate a new encryption key. When it’s done you’ll see your new OTR fingerprint.

In this example, I just created a new OTR key for my pluto1@xmpp.jp account with the fingerprint C4CA056C 922C8579 C6856FBB 27F397B3 2817B938. If you want to have a private conversation with someone, tell them your Jabber username and server as well as your OTR fingerprint. After they create an anonymous Jabber account and an OTR key, get them to tell you what their username, server and fingerprint are too.

Once you start an encrypted conversation with them, you will be able to see their fingerprint and they will be able to see your fingerprint. If the fingerprint they gave you matches the fingerprint you see in Adium, you can mark that contact as trusted. And if the fingerprint you gave them matches the fingerprint they see in their chat program, they can mark you as trusted.

This step is confusing, but also important. If the fingerprints don’t match, this means that someone is attempting a man-in-the-middle attack against you. If this happens, don’t mark the contact as trusted and try again later.

Adding contacts and conversing in private

I’m trying to have a private conversation with my friend. They told me their Jabber account is pluto2@wtfismyip.com and their OTR fingerprint is A65B59E4 0D1FD90D D4B1BE9F F9163914 46A35AEE.

Now that I’ve set up my pluto1 account, I’m going to add pluto2 as a contact. First I select the Contacts window and then click the Contact menu bar at the top and choose Add Contact. I set Contact Type to XMPP, and enter “pluto2@wtfismyip.com” as their Jabber ID. Then I click the Add button to add them as a contact.

When you add a Jabber contact you can’t immediately tell if they’re online or not. First you need them to consent to let you see their status. So now I need to wait for pluto2 to login and approve my contact request.

Oh good, pluto2 has authorized me to see when they’re online, and is asking if I allow them to see when I’m online. I’m selecting the their contact and clicking the Authorize button.

Now that I have added pluto2 as a contact the first time, they will appear on my contact list when they’re online. Now all I need to do is double-click on their name to start chatting with them.

I double-clicked on the pluto2 contact and typed “hi”.

Before it sent my message, Adium started a new OTR encrypted session. Notice that it says “pluto2@wtfismyip.com’s identity not verified.” This means that while we have an encrypted chat going on, I can’t be 100% confident that there isn’t a man-in-the-middle attack going on.

It also popped up an OTR Fingerprint Verification box. Does the fingerprint that pluto2 gave me match the fingerprint that I see in that box?

I’m comparing the fingerprint pluto2 gave me earlier with what Adium is telling me pluto2’s fingerprint is, one character at a time. Let me see… yup, they’re the same. This means that there is not an attack on our encryption, and I can safely click Accept. If I didn’t have pluto2’s OTR fingerprint, I would ask pluto2 what it is using an out-of-band method (not using this chat, since I don’t know if this chat is trustworthy yet) and then verify that they match. If I don’t have time for that now, I would click Verify Later.

You only have to do this verification step the first time you start an encrypted conversation with a new contact. If I login tomorrow and start a new conversation with pluto2, it should just work and be considered trusted.

And that’s it. To recap: We have created an anonymous Jabber account using Tor. We have configured the chat program Adium to login to this account over Tor, and we have made a new OTR encryption key for this account. We have added a contact to this account, and verified that their OTR fingerprint is correct. And now we can start chatting with them with an extraordinarily high degree of privacy.

Anonymous encrypted chat in Windows and Linux

If you haven’t already, create a new Jabber account using Tor Browser by following the instructions in the “Choosing a Jabber server” section above. Make sure you know which Jabber server you created your account on and what your username and password are.

For this example, I created a Jabber account on the server wtfismyip.com with the username “pluto2”.

Windows and Linux instructions are in the same section because you’ll use the same piece of software, Pidgin. The steps are nearly identical for both operating systems, but I’ll point out where they differ.

Installing Pidgin and configuring your secret account over Tor

If you’re using Windows, download and install Pidgin, and then download and install the OTR plugin for Pidgin. Make sure Tor Browser is open. While Tor Browser is open, a Tor service will be running in the background on your computer. When you close Tor Browser, the Tor service stops running. This means every time you wish to connect to your secret identity Jabber account you must have Tor Browser open in the background or Pidgin simply won’t connect. Go ahead and open Tor Browser and keep it open for the rest of this tutorial.

If you’re using Linux, install the packages pidgin, pidgin-otr, and tor. In Ubuntu or Debian you can do this by typing “sudo apt-get install pidgin pidgin-otr tor” into a terminal, or by using the Ubuntu Software Center. Because you’re installing Tor system-wide in Linux, there’s no need to worry about keeping Tor Browser open in the background like in Windows or Mac OS X.

Open Pidgin. The first time you run it you’ll see a “Welcome to Pidgin!” screen. Click the Add button to add your secret identity account (if you already use Pidgin, you can add a new account by clicking the Accounts menu in the Buddy List window and choose Manage Accounts).

You should be at the Add Account window. Before you do anything else, switch to the Proxy tab. Set the proxy type to “Tor/Privacy (SOCKS5)”. In the Host field type “127.0.0.1”, and in the Port field type “9150” if you’re using Windows and “9050” if you’re using Linux. Choose a unique username for this account and type anything in password field. These settings will ensure that Pidgin only connects to this account using Tor. The username and password fields are optional, but if you use them Tor will choose different circuits for this account in Pidgin than it will for everything else, which increases your anonymity.

Switch back to the Basic tab. Under Protocol select “XMPP”. In the Username field type your username (mine is “pluto2”). In the Domain field type your Jabber server (mine is “wtfismyip.com”). In the Resource field type “anonymous”. In the Password field type your password, and optionally check the remember password box. When you’re all set, click the Add button.

If all goes well, you should see a Buddy List window with the status “Available”.

Encryption keys and fingerprints

You are now anonymously connected to your secret identity account using Tor. The next step is to set up an OTR encryption key. Each person who wishes to use OTR needs to generate their own key, which is a file that gets stored locally on the device you use for chatting. Each key has a unique string of characters called a fingerprint associated with it – no two keys share the same fingerprint.

Let’s create your OTR key. In the Buddy List window, click the Tools menu and choose Plugins. You should see “Off-the-Record Messaging” as one of the plugins. Make sure you check the box next to it to enable it.

With “Off-the-Record Messaging” selected, click the Configure Plugin button. Select your secret identity account and click the Generate button to generate a new encryption key. When it’s done, you’ll see your new OTR fingerprint. While you’re at it, check the “Require private messaging” box.

In this example, I just created a new OTR key for my pluto2@wtfismyip.com account with the fingerprint A65B59E4 0D1FD90D D4B1BE9F F9163914 46A35AEE. If you want to have a private conversation with someone, tell them your Jabber username and server as well as your OTR fingerprint. After they create an anonymous Jabber account and an OTR key, get them to tell you what their username, server and fingerprint are too.

Once you start an encrypted conversation with them, you will be able to see their fingerprint and they will be able to see your fingerprint. If the fingerprint they gave you matches the fingerprint you see in Pidgin, you can mark that contact as trusted. And if the fingerprint you gave them matches the fingerprint they see in their chat program, they can mark you as trusted.

This step is confusing, but also important. If the fingerprints don’t match, this means that someone is attempting a man-in-the-middle attack against you. If this happens, don’t mark the contact as trusted and try again later.

Adding contacts and conversing in private

I’m trying to have a private conversation with my friend. They told me their Jabber account is 0060e404a9@jabber.calyxinstitute.org.

Now that I’ve set up my pluto2 account, I’m going to add 0060e404a9 as a contact. From the Buddy List window I click the Buddies menu and choose Add Buddy. I type “0060e404a9@jabber.calyxinstitute.org” as the buddy’s username and click the Add button.

When you add a Jabber contact you can’t immediately tell if they’re online or not. First you need them to consent to let you see their status. So now I need to wait for 0060e404a9 to login and approve my contact request.

Oh good, 0060e404a9 has authorized me to see when they’re online, and is asking if I allow them to see when I’m online. I click the Authorize button.

Now that I have added 0060e404a9 as a contact the first time, they will appear in my buddy list when they’re online. Now all I need to do is double-click on their name to start chatting with them. I double-clicked on the 0060e404a9 contact and typed “hi”.

Before it sent my message, Pidgin started a new OTR encrypted session. Notice that it says “0060e404a9@jabber.calyxinstitute.org has not been authenticated yet. You should authenticate this buddy.” You can also see the yellow word “Unverified” in the bottom-right part of the window. This means that while we have an encrypted chat going on, I can’t be 100% confident that there isn’t a man-in-the-middle attack going on.

Click on “Unverified” and choose “Authenticate buddy”. The Authenticate Buddy window offers three ways to authenticate, “Question and answer”, “Shared secret”, and “Manual fingerprint verification”. Choose the latter to view the fingerprints of both sides of the conversation.

While “Question and answer” and “Shared secret” are useful, I’m not going to go into how they work.

This contact’s OTR fingerprint appears to be 6F3D8148 DA029CDA 23C92CF7 45DA09C5 ED537DC4. Before continuing, I want to confirm that this is actually their fingerprint by contacting them out-of-band (not in this chat window, since it’s not trustworthy yet) to ask them.

Let’s see… they told me their fingerprint, and after comparing it one character at a time with what Pidgin tells me their fingerprint is, yup, this is their correct fingerprint. This means that there is not an attack on our encryption, and I can safely change “I have not” to “I have” and click Authenticate. Now the status of this conversation is “Private” instead of “Unverified”.

You only have to do this verification step the first time you start an encrypted conversation with a new contact. If I login tomorrow and start a new conversation with 0060e404a9, it should just work and be considered private.

And that’s it. To recap: We have created an anonymous Jabber account using Tor. We have configured the chat program Pidgin to login to this account over Tor, and we have made a new OTR encryption key for this account. We have added a contact to this account, and verified that their OTR fingerprint is correct. And now we can start chatting with them with an extraordinarily high degree of privacy.

Anonymous encrypted chat in Android

Installing ChatSecure and configuring your secret account over Tor

Open the Google Play app and install Orbot, which is Tor for Android. Open the app and long-press the giant button in the middle to connect to the Tor network. You’ll need to be connected to Tor before you can configure your Jabber account.

Now open the Google Play app and install ChatSecure, which is a Jabber app that supports OTR encryption. The first time you open ChatSecure you’ll be presented with the option to set a master password. It’s a good idea to choose one unless you know what you’re doing. You’ll need this master password every time you start the ChatSecure app and connect to your anonymous account. If you want extra security, consider using a high-entropy passphrase for your master password.

Now swipe to the right until you get to the “Secret Identity!” page and tap the Add Account button.

ChatSecure will automatically create a new secret identity Jabber account for you over Tor. For me, it chose the username 0060e404a9 on the server jabber.calyxinstitute.org. Tap on your username to get to more details about it.

Tap the Advanced Account Options button, and change Chat Encryption to “Force / Require”.

You are now anonymously connected to your secret identity account using Tor.

Encryption keys and fingerprints

Each person who wishes to use OTR needs to generate their own key, which is a file that gets stored locally on the device you use for chatting. Each key has a unique string of characters called a fingerprint associated with it – no two keys share the same fingerprint.

If you want to have a private conversation with someone, tell them your Jabber username and server. ChatSecure doesn’t create an OTR encryption key for you until you start your first encrypted conversation, so if this is a new account you won’t be able to tell them your fingerprint in advance.

After they create an anonymous Jabber account, get them to tell you what their username and server are too. Once you start an encrypted conversation with them, you will be able to see their fingerprint and they will be able to see your fingerprint.

At this point, use an out-of-band method — meaning, not involving typing to them in this chat, but through some other communication channel — to tell them what your OTR fingerprint is, and have them tell you what their OTR fingerprint is.

If the fingerprint they gave you matches the fingerprint you see in ChatSecure, you can mark that contact as trusted. And if the fingerprint you gave them matches the fingerprint they see in their chat program, they can mark you as trusted in their chat program.

This step is confusing, but also important. If the fingerprints don’t match, this means that someone is attempting a man-in-the-middle attack against you. If this happens, don’t mark the contact as trusted and try again later.

Adding contacts and conversing in private

I’m trying to have a private conversation with my friend. They told me their Jabber account is pluto3@suchat.org and their OTR fingerprint is 71863391 390AF4A8 D5692385 5A449038 7F69C09C.

Now that I’ve set up my 0060e404a9 burner account, I’m going to add pluto1 as a contact. In ChatSecure, I tap the “+” icon in the top-right and select “Add Contact”. I type pluto3@suchat.org as their Jabber ID and tap the Send Invite button.

As soon as I add a new contact, ChatSecure lets me send them a message. But it’s better to wait until you’re sure the other person is online before contacting them. Both me and pluto3 need to be online at the same time to start an OTR encrypted conversation.

When you add a Jabber contact you can’t immediately tell if they’re online or not. First you need them to consent to let you see their status. So now I need to wait for pluto3 to login and approve my contact request.

Oh good, pluto3 has authorized me to see when they’re online, and is asking if I allow them to see when I’m online. I tap the Yes button.

Now that I have added pluto3 as a contact, I will be able to see when they’re online and send them messages. Notice that the lock in the top-right corner is currently unlocked, which means that OTR encryption isn’t being used yet. I’m going to tap the lock icon and choose Start Encryption.

Notice that the lock is closed, but has a question mark in it. I’m going to tap the lock again and tap Verify Contact.

I check pluto3’s OTR fingerprint on my screen against what they gave me initially, and good, the fingerprints match. This means that there is not an attack on our encryption.

My own OTR fingerprint is listed there as well. At this point I should tell me contact, using an out-of-band channel, what my fingerprint is so they can verify it on their end.

I tap the Manual button to manually confirm that the fingerprints match, and the question mark inside the lock icon changes to a green check mark.

You only have to do this verification step the first time you start an encrypted conversation with a new contact. If I login tomorrow and start a new conversation with pluto3, it should just work and be considered trusted.

And that’s it. To recap: We have installed Orbot and connected to the Tor network on Android, and we have installed ChatSecure and created an anonymous secret identity Jabber account. We have added a contact to this account, started an encrypted session, and verified that their OTR fingerprint is correct. And now we can start chatting with them with an extraordinarily high degree of privacy.

Photo: Courtesy of Tor Project

Correction: The first version of this article said that there was no way to use Jabber and OTR with Tor on iOS. ChatSecure for iOS actually has experimental support for Tor. July 16 2015 12:51pm ET

Join The Conversation