Using OTR for Private Instant Messaging

Today, the mobile environment, along with the growing app economy, has generated both modern conveniences and security risks. Whether you’re a mobile app developer, or a consumer, it is important to know that there are various online and mobile threats that could harm your privacy. As such, it’s ultimately in your best interest to build strong privacy protections for your device.

It’s important to integrate good privacy protection into your mobile device because this practice will allow you to secure your communications, including your online transactions. OTR (off the record) is a way to have encrypted private instant message conversations online. It uses end-to-end encryption so your network provider or other outsiders can’t see the content of your messages.

Essentially, OTR offers the following:

Encryption - No one can read your messages but you and/or your recipient

Authentication - Your correspondent is verified

Forward secrecy - In case you lose control of your private keys, previous conversations are not compromised

Deniability - Messages do not have digital signatures that can be checked by third parties. Anyone can forge messages after a conversation for counterfeit purposes. However, during a conversation, your correspondent is assured that the massages he sees are authentic and unmodified.

OTR applications

ChatSecure is a free mobile application for iPhone and Android devices. It allows users to communicate with OTR instant messaging. All communications via ChatSecure are completely private, as long as the person you are chatting with is also using OTR-compatible instant messaging client. Additionally, the app’s capabilities allow it to deliver audio messages, photos, files, or text.

Installation:

1. Go to App Store or Google Play store, select ChatSecure by The Guardian Project. Select “Install” and accept the Terms of Services. The app will then download and install automatically.

2. When you open the app, you will be prompted to create a passphrase in order to locally encrypt your data. Doing this will allow your data to be encrypted when in transit as well as encrypted locally on your phone. Skipping this step will only encrypt your message in transit, not on your device.

3. Add GoogleTalk or Google Hangouts or other accounts to your ChatSecure app.

Configuration:

1. Click on the “accounts” tab in the menu and turn on the accounts you wish to use. Once signed in, anyone can connect with you from a mobile or desktop instant messaging application.

2. Click on the unlocked lock icon found on the top menu bar of the display. Choose “Start Encryption.” If your recipient has an OTR-compatible instant messaging system, then you will have the option to verify your and their fingerprint. If you’re chatting with someone over a desktop instant messenger, verify your OTR by resending your fingerprint over an SMS (TextSecure), saying it over the phone, or by meeting in person. Once you’ve confirmed your identities, you can click on “verify.”

3. Study the basic options, and support to make the most out of your app.

Orbot provides Android devices with access Tor. It helps conceal your identity from websites and other services when using certain Android applications, as well as conceal your browsing activities, and bypass Internet censorship and online filtering.

Installation:

1. On your Android device, download and install the app from Google Play store.

2. Review the access permissions carefully. Click “Accept”, and installation will begin.

Configuration:

1. Tap the Orbot icon app.

2. Select the language you want to use.

3. Read and tap the configuration wizard. Once you’ve rea d the requirements, press “Next”

4. Grant Orbot “Superuser access”.  “Superuser access” requires your device to be rooted—if you want to make use of Orbot’s Transparent Proxy features. If your device is not rooted, tick the option “I understand and would like to continue without “Superuser”.  

5. Orbot configuration is not complete. A final screen describing users of Tor and Orbot will appear, once you have read this, tap “Finish”. 

Angela Gaddi
Angela Gaddi Hire Me

Freelance Writer

Angela writes about IT security, privacy, free speech, politics, social media, and the intersection of business and consumer tech. Has a special aptitude for privacy, cult literature, film noir.

Hire Me

Next Article

Save Time and Money with Automated Accounting