Home 0P3N Blog Prevent Communications Spying with O.T.R. Encryption and TOR in XMPP
Ready to Start Your Career?
Create Free Account
Krintoxi s profile image
By: Krintoxi
September 23, 2015

Prevent Communications Spying with O.T.R. Encryption and TOR in XMPP

By: Krintoxi
September 23, 2015
Krintoxi s profile image
By: Krintoxi
September 23, 2015
Prevent Communications Spying with O.T.R. Encryption and TOR in XMPP - CybraryWith the growing concern of online privacy, this is by far the best way I've found to keep your communications private using a combination of O.T.R., TOR, Linux and a trustworthy VPN service.Note - This guide can be used by the following communities of people and others:
  • Activists: Operating around the wold, all governments spying on their citizens.
  • Hackers: Those who push the limits of technology, who need secure ways of communicating.
  • Hacktivists: While hacktivists around the world primary hack for Justice, the hacktivist communities are heavily spied upon by agencies and governments.
  • Social Engineers: As an SE, keeping your communications private is essential to your work. While it's keeping the confidentiality of a client, staying hidden from a target or communicating with sensitive contacts, privacy is key.
 First, I'll start by listing every service we'll be using to achieve this certain level of anonymity and privacy. I'll also assume you're using a Linux Distribution for your sensitive work.Software Needed: Once you have all the software and services Downloaded/Installed, we'll want to begin by starting our TOR service. We can do this by opening a Terminal and typing:

sudo service tor start

Continue by starting up your VPN Service in conjunction with TOR.After TOR and a VPN are both running, continue by opening the Pidgin Chat Client and clicking Add Account.The add dialog box should appear, the configuration options should be as follows:

Protocol: XMPP

Username: YourusernameDomain: riseup.net (or any other off-shore provider that does NOT store logs)Resource: BlankPassword: YourPasswordLocal Alias: Optional After all of that is filled out, we want to hover to the Proxy tab. Once there, click Proxy Type and set it to SOCKS5. The configuration should be as follows:Host: 127.0.0.1Port: 9050Username: BlankPassword: BlankOnce that is filled in, make sure you check the option "Create This New Account On Server" and click Add. Next, go to Tools > Plugins find O.T.R and enable it. Then, Enable the Account and enjoy your secure Off-The-Record communications.To help better understand what makes this solution so secure, I'll share a bit of information about the protocols and tools used in this guide.XMPP:"Extensible Messaging and Presence Protocol is a communications protocol for message-oriented middleware based on XML. It enables the near-real-time exchange of structured yet extensible data between any two or more network entities. Originally named Jabber, the protocol was developed by the Jabber open-source community in 1999 for near real-time instant messaging, presence information, and contact list maintenance. Designed to be extensible, the protocol has also been used for publish-subscribe systems, signalling for VoIP, video, file transfer, gaming, Internet of Things applications such as the smart grid, and social networking services."TOR:"TOR is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security."An Off-Shore VPN:All your traffic is securely routed through your provider before it's decrypted and sent on to the open internet.
  • Thwart Network Surveillance's Bitmask VPN is very effective at bypassing most censorship and network surveillance by your ISP or country.
  • Anonymize your address: Your IP address will also be hidden, keeping your physical location safe from nefarious websites or network eavesdroppers.
  • Extra Security: We take extra security measures to prevent problems common to other personal VPNs, such as DNS leakage and IPv6 leakage.
Off-the-Record Messaging (OTR)"...is a cryptographic protocol that provides encryption for instant messaging conversations. OTR uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides forward secrecy and malleable encryption.The primary motivation behind the protocol was providing deniable authentication for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing. This is in contrast with cryptography tools that produce output which can be later used as a verifiable record of the communication event and the identities of the participants. The initial introductory paper was named "Off-the-Record Communication, or, Why Not To Use PGP".The OTR protocol was designed by cryptographers Ian Goldberg and Nikita Borisov and released on 26 October 2004. They provide a client library to facilitate support for instant messaging client developers who want to implement the protocol. A Pidgin and Kopete plugin exists that allows OTR to be used over any IM protocol supported by Pidgin or Kopete, offering an auto-detection feature that starts the OTR session with the buddies that have it enabled, without interfering with regular, unencrypted conversations."By combining these services , you get a much better solution for encrypted Anonymous communications than, let's say, with IRC.
I hope this information is useful to some of you. Thank you :)
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry