I want to know a good setup for secure instant text messaging directly between two internet-connected computers, that is, without going through any central server.
I would be running opensuse, but my chat/IM partners would probably be running Windows or Mac. The solution should be easy to explain and set up for my partners.
So can you indicate 1) a popular cross-platform software to do the job on both ends, and 2) the main features/protocol(s) to use?
On Wed 31 Jul 2013 09:06:04 PM CDT, LizardBoy wrote:
I want to know a good setup for secure instant text messaging directly
between two internet-connected computers, that is, without going through
any central server.
I would be running opensuse, but my chat/IM partners would probably be
running Windows or Mac. The solution should be easy to explain and set
up for my partners.
So can you indicate 1) a popular cross-platform software to do the job
on both ends, and 2) the main features/protocol(s) to use?
Hi
Have a look here, if something catches your eye, search for it on the
software search.
If you find something and it’s not built, post back with what your
looking at.
–
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 12.3 (x86_64) Kernel 3.7.10-1.16-desktop
up 2 days 18:52, 4 users, load average: 0.86, 0.94, 0.79
CPU AMD E2-1800@1.70GHz | GPU Radeon HD 7340
You have a couple of interesting technical requests, but it would help if
you provided some of the business reasons for the request. I.e.: Why do
you care about a lack of central server? Some examples may be, “I do not
want any central parties snooping.” or “I need to have as few points of
failure as possible since this is controlling my pacemaker.” or something.
This matters, because your current request limits possible responses,
perhaps unnecessarily, and knowing the reasons behind your decisions may
allow others with other information to help you.
Good luck.
RetroShare and TorChat might meet your needs. Links to both are available at https://prism-break.org/
On Wed, 31 Jul 2013 21:06:04 +0000, LizardBoy wrote:
> I want to know a good setup for secure instant text messaging directly
> between two internet-connected computers, that is, without going through
> any central server.
>
> I would be running opensuse, but my chat/IM partners would probably be
> running Windows or Mac. The solution should be easy to explain and set
> up for my partners.
>
> So can you indicate 1) a popular cross-platform software to do the job
> on both ends, and 2) the main features/protocol(s) to use?
You can set up your own server using something like OpenFire (it uses the
apache license). Then any XMPP/Jabber client can be used from the
client, regardless of OS.
Jim
–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C
On 2013-07-31 23:06, LizardBoy wrote:
>
> I want to know a good setup for secure instant text messaging directly
> between two internet-connected computers, that is, without going through
> any central server.
Theory:
A server of some kind is needed so that people find one another, because
the IP they use change. However, the role of the server can change: it
can be a full server, all messages are sent to it, and then it forwards
to the destination, or it can be simply a directory service to find one
another.
For encryption, there are two methods. Encryption between server and
clients, or encryption from client to client. The first one is typically
breakable. Once there is access to the server, there is access to all
the conversations. The second one is as secure as can be.
> I would be running opensuse, but my chat/IM partners would probably be
> running Windows or Mac. The solution should be easy to explain and set
> up for my partners.
Can you setup your own machine as server?
–
Cheers / Saludos,
Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)
On 2013-07-31 23:53, ab wrote:
> You have a couple of interesting technical requests, but it would help if
> you provided some of the business reasons for the request. I.e.: Why do
> you care about a lack of central server? Some examples may be, “I do not
> want any central parties snooping.” or “I need to have as few points of
> failure as possible since this is controlling my pacemaker.” or something.
AFAIK, all systems using a central forwarding server are breakable,
despite encryption, because the server deciphers messages and forwards
to destination, perhaps with a different cipher.
It is a single, common point of failure.
–
Cheers / Saludos,
Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)
On 07/31/2013 11:06 PM, LizardBoy wrote:
> I want to know a good setup for secure instant text messaging directly
> between two internet-connected computers, that is, without going through
> any central server.
by “without going through a central server” i assume to mean (for
example) Facebook, Skype, Google-Chat etc type services which we know
the governments/police of many lands can monitor with ease–right?
in other words you want two computers directly connected with NO
other’s in between who can read/record the messages–right?
then, because all internet traffic flows through the routers,
switches, servers, signal boosters, repeaters etc etc etc of Internet
Service Providers and backbone exchanges–and at many steps along the
way the signal can be monitored/recorded…so, what you want is not
possible without stringing a wire between you and the partner.
and you must ensure that NO one has physical access to that wire
for its entire length…
but, if you are willing to use the public internet with message
encryption/decryption at both ends…and just accept the fact that
given enough time and computing power the messages can be read,
then a search string like in this url
https://www.google.com/search?q=secure+instant+text+messaging+linux+windows+mac
returns over a million hits…
without knowing your specific requirements i’d say Pidgin and your
choice of crypto would work…
>
> The solution should be easy to explain and set up for my partners.
just a word of caution: as the level of ‘easy’ goes up you should
expect the level of security to go down…
if it an oppressive government (with weapons and threat of death) you
try to avoid then i think TOR is your only potential choice
today…and, still you must be very careful.
and, i have just one question: Is your real name Weiner?
–
dd
http://tinyurl.com/DD-Caveat
http://tinyurl.com/DD-Complaints
http://tinyurl.com/DD-Hardware
http://tinyurl.com/DD-Software
On 2013-08-01 09:58, dd wrote:
> On 07/31/2013 11:06 PM, LizardBoy wrote:
> by “without going through a central server” i assume to mean (for
> example) Facebook, Skype, Google-Chat etc type services which we know
> the governments/police of many lands can monitor with ease–right?
Not only them, but almost any curious employee.
>
> in other words you want two computers directly connected with NO other’s
> in between who can read/record the messages–right?
>
> then, because all internet traffic flows through the routers,
> switches, servers, signal boosters, repeaters etc etc etc of Internet
> Service Providers and backbone exchanges–and at many steps along the
> way the signal can be monitored/recorded…so, what you want is not
> possible without stringing a wire between you and the partner.
No, that’s what end to end encryption is for 
The messages are encrypted on departure from one machine, and only the
receiving end can decipher it. Almost any onlooker would be unable to
read them; maybe only agencies with very powerful machines or unknown
holes to decipher those encryption methods might open them, which is
safe enough for most people.
–
Cheers / Saludos,
Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)
On 08/01/2013 11:53 AM, Carlos E. R. wrote:
> No, that’s what end to end encryption is for
no, you should have read the rest of my post before responding:
if by “no central server” he wants no one in between the two ends
he must string his own wire and maintain physical security…
but, if he is willing to accept people in between AND know that all
known encryption can be cracked (with enough time and cost) but some
might not crack open for 1000 years (or longer) if using my
machine…or 1000 seconds or shorter if using some government’s
machineS . . .
–
dd
I looked into this a few years ago…
As others have noted,
There are primarily 2 architectural parts… Directory Services and the actual Peer/Node connections.
Typically Directory Services is centralized although nowadays there is little reason this has to be so. There are proven methods for instance in P-P networking like Distributed Hash Tables which could work just fine, but in general a cental server is used.
Actual Peer/Node sessions and connections can be both P-P or cleint/server. A few years ago, P-P was prefered for performance and cost reasons. Today, bandwidth is so cheap that may not be a critical factor any more. But, if you want to monitor/control and particularly log the session content, you’ll need to use client/server (obviously).
But, perhaps the most important thing to understand is that when I surveyed IM andd Chat back approx 2007, <all> the Consumer(Free) clients for every major IM service on the Internet not only didn’t use secure connections they also exposed their entire Contacts/Addressbook list in plain text so anyone could see every name, address and contact information of more than just the people in the “Conversation.” So, lesson be learned no matter what you eventually choose, fire up Wireshark and see what is exposed in Plain Text.
As for cross platform services, AFAIK nothing has changed, the only ones use the Jabber protocol. If you setup your own machine today, I don’t know what products are available but back in 2007 you had to pay for solutions which were reliable and performant. Hopefully, today that has changed.
Finally, when you investigate different solutions, you need to have a list of features in hand. IIRC the basic IM protocol you use only supports text but you can piggy-back media protocols on top taking advantage of the directory and “presence” of IM to provide a more featured solution.
HTH,
TSU
You can check this out as well https://www.nelerto.com. Seems like it does exactly what you’re requesting plus it’s very strong on bulk and big file transfers, given you need to share something other than messages with your clients.