Secure Instant Messaging
   HOME

TheInfoList



Click Here for Items Related To - Secure Instant Messaging
OR:
Secure Instant Messaging on:   [Wikipedia]   [Google]   [Amazon]

Secure instant messaging is a form of
instant messaging Instant messaging (IM) technology is a type of online chat allowing real-time text transmission over the Internet or another computer network. Messages are typically transmitted between two or more parties, when each user inputs text and trigge ...
. Both terms refer to an informal means for computer users to exchange messages commonly referred to as "chats". Instant messaging can be compared to texting as opposed to making a
mobile phone A mobile phone, cellular phone, cell phone, cellphone, handphone, hand phone or pocket phone, sometimes shortened to simply mobile, cell, or just phone, is a portable telephone that can make and receive calls over a radio frequency link whil ...
call. In the case of messaging, it is like the short form of emailing. Secure instant messaging is a specialized form of instant messaging that along with other differences, encrypts and decrypts the contents of the messages such that only the actual users can understand them.


Instant messaging background

Instant messaging has existed in some form or another for decades. Generally, it is a process by which users on a computer network can quickly communicate with one another using short text-based sentences rather than using email. Each user has a piece of software that communicates with a common server that connects the chat sessions. Over the past few years, two distinct settings for the use of instant messaging have evolved. The first is the corporate or institutional environment composed of many potential users but who are all under the same organizational umbrella. The second setting is individual users "after work" or at home who do not have a mission-oriented commonality between them, but are more likely family and friends. In the corporate setting, security risks are apparent from the outset. What stops a disgruntled employee from messaging some sensitive company data to a colleague outside the enterprise? The reverse of that would be the example disgruntled employee downloading some virus or spyware onto his machine inside the corporate firewall to release as desired. Accordingly, organizational offerings have become very sophisticated in their security and logging measures. Typically, an employee or organization member must be granted a login and suitable permissions to use the messaging system. This creating of a specific account for each user allows the organization to identify, track and record all use of their messenger system on their servers. The specialized requirements of the organizational messaging system, however, run almost completely contrary to what an individual user may need. Typically non-organizational use instant messengers advertise their availability to the Internet at large so that others may know if that person is online. The trend has been too that manufacturers of instant messaging clients offer interoperability with other manufacturer's clients. This competitive edge grew out of the heretofore use of proprietary communications protocols used by the client manufacturers. Compatibility between clients is likely to become almost universal, as a unified messenger protocol (the Extensible Messaging and Presence Protocol (
XMPP Extensible Messaging and Presence Protocol (XMPP, originally named Jabber) is an open communication protocol designed for instant messaging (IM), presence information, and contact list maintenance. Based on XML (Extensible Markup Language), it ...
)) is being adopted by more and more manufacturers. The XMPP has been, at least in part, formalized by the Internet Engineering Task Force as RFC 6120, RFC 6121 and RFC 6122 which will further the trend towards instant messaging standardization. For the typical social individual user this product evolution spells greater ease of use and more features.


Traits of a secure instant messenger

In November 2014, the
Electronic Frontier Foundation The Electronic Frontier Foundation (EFF) is an international non-profit digital rights group based in San Francisco, California. The foundation was formed on 10 July 1990 by John Gilmore, John Perry Barlow and Mitch Kapor to promote Internet ci ...
listed seven traits that contribute to the security of instant messengers: * Having communications encrypted in transit between all the links in the communication path. * Having communications encrypted with keys the provider does not have access to (
end-to-end encryption End-to-end encryption (E2EE) is a system of communication where only the communicating users can read the messages. In principle, it prevents potential eavesdroppers – including telecom providers, Internet providers, malicious actors, and even ...
). * Making it possible for users to independently verify their correspondent's identity ''e.g.'' by comparing key fingerprints. * Having past communications secure if the encryption keys are stolen (
forward secrecy In cryptography, forward secrecy (FS), also known as perfect forward secrecy (PFS), is a feature of specific key agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session key ...
). * Having the
source code In computing, source code, or simply code, is any collection of code, with or without comments, written using a human-readable programming language, usually as plain text. The source code of a program is specially designed to facilitate the wo ...
open to independent review (
open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...
). * Having the software's security designs well-documented. * Having a recent independent
security audit An information security audit is an audit on the level of information security in an organization. It is an independent review and examination of system records, activities and related documents. These audits are intended to improve the level of in ...
. In addition, the security of instant messengers may further be improved if they: * Do not log or store any information regarding any message or its contents. * Do not log or store any information regarding any session or event. * Do not rely on a central authority for the relaying of messages (
decentralized computing Decentralized computing is the allocation of resources, both hardware and software, to each individual workstation, or office location. In contrast, centralized computing exists when the majority of functions are carried out, or obtained from a ...
). Recent news events have revealed that the
NSA The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collecti ...
is not only collecting emails and IM messages but also tracking relationships between senders and receivers of those chats and emails in a process known as
metadata Metadata is "data that provides information about other data", but not the content of the data, such as the text of a message or the image itself. There are many distinct types of metadata, including: * Descriptive metadata – the descriptive ...
collection. Metadata refers to the data concerned about the chat or email as opposed to contents of messages. It may be used to collect valuable information.


See also

* Comparison and overview of secure messengers *
Comparison of user features of messaging platforms Comparison of user features of messaging platforms refers to a comparison of all the various user features of various electronic instant messaging platforms. This includes a wide variety of resources; it includes standalone apps, platforms within we ...


References

{{Reflist, 30em Internet Relay Chat * Videotelephony