Encrypted chat between mobile devices?
February 5, 2013 3:13 PM

The best and simplest way to communicate between a smallish number of (known) people, on a few different devices, with encryption?

Pretty much what it says - I'm generally fine with security-through-obscurity, but there are a couple of people I am having discussions with currently which I may want to start encrypting outside regular corporate channels. Most of those discussions (nothing HIPAA-sensitive or likely to interest national security agencies!) will continue to take place over IM, I suspect, using iOS and Android devices, between people at different levels of technical comfort.

So, assuming that everyone who is likely to be talking already knows each other and can coordinate their usage, and that we don't need to conceal the fact that we are talking, only what we are talking _about_, what are the best systems for secure chat? The objections to Silent Circle in the thread about its launch (non-open code, primarily, at least at launch) have got me thinking - presumably OTR encryption over XMPP is the way people usually do this?
posted by running order squabble fest to Computers & Internet (6 answers total) 3 users marked this as a favorite
My company started using Trillian for this. Our tech guys say it's secure (enough?), it's accepted by our compliance guys, and it's available on all the various devices we use, from the guys with the Linux boxes to the folks with the iPads.

It also has a DeLorean emoticon for reasons that aren't entirely clear.
posted by phunniemee at 3:19 PM on February 5, 2013


Pidgin/Adium with an OTR plugin. Protocol doesn't matter if you're encrypting it. Not sure how well it would work on non-computer devices, though unfortunately.
posted by wrok at 3:31 PM on February 5, 2013


Glassboard perhaps? Not sure about the protocols you're specifically searing for, but Glassboard also allows for sharing of images and non-text media.
posted by komlord at 3:44 PM on February 5, 2013


Google Talk is XMPP and has a nice OTR option; if your nightmare scenario includes Google being subpoenaed/enlisted, though, I wouldn't trust it.
posted by wayland at 3:58 PM on February 5, 2013


I haven't used it, so I'm not sure what state it's in, but the Guardian Project has a chat client for Android that works with Google or Facebook (or any Jabber or XMPP service), and uses OTR.

Then, you can use Pidgin and the OTR plugin on computers. OTR has a few... quirks, but nothing showstopping. Once it's set up it's relatively easy to use.

Depending on how paranoid you are, you could either just use OTR over Google chat, or you could set up your own Jabber/XMPP server and route all of your chat through that.
posted by Adamsmasher at 5:05 PM on February 5, 2013


Oh, wow. I had not even thought of setting up an XMPP server, although I do have a couple of spare PCs lying around, and that might be a way to go. Given that we're talking about a very small number of people, it's sledgehammer/nut, at this point, but...

Gibberbot looks like it could be a good solution, and the Guardian Project says that it interoperates with ChatSecure on iOS, which at least suggests that would work on iOS (it's open source and on github, which I know is no guarantee of quality or security, but makes me feel more comfortable) - and then, as you say, you could use the OTR plugin for Pidgin. Hmm.
posted by running order squabble fest at 2:49 AM on February 6, 2013


« Older Dental Tourism- Where is best?   |   Fiction: Fatal encounters between therapist and... Newer »
This thread is closed to new comments.