Hackers want to steal your information and governments want to monitor everyone. The internet is not a secure or private place. Companies are slowly making things more secure, but you are responsible for your security and privacy, and for the security and privacy of your friends and family that you communicate with.
If you tried to immediately change all of your internet behavior to be very secure, you would need to spend hundreds of hours learning new programs and habits, and you would be cut off from most of the people you currently communicate with.
The solution is to make incremental changes. One of the easiest changes you can make, right now, is to change some of your instant messaging programs and habits. The good news is that you do not need need to change most of the services you use–you can still use Facebook, AIM, Yahoo, MSN, Google, and many other services, but with some small changes, you can significantly increase your security and your privacy.
Because these changes are so easy, there is no excuse to not make these changes now. By changing this one part of your online habits, you will learn more about security and privacy and that will make it easier for you to make other changes in the future.
Change your chat client to Pidgin
Pidgin is a universal chat client, which means it is one program that allows you to use many different services, such as Google, Yahoo, and AIM. There are other universal chat clients, and some of them are excellent, but only Pidgin has a special plugin for security and privacy.
Pidgin runs on Windows, Mac, and Linux, so download and install Pidgin on all of your desktop and portable computers. After you install it, you can use it to sign in to many different services, including Facebook. Follow the instructions and read the help files–there is a small learning curve but it is not a difficult program.
Optional: password plugin
Pidgin will store your instant messaging passwords–on your computer–for you. The default method for storing your passwords in a text file. If someone stole that file, they would have your passwords. If you want, you can download a Pidgin plugin that will store your passwords in an encrypted file: Pidgin-wincred. If someone stills the encrypted it will be difficult or impossible for them to read your passwords. If you choose to use this plugin, I recommend you install it before you configure any of the services because it will overwrite your saved passwords when you install the plugin. (That is a good thing.)
Use the Off-the-Record (OTR) plugin
By itself, Pidgin is not more secure or private that your normal instant messaging client. You must install, configure, and properly use a plugin: Off-the-Record. Download and install the plugin.
Configuring the plugin is a little odd because very few programs use the type of security found in OTR. Nevertheless, if you follow the instructions, you will be able to configure the program without difficulty.
For people new to encryption, learning to properly use OTR will require the most effort. It is not difficult, but because it is a new process, it will require a little effort to learn. I promise that this is one of the most user-friendly security systems available right now and the help files are useful, so read them. Once you learn how to properly use Pidgin and OTR, you will have a much easier time learning other security systems.
This article is a little old, but it might help you if you get stuck on something.
Get your friends to use Pidgin with OTR
If you have Pidgin, you can chat with other people using whether they are using Pidgin or the normal client (Yahoo messenger, for example). But, the point of installing Pidgin with OTR is to have secure and private conversations. That is only possible with both people are using Pidgin with OTR. Therefore, you must get your friends and family to start using Pidgin with OTR also.
This is a good thing! Learning these new programs and processes might be a little frustrating, so I strongly recommend you team up with a friend: both of you can work together to get the programs installed and configured properly. Learning the system together will make it easier for both of you, and when you get it working, I promise you will feel the great feeling of accomplishing something as a team.
Compatible with Tor and other privacy proxies
It is possible to use Tor with Pidgin, which makes your chat even more secure and private. Configuring Tor with some services can be tricky, however, and that is beyond the scope of this post. If you want to figure it out, you will need to install the Vidalia Bridge Bundle–not the Tor browser. (You can use both the Tor browser and the bundle, though.)
It might work with Whatsapp
There is a Pidgin plugin to connect to Whatsapp. I have installed it, but I have not been able to successfully message anyone yet. Since I cannot do that, I have no idea if OTR will work with Whatsapp. If it does work, it will only work if the other person is using Pidgin with OTR also.
Making your life and data more secure and private will require you to learn more and to change your habits. Reading the Electronic Frontier Foundation’s chat scorecard is a good place to start–especially because it is short. I also recommend following EFF on Facebook, Twitter, and/or identi.ca. Doing so will expose you to privacy and security issues, which will help you make incremental changes to protect yourself, your friends, and your family. Remember: when you lose your privacy, you also strip the privacy of everyone around you.
If you are already an expert, other programs might be better
If you already know about secure messaging, then I am not sure why you are reading this post. Nevertheless, there are other programs that might be more secure than Pidgin with OTR but none of those programs are widely used. The major disadvantage of these programs is that you have to convince your friends to switch services. Check the Electronic Frontier Foundation’s scorecard for the latest information.