protecting im conversations


So, I know that I can encrypt email with PGP, and encrypt web sites with SSL. Is there any way to protect IM conversations? It's come to my attention that some of our more enterprising students have developed tools for monitoring IM conversations floating across the wireless network on campus.

There is a campus-wide VPN--is that sufficient? Are there IM clients that can encrypt conversations?

It's not so much that I'm having super-secret conversations...but it's the principle of the thing.


AIM for Windows now has some security features available. However, they're geared more toward enterprises vs. personal use. Personal users can specify a security certificate, but once you give someone that key to decrypt your messages, you've essentially put it out there for the world. So while I think they're probably working on bringing it for personal use, it's not quite there yet.

I dont know the timeframe for AIM v5 on OS X, however.

You can try and install the security certificates. The problem with this software is that both users (you and whomever you are talking to) must be using it and it really doesn't provide much real protection.

If you really want to geek out with this you could tunnel through an SSH connection. SOCKS forwarding/tunneling is good for IM programs/IRC.

Trillian, the multi-protocol client for the PC, allows secure IMing if the other party has Trillian as well. I think it only allows "SecureIM" over AOL IM, though. You can have it auto enable the security, but both parties need to have that set.

Did you look over this? Encrypted Chat Clients. Looks like the best option is just to switch over to GAIM.

Many jabber clients support secure chats (though it's not implemented in all of them yet). Both secure links and end-to-end security.

Intego released Chatbarrier several months ago. Chatbarrier encrypts text messages sent using iChat.

I've never used it, but I stumbled upon a review by MacCentral, just days ago.

The RIT network is switched, at least in theory. I've heard many reports of the network acting as if it were on hubs, with data (such as AIM conversations) broadcast for all to read. So, people shouldn't be able to read your conversations, but that's no guarantee.

The VPN client will route your traffic to Building 10, preventing users on your subnet from spying on you. The Cisco client isn't the most seamless app on the Mac, but it will do the trick.

There is an iChat encryption plug-in that Apple uses internally. Perhaps if you ask them nicely they will share it.

I use SIMP Lite. It's free for personal use. Here's the version I use for MSN Messenger:,ie. They also have versions for Yahoo, AIM, and ICQ. The paid version supports other clients. Couldn't be easier to use.

The ability to encrypt IM was a key feature in the development of Jabber (the protocol, and the client). iChat is already supposed to use the Jabber protocol for Rendezvous-based local messaging, according to the rumor. (I've never looked into it farther.) We can presume that the Tiger version of iChat will support encryption based on this blurb in the preview for Tiger Server:

Your Very Own iChat and Blog Servers

You can now host your own iChat server. Instant Messaging serves as a vital means of communication for organizations of all sizes, so it√�∆�√Ǭ�√ɬ�√��Ǩ≈�√Ǭ�√ɬ�√��Ǩ≈�√Ǭ�s useful to deploy and run your own private and secure IM server. Based on the open source Jabber project, the new iChat server in Tiger Server lets your company protect its internal communications by defining its own namespace, and use SSL/TLS encryption to ensure privacy. The iChat server works with both the iChat client in Mac OS X Tiger and popular open source clients available for Windows, Linux and even PDAs.

However, except for the Intego product (which I'd heard of but never investigated), I'm not aware of a way to encrypt AIM. Based on the info here, it might just be implementing the encryption in iChat that is already used by AIM/Windows.

Using VPN on campus (the local profile) will certainly let you encrypt your traffic to the data center, but then the leg out to AIM servers and back would be cleartext. I suppose you could do the SSH tunnel thing for a similar effect.

Leave a comment

About this Entry

This page contains a single entry published on November 11, 2004 12:22 PM.

very cool os x app for cataloging your personal media was the previous entry in this blog.

rit mt site license is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.


Category Archives