ScatterChat for encrypted instant messaging
Usage of instant messaging (IM) is growing rapidly to facilitate real-time communication across the internet. Unfortunately, it provides the illusion of privacy which can fool users into chatting about subjects that they would not normally discuss in public. A new tool, ScatterChat has recently been released that provides a cross-platform solution for encryption over the public IM networks. Using it provides actual privacy for IM conversations without much additional burden for the user.
ScatterChat is a 'friendly fork' of the Gaim IM client that adds encrypted chat, key management, and encrypted file transfer for many of the IM protocols supported by Gaim. In addition, ScatterChat optionally interfaces to Tor to provide traffic analysis resistance for additional privacy. It is available in source form for Linux and MacOS as well as Windows binaries.
In order to use ScatterChat, a user first generates a public/private key pair that gets associated with a particular IM screen name. Once that is complete, the program logs the user into the IM network and provides the same basic interface as Gaim. A user can then choose a buddy to chat with and ScatterChat provides an extra button in the chat window to request encryption. If necessary, a key exchange is done between the user and their buddy, but one can always refuse encryption and the key exchange protocol will be silently ignored. This ability allows users to control who knows that they are using ScatterChat; if they refuse the key exchange, it will look no different than someone who is using a standard IM client.
Once an encrypted session has been established (verified by the now familiar padlock icon), it works just like an unencrypted session. Users can type back and forth to each other but any intermediary will not be able to decrypt the traffic without compromising the keys. Even if the conversation is recorded, it cannot be decrypted without compromising the private keys at both ends of the conversation, providing 'perfect forward security'. Of course, one must be careful that the other end is not logging the conversation as that would store an unencrypted version of the conversation on the hard drive of the logger.
ScatterChat seems to have a well thought out architecture and philosophy. Users are not allowed to choose encryption methods, key lengths or any of the other technical parameters that often accompany encryption tools. The choices made by the ScatterChat developers are very strong (2048-bit El Gamal public/private key with 256-bit AES symmetric encryption) and removing those kinds of choices makes it a much simpler solution to deploy for non-technical users. The developers also have chosen to use existing encryption code (libgcrypt) rather than creating yet another encryption library that needs to be audited.
ScatterChat is targeted for human rights activists and dissidents who may be communicating through internet servers that are or can be subverted by oppressive governments. It may also be useful for those living in supposedly free countries whose governments have recently determined that spying on its citizens leads to better national security. A great deal of communication of a sensitive nature is done via IM these days and companies may wish to use this tool to secure chats between their employees to protect trade secrets and the like. Many IM users will not have any need for the capabilities provided by ScatterChat, as the NSA is probably uninterested in teenage dating gossip and the like, but for those who do, ScatterChat is an essential tool.
| Index entries for this article | |
|---|---|
| GuestArticles | Edge, Jake |