CIP Cyber

Open Source Browser-based P2P Encrypted Chat Service

Table of Contents

If you are not think of becoming the President one day, if you are not involved in any illegal activity, if you do not keep anything back from your wife (some men may have a nervous smile on these words) or husband and you have no secrets from your boss – probably you should not steam your beam over encrypting personal conversations online. But even in this case, do not rush to conclusions. You will never know what may happen. What if one day you decide to become a big gun?

As you may have guessed, this article focuses on encryption of personal messages online. Most people (you are likely to be one of them) do not consider that most of their conversations contain any secrets. Yet, some written chat messages are better to be kept from surveillance of anyone you like: your chief, journalists, wife, etc. You are not going to hide anything from the police, are you? So many people would agree that the encryption of private conversations online is the right thing to do. But how it works?

Until recently the most common method to encipher personal conversations were to use the Pidgin client with installed Off-the-Record Messaging plugin. It supports multiple instant messaging protocols such as ICQ, Jabber (XMPP), etc. That is, if previously you were using, for example, the official ICQ client and you really loved it, now you will have to say goodbye to it, install Pidgin instead, link your account to other messaging protocols, download and install Off-the-Record Messaging plugin, configure it and … ta-dah! Now try to persuade your friends to do the same. A small remark to those geeks who still trust this method: even that does not fully protect your conversations, because a hacker can use logs stored on the centrilized servers.

Realizing all this most people may disappointedly give up on the idea of keeping personal conversations safe from the snooping eyes. But here is a good news. There’s a free online service named OTR.to (shorted from Off-the-Record), meaning there’s nothing on the record. It is very easy-to-use and can solve the problem of encryption completely. Just see for yourself.

This service is browser-based and requires no registration. So in order to start a private chat you should go to OTR , copy a generated URL and send it to a person you plan to talk to. On following the link, he/she will open a chat window.

Or you can send an automatically generated ID instead of the URL. The second method may seem more complicated than the first one, since your talker will have to open otr.to page by himself and paste the ID number there. However, it is very convenient. You can send a short ID in sms, dictate it over the phone or just send it using the owl post delivery (not meant to be serious).

So you have a chat window opened. You will see two buttons below, their names speak for itself: sound and encryption. In all other respects this a simple chat window, with the only difference that after closing your conversation disappears completely.

Another nice feature is the Self Destructing Message, the second tab in the main menu. This feature allows you to create a message that your recipient will read when it is convenient to him. You can tick ‘Delete after reading’ box, indicate the expiration time (from 5 minutes to 1 year), and you can activate ‘Create message for every new line’ (then you will have as many messages as the number of lines, each with its own password).

Once you have typed your message, press ‘Create message’. You will get two URLs generated to choose from. The first contains the information about the password, so the person who receives this message encrypted will have just to click ‘Decode Secret’ to read it. The second URL does not have the information about the password, so you’ll have to send a password, too. To maximize security you can give it through other communication channels. Thus, in order to read the message your recipient will have to follow the link, insert the password into a required field and click ‘Decode Secret’.

Now some words about technical details of how it works. As stated on the site, otr.to is a p2p chat service, meaning that your computer and your friend communicate directly, so the logs are not stored on third-party servers. OTR (Off-the-Record Messaging) cryptographic protocol is the most secure for encryption. The project is open-source written in JavaScript, so anyone can see how the script works.

Therefore, otr.to service solves the problem of protecting personal conversations just perfect. For the first time neither you, nor your friend will be burdened with security measures.

CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Industrial Cybersecurity

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Related Articles

Do Hackers Really use Metasploit? NO!

Undoubtedly, Metasploit is one of the most organized, well-developed tools in the pen-testers toolbox. But, do hackers use it? Some of them, but not the

Sunset: Dusk VM walkthrough

Sunset: dusk is a vulnerable by design Debian based machine created by whitecrOwz. It is available on https://www.vulnhub.com This machine is ranked as a beginner

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings