//update: even easier: My installer for both messenger and encryption
So first of all, this site doesn’t offer SSL, so if you’re somewhat paranoid, consider using encrypted anonymous networks like TOR or i2p. Otherwise everybody could potentially listen what you’re up to and the kind of software you’re going to use.
Instant Messaging is what most of you might know as ICQ, AIM, YIM, Windows Live Messenger(or “MSN”), Skype, Google Talk, etc.
What I’m going to show you is how to install the instant-messenger Pidgin, the encryption extension OTR and create a jabber-account with a provider of your choice. But don’t worry, this is not getting very technical, in fact, it probably takes you less than 5 minutes(!). At the end of the article you’ll find some more explanations and backgrounds, if you’re interessted.
Step by step
1. Download Pidgin at http://www.pidgin.im/download (Link for Windows)
2. Download the OTR Pidgin plugin at http://www.cypherpunks.ca/otr/ (Link for Windows)
3. Install Pidgin, just doubleclick on the icon and press next every time you’re asked something. Then install the OTR plugin, same procedure.
4. Create a jabber account, for the beginning https://register.jabber.org/ will do (ignore the SSL warning, if you get one). Just choose a nickname, that might be your real name, a nickname or some letter-number-chaos, just remember it and the password too.
5. Open Pidgin, you’re gonna be asked to create an profile/account. Choose XMPP as protocol. Username is the part in front of @jabber.org at your new jabber-address, so the nickname you chose before. Domain is jabber.org. Leave recource free and enter your password. Click Save.
7. Your buddy-list opens, as you might know it from ICQ or Skype. You can now add buddys via the main menu.
8. Enable OTR by clicking Tools/Plugins in the main menu, then scroll down, until you find Off-the-Records Messaging, make sure it’s checked.
9. As soon as you chat with someome who also has OTR installed, Pidgin creates a pair of keys(only for the first time). As from now on the connection is encrypted. Just make sure, the person you’re talking to, is really the person you think it is.
10. That’s what the verifying function is about. On the right side of a chat window, there is a button with encrypted but not authorized butto, click on it and authorize your chat buddy via passphrase, question and answer or by compairing digital fingerprints over a secure connection, e.g. mobile phone or by standing next to each other.
Pidgin is a multi platform chat client. This means you can use whatever chat provider you want to, such as ICQ, Windows Live(MSN) or Skype and use just one programm for all of them. Also, OTR works with all of them, but to be completly independent on commercial providers, I chose jabber.
Now, jabber works a bit like e-mail (decentralized, that is). You have to choose a provider, just like you would choose hotmail.com, googlemail.com, yahoo.com etc for e-mail. There a quite a few providers, for example the Chaos Computer Club in Germany or even German Universities. Since jabber is free software you might even want set up your very own jabber server in your basement like me.
OTR has a pretty good encryption(AES, which is considered good enough for classified data by the US Intelligence Service National Security Agency(NSA), for more information, visit http://en.wikipedia.org/wiki/Advanced_Encryption_Standard). The big advantage is the encryption from end to end, so unless the attacker is in control over your computer, no ones gonna see what you’re writing. Plus, it’s plausible deniable, which means no one, not even your chat buddy, has any digital evidence you have ever said a word, see Plausible Deniability at wikipedia
Jabber, or rather the protocol XMPP is used by various big companies such as Google(google talk) or facebook(facebook chat). You just hardly ever get to know what’s behind a system.