[HowTo] Encrypt your Facebook-Chat

Chatting on Facebook is great, but has one major drawback: Facebook records and keeps everything you say. If you think that’s not a problem (e.g. because you subscribe to the “I have nothing to hide, therefore I have nothing to fear” camp), you can stop reading here.

 

But…

  • If you believe privacy is a basic human right
  • If you are discussing business confidential information
  • If you are a journalist having a confidential discussion with a source
  • Or if you’re just having an intimate conversation with a family member

… and you’re not comfortable with Facebook, Facebook’s partners and law enforcement agencies around the world being able to read your conversation at their leisure (even years after it happened!), please read on.

 

“HOW CAN I HAVE A PRIVATE, UNRECORDED CONVERSATION ON FACEBOOK?”

By not using the built-in chat feature from within the Facebook webpage. Instead, we’ll use software that encrypts your messages, so that even Facebook cannot read them.

 

To do this, you need to know your Facebook username. Note that this is different from your real name, or your Facebook “screen name” (i.e. the name your friends see). If you already have a Facebook username, you can see it by clicking on this link (you need to be logged in to Facebook). If you haven’t set one up, you will see this message:

Kontoeinstellungen/Nutzername 

Don’t worry – you can get a username right away!

 

Click on the “Edit” link on the right. It will ask you which username you would like to use, and confirm your Facebook password:

Kontoeinstellungen/Nutzername ändern

Please note it down – you will need to use your Facebook username (just once!)  it in a bit.

 

To make sure your new Facebook username is activated, do the following:

  • Log out of Facebook (closing the window does not automatically log you out!)
  • On the Facebook login page, type your new username instead of the email you have been using for the “Email or phone” field
  • Type your usual password for the “Password” field.
  • Click “Log In”

I don’t understand why Facebook force people to do this, but this logout & re-login seems to be required to get your new username activated.

 

You are now ready to setup a private chat system.

 

Before you continue, please understand:

  1. To have a private chat, both you and the person you wish to privately chat to, need to follow these steps.
  2. If you use multiple computers to chat (e.g. a work computer and a home laptop), you have to repeat these steps in every computer before you use it to chat. You will only have to “prepare” every computer once.

FIRST, DOWNLOAD AND INSTALL THE PIDGIN INSTANT MESSAGING SOFTWARE

Get the software from http://pidgin.im and install it on your computer.

 

Done installing Pidgin? Great. Continue to the next step.

 

DOWNLOAD AND INSTALL THE OTR PLUGIN

The Off The Record (OTR) plugin allows Pidgin users to encrypt their communications. Get it from http://www.cypherpunks.ca/otr/ and install it on your computer.

 

CONFIGURE PIDGIN FOR FACEBOOK

The first time you start Pidgin you will see this:

Zum Facebook Account verbinden

Click on “Add…” – a new window comes up.

 

Adjust the settings as shown, using your Facebook username (Don’t know your username? See above) and password:

Einstellungen vornehmen/zum Facebook account verbinden

 

Click on the “Advanced” tab and fill in the “Connect Server” field as shown:

Einstellungen vornehmen

Almost there! Now click on “Add” to complete setting up your account.

 

You should now be connected to Facebook chat! A list of your online friends will come up right away:

Zertifikat akzeptieren

 

You should now be connected to Facebook chat! A list of your online friends will come up right away:

Buddy-List/Kontaktliste

 

If you see something like the above, congratulations – you are successfully connected to Facebook chat. If you get any error messages, modify your account settings and make sure you have typed everything as shown above. Remember, your Facebook username is not your real name!

 

ACTIVATE AND CONFIGURE THE OTR PLUGIN

From the Pidgin “Buddy List” window go to Tools -> Plugins as shown here:

Plugin-Menü

 

Scroll down the list until you find “Off-the-Record Messaging”. Tick the box next to it – this will enable the plugin:

OTR-Plugin aktivieren. Plugin-Einstellungen können unten per knopf geöffnet werden.

 

Now you may click on the “Configure Plugin” button and check the settings

--

 

Congratulations! You can now chat privately with friends who also use the OTR plugin.

 

You have just made it very difficult for Facebook or anyone else to eavesdrop or record what you say. Just point your Facebook friends to this page and get them using the OTR plugin!

 

START A PRIVATE CONVERSATION WITH PIDGIN AND OTR

You can communicate privately only if the Facebook friend you’re communicating with has followed the above steps, or is using other software that uses the OTR plugin.

 

Double-click on their name to bring up the Conversation window. Notice the “Not private” button on the bottom right?

OTR-Knopf rechts unten im Chattfenster 

This means you have not activated the privacy features yet. But you’re about to!

 

Click on “Not private” and ask Pidgin to “Start private conversation”:

Verschlüsselten Chat starten

 

Pidgin will now attempt to create a secure channel and should display the following:

Unverifizierter aber verschlüsselter Chat

This is the result we want. “Unverified” is not a problem (but see “Improvements” section below). Pidgin tells us that it has established a secure channel to the other end, and you can already use to chat if you wish.

 

Is this not working? Does your request to “Start private conversation” seem to do nothing? Here is a possible reason. You may need to “enable apps” on your Facebook profile.

 

Improvements (optional)

 

With an “Unverified” OTR status you can not yet be 100% certain that the person you are talking to, is indeed your friend and not an impostor, pretending to be your friend.

 

To rule out this possibility you should always verify the people you chat with. You only need to do this once for every friend you wish to chat with.

 

VERIFY THE IDENTITY OF YOUR CHAT FRIENDS

For technical reasons Facebook users have to verify the identity of their friends manually, by comparing so-called “fingerprints“.

 

On the main “buddy list” Pidgin window, go to Tools -> Plugins, then select “Off-The-Record Messaging” and click “Configure Plugin”. (Yes, you were here earlier)

 

In the “Off-the-Record Messaging” window click on the second tab “Known fingerprints”.

Fingerprint-Einstellungen

 

Then select your unverified friend and click the “Verify fingerprint” button.

Fingerprint verifizierung

 

You will now be presented with both yours and your friend’s fingerprints. After you have verified that you both see the same fingerprints on your screens, you can change this to “I have…”

Manuelles verifizieren vom Fingerprint

 

This is annoying, as it requires you to use another communication channel with your friend (perhaps telephone or email, depends on who your enemies might be) to confirm each other’s fingerprint, but as of April 2012 this is the only option Facebook users have.

 

That was the hard part done.

 

After you click “OK”, you don’t have to worry about this again. Next time you wish to talk to this friend, you will just need to click on the OTR button on the bottom right and the conversation will immediately switch to “Private”.

Private/verifizierte verschlüsselte unterhaltung

 

Optionally, you can tell that your messages are encrypted by having the Facebook chat window open in your browser. You should only see messages like these:

Verschlüsselter Chat -  angeschaut auf Facebook-Website

 

Congratulations!

 

Now the only thing Facebook knows is

 

Who you chat with

When you chat with them

…which is a significant improvement from before.

 

What, you still don’t like that? What are you doing chatting on Facebook then?! Go use CryptoCat over Tor, or if your enemies are pros (and you trust your hardware), TAILS.

 

Source: https://apapadop.wordpress.com/2012/03/29/stop-facebook-recording-your-chats/

Zeige Kommentare: ausgeklappt | moderiert

in my eyes encryption of facebook chats creates an unfounded feeling of security. because what really is interesting for all kinds of buggers is the social graph of communicants. so if you think about surveillance ... first thing should be avoiding such centralized, commercial services like facbook.

if you already have pridgin + otr installed why not use jabber?