SCATTERCHAT - Secure, encrypted IM Chat client released..

http://www.scatterchat.com/index.html

ScatterChat is a HACKTIVIST WEAPON designed to allow non-technical human rights activists and political dissidents to communicate securely and anonymously while operating in hostile territory. It is also useful in corporate settings, or in other situations where privacy is desired.

It is a secure instant messaging client (based upon the Gaim software) that provides end-to-end encryption, integrated onion-routing with Tor, secure file transfers, and easy-to-read documentation.

Its security features include resiliency against partial compromise through perfect forward secrecy, immunity from replay attacks, and limited resistance to traffic analysis... all reinforced through a pro-actively secure design.

It's free as in beer and open source, though I don't see right away what license it's being released under.

:evilgrin:

provide the government an opening and motivation to break the code....

:)

It is an open source effort. You can help out.
http://www.scatterchat.com/contribute.html

Here's a bunch of non-technical assistance they require:
* Volunteer as a language translator (Chinese, Farsi, and Arabic are especially needed).
* Test the internationalization support (especially the Chinese and Arabic languages).
* Get your friends to use ScatterChat.
* Find human rights activists in your area and tell them about Scatter Chat. Train them, if you can.
* Volunteer as a beta-tester.
* Proofread the user's guide.
* Make your mom read the user's guide, find out what confuses her, and fix it.
* Design a new splash image.
* Find someone who can do any of the above.

development of this open source software....what better way to know how to crack it?

and why break anything.... open a port to the NSA/FBI and transmit your chat to them.... In this world of cable/DSL speeds who knows what data is really sent/received by your puter.

The source code is freely available. Anyone can peruse it to see what the software claims to be doing. And if you're uberparanoid, then you can compile it yourself. And just because you might not consider yourself so technically inclined, there are very many people in the world who are and who do. And the really, truly skeptical will then run the software with a packet sniffer running in the background to make sure the software really is doing what it claims. Furthermore, the software is signed with a digital key and distributed via many mirrors. This way when you download the software you can verify the digital signature of the software and make sure it matches the key, thus ensuring you actually got the software you thought you were getting.

Is it perfect? No. But security is not about being perfectly protected from harm, it is about putting up barriors that make it hard enough to harm you that most people will give up trying. How high those barriors are depends on what your definition of most is, and for the most part here it means just about everybody.

This is about as secure as you can be in the real world. If this isn't secure enough for you, than you shouldn't be using a computer in the first place.

:thumbsup: :thumbsup:

then you shouldn't be using a computer in the first place."

Eggzackly!

Yay techies! These guys love a challenge and big brother doesn't stand a chance.

a no name company... Their parent may be the NSA.... Just IMHO...

.. are trustworthy.

I dunno if he took into account exactly how powerful PGP encryption is, but in it they've got a huge computer (like carnivore but much nastier) at the NSA that can brute-force crack any encryption.

The government has access to a lot of assets and technology that the public does not.

There has never been an unbreakable code in the past...

Not like it matters to (m)any of us, really. We just use it to feel secure, and discuss things that would likely be of no interest to the NSA.

:)

I'll have to read it again, I don't remember it being that bad, especially concerning encryption stuff.

Phil Zimmerman of PGP fame is developing ZPhone.


There really are an arsenal of tools at your disposal now that allow you to be as reasonably secure as possible, as long as you're interacting with someone over the internet.

I post on a public board while I'm at work sometimes. Is there any way possible another poster could "find me"?

On edit - it's a rightie that I argue with all the time. I pissed him off big time the other day by laying the smackdown on his "facts" and I just wonder if he could trace my isp or something, if he was mad enough...and rat me out to my workplace.

please...appreciate any answers

Righties are mostly idiots and there isn't an easy way for him to find your ISP.
What you should worry about is your boss seeing what you are doing if you're posting at work. Lots of companies spy on their employees computer usage. The sysadmin can see pretty much everything you are doing if he/she wants to. Don't assume anything you are doing at work is private.

problems we hire out. Most eveyone is less tech saavy than me! :(

This feller on the public board appears to be pretty techie though so I thought I'd ask. It's the ABC political board so no volunteers. My sense from you all is that I'm probably ok. Thx.

most board admins will never do that, but many boards use volunteers as admins

:)

Encryption looks fairly secure and it seems to work pretty well. The pdf that comes with the source code is very well written and explains crypto for non-techies.

Still, I suspect if the NSA really wants to know what you're doing it can crack this.

Lamport signature scheme and rest easy...