1
00:00:01,440 --> 00:00:08,930
OK so so far we signed up with ex MPP which like I said can be more private and more anonymous than

2
00:00:08,940 --> 00:00:11,340
normal messaging services.

3
00:00:11,400 --> 00:00:18,150
We're also using this from Thales which is live in MNC and comes with the latest patches and more secure

4
00:00:18,150 --> 00:00:20,120
than normal operating systems.

5
00:00:20,130 --> 00:00:27,120
So right now our method of instant messaging is more private and much more anonymous than normal.

6
00:00:27,120 --> 00:00:31,650
Instant messengers were also use an end to end encryption.

7
00:00:31,650 --> 00:00:38,220
So whenever we send the message it gets encrypted on our end and never gets decrypted until it reaches

8
00:00:38,220 --> 00:00:39,360
the destination.

9
00:00:39,360 --> 00:00:46,500
So no one can read the content of the message even the server that we're using to facilitate the connection

10
00:00:46,680 --> 00:00:48,930
cannot see the messages that we sent.

11
00:00:49,350 --> 00:00:50,970
So this is really really good.

12
00:00:51,000 --> 00:00:53,550
The servers you also use to help us.

13
00:00:53,640 --> 00:00:57,160
So everything is set up properly so far.

14
00:00:57,270 --> 00:01:04,530
The only problem that we have is you can see here at the bottom we it's still telling us that the communication

15
00:01:04,710 --> 00:01:09,740
is unverified so it is private but it's just unverified.

16
00:01:10,350 --> 00:01:17,070
And what's meant by this is right now we're still not sure that the person on the other end this person

17
00:01:17,070 --> 00:01:20,340
right here is who they're claiming to be.

18
00:01:20,340 --> 00:01:26,970
What if someone managed to hack into this person's account or what if someone has managed to impersonate

19
00:01:26,970 --> 00:01:28,020
this account.

20
00:01:28,020 --> 00:01:34,710
So how can we be so sure that the person using this account right here is the person that we want to

21
00:01:34,710 --> 00:01:36,590
communicate with.

22
00:01:36,600 --> 00:01:41,940
So this is what the warning is telling us we haven't verified the person on the other end.

23
00:01:41,940 --> 00:01:47,080
And in this lecture I want to show you a number of methods on how we can do this.

24
00:01:47,310 --> 00:01:54,010
So we're going to click on the notification and we're going to click on authenticate body.

25
00:01:54,120 --> 00:02:00,240
And as you can see in here we have a drop down menu in which we can select the method that we want to

26
00:02:00,240 --> 00:02:04,350
use in order to verify the person at the other end.

27
00:02:05,220 --> 00:02:08,690
So the first method is very simple question and answer.

28
00:02:08,880 --> 00:02:15,420
And the way this will work is you'd want to use a question in here that only the right person can answer.

29
00:02:15,510 --> 00:02:21,230
So you want to make sure that if anybody hacks into their account or impersonates them they want to

30
00:02:21,230 --> 00:02:24,120
be able to answer the question that you enter in here.

31
00:02:25,200 --> 00:02:29,460
So for example let's say I want to ask him where did we meet.

32
00:02:29,670 --> 00:02:35,130
Now this is obviously a really bad question to ask in terms of privacy because this will reveal the

33
00:02:35,130 --> 00:02:37,310
location where you met this person.

34
00:02:37,440 --> 00:02:42,020
But just for testing it's fine and you want to put the answer to this question.

35
00:02:42,060 --> 00:02:46,500
So let's say island and we're going to click on authenticate.

36
00:02:47,160 --> 00:02:52,310
So right now as you can see we're waiting for the person to respond to this question.

37
00:02:52,440 --> 00:02:58,140
And if we go to the person's account as you can see he got this message telling him that the other person

38
00:02:58,170 --> 00:03:00,390
is trying to authenticate you.

39
00:03:00,420 --> 00:03:02,460
The question is Where did you meet.

40
00:03:02,490 --> 00:03:04,850
And he has to put the answer here.

41
00:03:04,920 --> 00:03:10,020
So if I put the correct answer in here click on authenticate.

42
00:03:10,020 --> 00:03:16,230
As you can see it's telling this person that your body has successfully authenticated you and you may

43
00:03:16,230 --> 00:03:17,600
want to authenticate them.

44
00:03:17,610 --> 00:03:23,310
So you may want to use a different method of of authentication to make sure that that person is who

45
00:03:23,310 --> 00:03:24,690
you think they are.

46
00:03:24,690 --> 00:03:31,560
But if we go back here you can see that is telling us that the authentication is successful and the

47
00:03:31,590 --> 00:03:34,290
communication right now is private.

48
00:03:34,290 --> 00:03:36,150
The warning is gone.

49
00:03:36,150 --> 00:03:38,760
So right now we're using end to end encryption.

50
00:03:38,760 --> 00:03:42,740
Everything is encrypted on our end and only decrypted at the other end.

51
00:03:42,750 --> 00:03:49,200
We also verified that the person at the other end is the person that we actually want to communicate

52
00:03:49,200 --> 00:03:49,930
with.

53
00:03:50,130 --> 00:03:56,940
We're using x MPP to send the messages like I said this is a decentralized messaging protocol that is

54
00:03:56,940 --> 00:03:59,510
not really owned by a single company.

55
00:03:59,670 --> 00:04:03,870
And you can even set up your own X MPP servers.

56
00:04:03,870 --> 00:04:11,650
So therefore there isn't a single entity that could spy or could see what's happening now there are

57
00:04:11,650 --> 00:04:14,860
actually other methods to verify the other person.

58
00:04:14,860 --> 00:04:23,830
So if we go here and click on authenticate body you can also choose a secret a shared secret.

59
00:04:23,860 --> 00:04:26,400
So this way you don't ask a question.

60
00:04:26,470 --> 00:04:32,530
You need to have you need to agree with the other person on a secret that you use to authenticate them.

61
00:04:32,950 --> 00:04:35,390
So you would only put the secret in here.

62
00:04:35,470 --> 00:04:37,780
They'll be prompted for the secret as well.

63
00:04:37,810 --> 00:04:42,340
And if you both put the right correct secret they will be authenticated.

64
00:04:42,490 --> 00:04:48,880
And the last method of authentication you can use manual fingerprint verification where you will have

65
00:04:48,880 --> 00:04:54,510
to send your fingerprint which is this one right here this code to the other person.

66
00:04:54,550 --> 00:04:58,180
But you want to do this using another method of communication.

67
00:04:58,240 --> 00:05:05,560
So you want to either call them or send them to them by e-mail or another secure method of communication.

68
00:05:05,710 --> 00:05:13,090
And then once they get it go to the authenticate go on the fingerprints as well and compare the fingerprint

69
00:05:13,150 --> 00:05:17,470
that you sent them to the fingerprint that they see in here.

70
00:05:17,530 --> 00:05:22,390
Now as you can see this method is a little bit more complex and would require more steps.

71
00:05:22,480 --> 00:05:28,510
But the other two methods that I showed you earlier are only available in the recent pigeon versions.

72
00:05:28,600 --> 00:05:34,660
So if your buddy or your friend is using an older version you might have to use this method.

73
00:05:34,840 --> 00:05:36,250
So that's it for now.

74
00:05:36,310 --> 00:05:43,690
You can go ahead and start communicating with your friends use in pidgin with X MPP and OCR and this

75
00:05:43,690 --> 00:05:45,820
way your communication will be private.

76
00:05:46,030 --> 00:05:51,550
You'll be able to authenticate your friend make sure that the right person and therefore your communication

77
00:05:51,550 --> 00:05:53,080
will be more anonymous.