1
00:00:01,000 --> 00:00:01,000
Okay.

2
00:00:01,000 --> 00:00:09,000
So now that we know how to use emails to communicate on the darknet privately and anonymously, the

3
00:00:09,000 --> 00:00:14,000
other method of communication that you might want to use is instant messaging.

4
00:00:15,000 --> 00:00:20,000
Now, when it comes to instant messaging, just like everything we spoke about so far, there are a

5
00:00:20,000 --> 00:00:28,000
number of applications that we can use to do this, such as WhatsApp and Viber for phones and Skype

6
00:00:28,000 --> 00:00:30,000
for desktops and phones.

7
00:00:30,000 --> 00:00:36,000
And again, similar to everything we spoke about so far, a lot of these apps are not private and not

8
00:00:36,000 --> 00:00:37,000
secure.

9
00:00:37,000 --> 00:00:41,000
So a lot of them log what you do, they track what you do, they track your messages.

10
00:00:41,000 --> 00:00:45,000
They track the users that you talk to, communicate with.

11
00:00:45,000 --> 00:00:50,000
Some of them have permissions to listen on your mic and the list goes on.

12
00:00:50,000 --> 00:00:55,000
Not only that, even the apps that claim that they use encryption and they are private such as WhatsApp.

13
00:00:56,000 --> 00:00:59,000
We don't really know how this is implemented.

14
00:00:59,000 --> 00:01:00,000
We can't see the code.

15
00:01:00,000 --> 00:01:06,000
So there is even rumors that the end to end encryption in WhatsApp is not 100% secure.

16
00:01:06,000 --> 00:01:12,000
It's not 100% end to end, and Facebook might be able to read the messages that get sent.

17
00:01:12,000 --> 00:01:18,000
Now you'll face this issue with everything that is owned by one specific company, because a lot of

18
00:01:18,000 --> 00:01:21,000
these companies don't share the code used on their programs.

19
00:01:21,000 --> 00:01:24,000
So at the end of the day, you will just have to trust them.

20
00:01:25,000 --> 00:01:30,000
All this aside, all of these applications might be vulnerable to exploits.

21
00:01:30,000 --> 00:01:36,000
And we all heard about the WhatsApp vulnerability that affected all smartphones in which hackers could

22
00:01:36,000 --> 00:01:40,000
hack into any phone by simply calling the phone.

23
00:01:40,000 --> 00:01:43,000
And you won't even need to answer the call and you'll get hacked.

24
00:01:43,000 --> 00:01:48,000
Check out the link in the resources for more information about this vulnerability.

25
00:01:48,000 --> 00:01:52,000
But this is just an example on how these apps can be dangerous.

26
00:01:52,000 --> 00:01:58,000
And again, putting all of this to the side, even if the apps are 100% secure and even if they are

27
00:01:58,000 --> 00:02:06,000
100% private, these apps are installed on operating systems that are not secure and private, such

28
00:02:06,000 --> 00:02:09,000
as iOS, Android, Windows and so on.

29
00:02:09,000 --> 00:02:14,000
And we spoke about how all of these operating systems log data and track their users.

30
00:02:15,000 --> 00:02:21,000
Therefore, if you want to protect your privacy and anonymity, it's a better idea to, first of all,

31
00:02:21,000 --> 00:02:27,000
use an operating system that is more private than other operating systems such as Thales.

32
00:02:27,000 --> 00:02:34,000
This will solve the problem of the operating system and then use a messaging service that is more private

33
00:02:34,000 --> 00:02:36,000
and the messaging app that is more private.

34
00:02:37,000 --> 00:02:40,000
So we're already using Thales and we know how to do that.

35
00:02:40,000 --> 00:02:42,000
So we have the first part of the problem solved.

36
00:02:42,000 --> 00:02:48,000
The next thing that we want to do is to use an instant messaging service that is more private.

37
00:02:48,000 --> 00:02:51,000
And to do this, we're going to use X NPP.

38
00:02:52,000 --> 00:02:57,000
This is a free and open protocol that is not owned by anybody.

39
00:02:57,000 --> 00:03:00,000
So it's not controlled by a single company.

40
00:03:00,000 --> 00:03:01,000
It is decentralized.

41
00:03:01,000 --> 00:03:09,000
So anyone, even you can go and create your own server and use that to communicate with other x NPP

42
00:03:09,000 --> 00:03:10,000
servers.

43
00:03:11,000 --> 00:03:16,000
We can also enhance its security by using OTR and we'll talk about that later on.

44
00:03:16,000 --> 00:03:21,000
And this is a widely used method of communication on the Darknet.

45
00:03:21,000 --> 00:03:25,000
Therefore, it is very important to learn how it works.

46
00:03:26,000 --> 00:03:31,000
So in this lecture, I'm going to show you how to create an X NPP account, and then we'll see how we

47
00:03:31,000 --> 00:03:35,000
can improve its security using OTR in the next lectures.

48
00:03:36,000 --> 00:03:44,000
Now, like I said, X NPP is decentralized, so anyone can run their own server and you can even use

49
00:03:44,000 --> 00:03:46,000
your own server to set up an account.

50
00:03:46,000 --> 00:03:51,000
So right here I have a list of public x NPP servers.

51
00:03:51,000 --> 00:03:54,000
I'm going to include the link of this in the resources.

52
00:03:54,000 --> 00:03:57,000
Now, as you can see, there is a lot of servers that you can use.

53
00:03:58,000 --> 00:04:00,000
You can think of these as email providers.

54
00:04:00,000 --> 00:04:03,000
So each one of them will allow you to create an account.

55
00:04:03,000 --> 00:04:11,000
And once you create an account, you can communicate with any x NPP server with any XMPP account, regardless

56
00:04:11,000 --> 00:04:13,000
of what server it's made on.

57
00:04:13,000 --> 00:04:14,000
So it's similar to e mails.

58
00:04:14,000 --> 00:04:20,000
When you create a Gmail account, you can use it to communicate with Hotmail, Yahoo or any other email.

59
00:04:20,000 --> 00:04:21,000
This is exactly the same.

60
00:04:21,000 --> 00:04:27,000
You can set up an account with any of these servers right here, and once you do, you can communicate

61
00:04:27,000 --> 00:04:33,000
with all of the others, even if you're communicating with a server that is set up by a person, not

62
00:04:33,000 --> 00:04:34,000
a public server.

63
00:04:34,000 --> 00:04:41,000
Now you can see for each server right here we have a hidden service that you can use to access the server

64
00:04:41,000 --> 00:04:42,000
from within the Tor network.

65
00:04:43,000 --> 00:04:50,000
The inbound registration column here specifies whether you can sign up to this account without accessing

66
00:04:50,000 --> 00:04:50,000
the website.

67
00:04:50,000 --> 00:04:57,000
So if you can sign up using the XMPP protocol on its own, using your instant messenger such as pigeon.

68
00:04:57,000 --> 00:04:58,000
In many cases, if.

69
00:04:58,000 --> 00:05:00,000
Even if it says it's enabled here.

70
00:05:00,000 --> 00:05:01,000
It doesn't really work.

71
00:05:01,000 --> 00:05:07,000
So it's better to click on the link of the server that you want to sign up with and manually sign up

72
00:05:07,000 --> 00:05:08,000
and I'll show you that in a minute.

73
00:05:09,000 --> 00:05:18,000
The EP compliance gives an indication of the features and the specifications of X and P that this server

74
00:05:18,000 --> 00:05:19,000
has implemented.

75
00:05:19,000 --> 00:05:24,000
So if you click on this right here, you'll actually get this link right here and it will have a list

76
00:05:24,000 --> 00:05:29,000
of the servers that we have and we can see the features in here on the top.

77
00:05:29,000 --> 00:05:35,000
And each of these features are specifications will be green if the server is implementing it.

78
00:05:35,000 --> 00:05:40,000
So you can see this server right here is implementing all of the specifications.

79
00:05:40,000 --> 00:05:46,000
If we go down, you'll see some servers have red in here, which means that they haven't implemented

80
00:05:46,000 --> 00:05:48,000
this specific specification.

81
00:05:49,000 --> 00:05:54,000
Now you don't really need to go through all of this because again, in this list it's telling you excellent

82
00:05:54,000 --> 00:05:56,000
for the ones that are implementing everything.

83
00:05:56,000 --> 00:05:59,000
So you can just pick one of the ones that say excellent.

84
00:05:59,000 --> 00:06:08,000
And finally, the IAM Observatory grade is a grade of the security of the server of how well they implemented

85
00:06:08,000 --> 00:06:12,000
their TLS, which is their encryption and their DNS SEC.

86
00:06:12,000 --> 00:06:16,000
Again, if you see a for this, that means it's pretty good.

87
00:06:16,000 --> 00:06:18,000
So you can go for one of these servers.

88
00:06:19,000 --> 00:06:24,000
Now, like I said, you can pick any of the servers in here before you do that, as usual.

89
00:06:24,000 --> 00:06:30,000
I highly encourage you to read the privacy policy and see reviews about the server before you actually

90
00:06:30,000 --> 00:06:31,000
go ahead and use it.

91
00:06:31,000 --> 00:06:37,000
But for this lecture, I'm going to use this mail, which actually is a good server and I've seen good

92
00:06:37,000 --> 00:06:38,000
reviews about it.

93
00:06:38,000 --> 00:06:41,000
And as you can see, you get a normal website.

94
00:06:41,000 --> 00:06:44,000
And what we want to do with this right now is just simply register.

95
00:06:44,000 --> 00:06:51,000
So I'm going to click on register to register with them and it's asking us some very simple information

96
00:06:51,000 --> 00:06:52,000
such as a username.

97
00:06:52,000 --> 00:06:55,000
Again, make sure you set this to your fake identity.

98
00:06:55,000 --> 00:06:57,000
So I'm going to set it to John Wick.

99
00:06:58,000 --> 00:06:59,000
I'm going to set a password.

100
00:07:01,000 --> 00:07:04,000
And answer the question and that's it.

101
00:07:04,000 --> 00:07:04,000
We're done.

102
00:07:04,000 --> 00:07:10,000
So as you can see, a very, very simple registration process, very similar to what you would do when

103
00:07:10,000 --> 00:07:12,000
you're signing up for an email.

104
00:07:12,000 --> 00:07:19,000
It didn't ask us for any personal information, and it took us a few seconds so you can actually even

105
00:07:19,000 --> 00:07:20,000
create temporary accounts.

106
00:07:20,000 --> 00:07:25,000
So every time you want to communicate with someone or every week or every two weeks, you can just create

107
00:07:25,000 --> 00:07:30,000
a new account and use that to improve your security and anonymity.

108
00:07:31,000 --> 00:07:38,000
So the username that I picked was John Wick, JH and w c k and it's the server that we have.

109
00:07:38,000 --> 00:07:44,000
Is this so my account is going to be jh n w c k at this m.d.

110
00:07:44,000 --> 00:07:50,000
So like I said, it's very similar to the way e mails work and even the format is very similar to the

111
00:07:50,000 --> 00:07:51,000
format of emails.

112
00:07:52,000 --> 00:07:53,000
So that's it.

113
00:07:53,000 --> 00:07:58,000
The account is created and in the next lecture I'm going to show you how we're going to use this account

114
00:07:58,000 --> 00:08:05,000
to log in to the server using an instant messenger that comes with tales, and we'll see how we can

115
00:08:05,000 --> 00:08:07,000
use it to communicate with other accounts.