1 00:00:00,000 --> 00:00:01,000 Okay. 2 00:00:01,000 --> 00:00:08,000 So now that we know how to create an x NPP account, configure pidgin to sign into this account, add 3 00:00:08,000 --> 00:00:11,000 the user and communicate with friends. 4 00:00:11,000 --> 00:00:18,000 In this lecture, I want to show you how to improve the privacy and anonymity of this method of communication 5 00:00:18,000 --> 00:00:22,000 of X NPP using a plugin called OTR. 6 00:00:23,000 --> 00:00:28,000 So as you can see right now, when we're sending messages, you can see in here at the bottom, right, 7 00:00:28,000 --> 00:00:32,000 it's saying that our communication is not private. 8 00:00:33,000 --> 00:00:39,000 To understand why our communication is not private, let's have a closer look on what happens when you 9 00:00:39,000 --> 00:00:40,000 send a message. 10 00:00:41,000 --> 00:00:45,000 So we have David and John here that want to communicate. 11 00:00:45,000 --> 00:00:48,000 They're using an X NPP server to communicate. 12 00:00:48,000 --> 00:00:50,000 It doesn't matter what server they use. 13 00:00:50,000 --> 00:00:53,000 Like I said, they could be using two different servers. 14 00:00:54,000 --> 00:00:57,000 So David has a message that is a secret message. 15 00:00:57,000 --> 00:01:05,000 He sends it to the XMPP server that he uses and then this server might relate to other servers or directly 16 00:01:05,000 --> 00:01:06,000 send it to John. 17 00:01:07,000 --> 00:01:10,000 Then John Can opened the message and read it. 18 00:01:10,000 --> 00:01:17,000 Now, pretty much all of the servers in the list I gave you in the previous lecture support TLS and 19 00:01:17,000 --> 00:01:22,000 if you choose a grade A server, then that means they're using the latest and greatest specifications 20 00:01:22,000 --> 00:01:23,000 for TLS. 21 00:01:23,000 --> 00:01:31,000 So that means the communication between you, between the clients and the server are encrypted and hence 22 00:01:31,000 --> 00:01:32,000 the red lines in here. 23 00:01:32,000 --> 00:01:36,000 That means all of this communication is encrypted. 24 00:01:36,000 --> 00:01:42,000 And if anybody manages to intercept this connection here or here, they will not be able to read the 25 00:01:42,000 --> 00:01:45,000 message because the message will be encrypted. 26 00:01:45,000 --> 00:01:46,000 It will be gibberish. 27 00:01:47,000 --> 00:01:49,000 The only problem is listen to what I said. 28 00:01:49,000 --> 00:01:54,000 I said, the communication between you and the server is encrypted. 29 00:01:54,000 --> 00:01:59,000 So what that means is it means you will be able to read the message. 30 00:01:59,000 --> 00:02:04,000 The server will be able to read the message and the receiver will read the message. 31 00:02:04,000 --> 00:02:08,000 Now it's fine that you and the receiver can read the message. 32 00:02:08,000 --> 00:02:15,000 The only problem is the fact that the server can read the message because the communication between 33 00:02:15,000 --> 00:02:17,000 you and the server is encrypted. 34 00:02:17,000 --> 00:02:22,000 But once the message is delivered to the server, the server will be able to read it. 35 00:02:22,000 --> 00:02:28,000 Now, like I said, you want to make sure you use a server that you trust and read about the reviews 36 00:02:28,000 --> 00:02:30,000 and read about their privacy policy. 37 00:02:30,000 --> 00:02:35,000 And even if the server is great and will not share anything that you do and will not log anything that 38 00:02:35,000 --> 00:02:35,000 you do. 39 00:02:35,000 --> 00:02:39,000 It's still not great that servers can read what we type. 40 00:02:39,000 --> 00:02:41,000 It's not very private. 41 00:02:41,000 --> 00:02:48,000 Therefore, the solution to this is to use a plugin called Otar, which is short for off the record. 42 00:02:48,000 --> 00:02:56,000 And the idea behind this plugin is to make this communication as close as possible to an off the record 43 00:02:56,000 --> 00:03:00,000 private communication that you can have with a friend. 44 00:03:00,000 --> 00:03:05,000 So whenever you're talking to someone about something privately and you don't write anything about it, 45 00:03:05,000 --> 00:03:10,000 so it provides end to end encryption, it provides authentication. 46 00:03:10,000 --> 00:03:13,000 So we'll be able to verify the person we're talking to. 47 00:03:13,000 --> 00:03:17,000 It provides perfect forward secrecy and deniability. 48 00:03:18,000 --> 00:03:21,000 Now, the way this works is so let's go back to our diagram. 49 00:03:21,000 --> 00:03:27,000 We have David, who wants to send a message over an XMPP server that is used in TLS. 50 00:03:27,000 --> 00:03:32,000 So as you can see, we have red lines here indicating that the communication is private. 51 00:03:32,000 --> 00:03:40,000 But what happens is before sending this secret message, David is going to encrypt the secret message. 52 00:03:40,000 --> 00:03:42,000 So the message will become gibberish. 53 00:03:42,000 --> 00:03:48,000 And then and only then he will forward it to the x NPP server. 54 00:03:48,000 --> 00:03:52,000 This means that the message that the server will receive will be gibberish. 55 00:03:52,000 --> 00:03:54,000 It will not be readable. 56 00:03:55,000 --> 00:03:58,000 Then the server will relay this message to John. 57 00:03:58,000 --> 00:04:05,000 When John opens this message, it's still gibberish and he will have to use a key to decrypt it and 58 00:04:05,000 --> 00:04:07,000 read the content of the message. 59 00:04:08,000 --> 00:04:14,000 This way the only two entities that are able to read the content of the message are David and John, 60 00:04:14,000 --> 00:04:16,000 the sender and the receiver. 61 00:04:16,000 --> 00:04:22,000 And even though the XMPP server will read the message, the content of the message will be gibberish 62 00:04:22,000 --> 00:04:27,000 because it got encrypted by David before sending it. 63 00:04:27,000 --> 00:04:33,000 Not only that, anyone that intercepts the communication and here they will have to bypass two layers 64 00:04:33,000 --> 00:04:34,000 of protection. 65 00:04:34,000 --> 00:04:40,000 Now they'll have to bypass TLS and the encryption implemented by the OTR plugin. 66 00:04:41,000 --> 00:04:47,000 So let's go ahead and see how we can configure this with pigeon so that we can encrypt our messages 67 00:04:47,000 --> 00:04:49,000 and send them privately. 68 00:04:50,000 --> 00:04:55,000 So right here, I'm already logged in to the account that we created previously. 69 00:04:55,000 --> 00:05:03,000 And before I send any further on private messages, I'm going to go to tools plugins. 70 00:05:04,000 --> 00:05:07,000 And I'm going to look for OTR or off the record. 71 00:05:07,000 --> 00:05:09,000 We have it right here. 72 00:05:09,000 --> 00:05:11,000 And as you can see, it's enabled by default. 73 00:05:11,000 --> 00:05:15,000 And I'm going to click on Configure to configure this plugin. 74 00:05:15,000 --> 00:05:19,000 And what I want to do right now is make sure that it is enabled. 75 00:05:19,000 --> 00:05:25,000 I want to make sure that automatically initiate private messaging and require private messaging are 76 00:05:25,000 --> 00:05:33,000 ticked so that even if I try to send any messages unencrypted in the future, pigeon will refuse that. 77 00:05:33,000 --> 00:05:35,000 So I'll have to always use encryption. 78 00:05:36,000 --> 00:05:36,000 That's done. 79 00:05:36,000 --> 00:05:38,000 Now I'm going to close this. 80 00:05:39,000 --> 00:05:43,000 And now when we come here, when we come to a conversation. 81 00:05:43,000 --> 00:05:46,000 So let's close this and just show you the steps from the start. 82 00:05:46,000 --> 00:05:51,000 So you'll double click because you want to talk to your friend and again before you do anything. 83 00:05:51,000 --> 00:05:54,000 As you can see, it's saying the communication is not private. 84 00:05:54,000 --> 00:06:01,000 So you can either click on this, you can click on the otter in here or on this icon. 85 00:06:02,000 --> 00:06:09,000 So I'm going to click on this and we're going to select Start Private Conversation to enable OTR off 86 00:06:09,000 --> 00:06:13,000 the record and start communicating with my friend privately. 87 00:06:14,000 --> 00:06:19,000 So as you can see, it's telling us that it's generating a private key for me and it's done. 88 00:06:19,000 --> 00:06:21,000 So I'm going to click on okay. 89 00:06:21,000 --> 00:06:30,000 And right now, if I send a message, so let's say this is a test and send it if we go here. 90 00:06:31,000 --> 00:06:35,000 As you can see, this is the friend that I sent a message to. 91 00:06:35,000 --> 00:06:41,000 He automatically got a private key as well because I requested to initiate a private conversation. 92 00:06:41,000 --> 00:06:45,000 And as you can see automatically for him, it's saying it's unverified. 93 00:06:45,000 --> 00:06:48,000 So it changed from private to unverified. 94 00:06:48,000 --> 00:06:51,000 We'll talk about what the unverified means later. 95 00:06:51,000 --> 00:06:56,000 But basically this means that the communication between us now is encrypted. 96 00:06:56,000 --> 00:06:58,000 And as you can see, we get the message. 97 00:06:58,000 --> 00:07:07,000 So now if I say hello back and go to the other person, as you can see, we received it right here. 98 00:07:07,000 --> 00:07:13,000 And basically this means that any message I send from here or from the other account is always encrypted 99 00:07:13,000 --> 00:07:18,000 at my end and only decrypted at the end at the destination. 100 00:07:18,000 --> 00:07:23,000 So even the server will not be able to read the contents. 101 00:07:24,000 --> 00:07:25,000 So that's it for this lecture. 102 00:07:25,000 --> 00:07:28,000 Now our communication is private. 103 00:07:28,000 --> 00:07:34,000 As you can see, we still have one more notification in here saying that our communication is unverified, 104 00:07:34,000 --> 00:07:36,000 so we bypass the private problem. 105 00:07:36,000 --> 00:07:39,000 Now our communication is unverified. 106 00:07:39,000 --> 00:07:44,000 I will talk about what that means and how to fix this in the next lecture.