2 months ago

How to Use Private Encrypted Messaging Over Tor « Null Byte :: WonderHowTo

Tor can be an excellent obfuscation network for web traffic, in addition to while instant messaging over the network can be very useful, the item can be relatively difficult to configure. In This kind of guide, we’ll look at two synchronous communications platforms (instant messengers) which can be routed over the Tor network, Ricochet in addition to XMPP.

Ricochet, as described on its website, “uses the Tor network to reach your contacts without relying on messaging servers. the item creates a hidden service, which can be used to rendezvous with your contacts without revealing your location or IP address.” This kind of technique leads to Ricochet being one of the most secure messaging programs available, visible inside the Secure Messenger Scorecard by Yawnbox, which was based on the prior work of the Electronic Frontier Foundation.

Image via yawnbox

This kind of chart compares XMPP in addition to Richochet with legacy SMS in addition to voice calls, showing the difference in features behind each messaging platform. XMPP can be not inherently secure in itself, yet the item can be combined with different technologies to make the item very secure while offering some features in which Ricochet does not. Unlike Ricochet, XMPP traffic can be passed over a server which isn’t under the control of the user, offering less privacy in This kind of sense than Ricochet. However, This kind of setup allows for messages to be carried even when users are not necessarily online.

Don’t Miss: How To Send End-To-End Encrypted Emails To Non-Proton Mail Recipients

XMPP can be used that has a variety of clients, in addition to indeed combined with Tor in addition to message encryption on a variety of clients as well. Clients such as Tor Messenger offer OTR (Off-The-Record) encryption in addition to carry all traffic over Tor, yet the client does not support multipoint encryption. different clients, such as Gajim in addition to Pidgin, as used in This kind of tutorial, require a bit of additional configuration, yet can be configured to use Tor in addition to multipoint encryption while offering a very usable interface.

Step 1: Downloading Ricochet

While Ricochet binaries are available through the Richochet homepage, the Tor variation packaged with the messaging application can be relatively outdated, with the last build through November 5, 2016. While the program itself can be still known to be secure, the Tor variation should be updated for maximum security.

As such, rather than downloading a binary, the item will be best to build Ricochet through source. We can fetch a copy of the source code through git.

git clone https://github.com/ricochet-im/ricochet

Step 2: Installing Ricochet

After downloading the Ricochet source, we’ll need to make sure we have all dependencies before compiling. On Debian/Ubuntu, the following commands should work assuming all dependencies are found inside the repositories.

apt-get install qt5-qmake qt5-default qtbase5-dev qttools5-dev-tools qtdeclarative5-dev qtmultimedia5-dev

apt-get install qml-module-qtquick-controls qml-module-qtquick-dialogs qml-module-qtmultimedia

apt-get install build-essential libssl-dev pkg-config libprotobuf-dev protobuf-compiler

Install Tor, or build the item through source to ensure complete trustworthiness. Otherwise, the item can be installed with apt.

sudo apt-get install tor

Don’t Miss: Access the Dark Web While Staying Anonymous with Tor

Next, move into the Ricochet directory with cd.

cd ricochet

To build in addition to install Ricochet, use qmake first for Qt building. The qmake process should be relatively quick.


Finally, run make to complete the build process. This kind of may take slightly longer to build.


After the build process can be completed successfully, Ricochet can be run.

Step 3: Using Ricochet

We can launch Ricochet by running “./ricochet” through within the Ricochet directory. Errors in addition to warning messages will be logged to the terminal through which This kind of can be launched. On the first run, Ricochet will prompt the user to configure their Tor connection. Unless you wish to use bridges or have a censored or proxied connection, simply clicking “Connect” should be sufficient.

Once Ricochet can be running in addition to connected to Tor, we should first click the “Preferences” cog icon in addition to then the “Tor” tab to confirm the Tor variation in use. If the Tor variation can be at least 0.3.X.X, Ricochet can be safe to use as of October 2017.

The interface of Ricochet can be relatively straightforward. The plus icon at the upper left of the window allows you to add different users based on their ricochet identifiers, formatted as “ricochet:” followed by a string of random characters. The nicknames or contact names assigned to a given ID are entirely client-side, however, when adding a brand new user, one can include a short message to help identify oneself.

Chatting in Ricochet works like any different instant messaging application, type in addition to then press enter. There are no special characters or peculiar text formatting, save for a message capacity limit. The only peculiarity can be in which for security purposes, messages are only visible while the window remains open, in addition to conversations can only be carried out while both parties are online.

Step 4: Installing Pidgin for XMPP

While Ricochet can be extremely secure in addition to has been thoroughly audited, the program itself has several limitations, including the lack of group chat functionality in addition to the need for both users to be online at once.

Check Out: Telegram 101: How To Enable End-To-End Encryption For Your Chats

Instead, we can use XMPP, Tor, in addition to several encryption plugins by using an alternate client. Pidgin can be a multi-protocol instant messaging client available for Windows, OS X, in addition to Linux. To be able to route the item over the Tor network, the item’s simplest to point the item towards the Tor service on a Linux distro such as Ubuntu, Debian, or Kali. Pidgin can be available at the Pidgin homepage, in addition to in most Linux repositories.

On Ubuntu based systems, the item can be installed using apt, as seen below.

sudo apt-get install pidgin

If Tor can be not yet installed, the item will need to be as well. Type the following to install the item.

sudo apt-get install tor

After Pidgin can be installed, launch the item by running “pidgin” on the command line or navigating to the item through the applications menu.

Step 5: Configuring Pidgin

On the first launch, Pidgin prompts the user to add accounts. We can add an account immediately at This kind of time, yet the item may be worthwhile to take special care in choosing servers in addition to configuring our network connection first.

Some XMPP servers will allow inline registration through Pidgin, however, others require registration through a website. When choosing an XMPP server, consider the location of the server, their state policies, in addition to their uptime. A list of XMPP servers can be available at This kind of link.

Check Out: How To Encrypt Your Calls & Texts On Android

If one plans to communicate only over Tor, the item may be worth considering an XMPP server with an onion hidden server for extra privacy, yet keep in mind in which a hidden service server will only be able to communicate with members whose accounts are also on hidden services.

Keep in mind in which while the contents of messages will be private through a server administrator due to encryption, different metadata including messages times, conversation participants, in addition to contact lists may be logged. To avoid This kind of, the item can be possible to host one’s own XMPP server, yet otherwise, the item generally will be sufficient to keep This kind of metadata logging potential in mind in addition to take the necessary operational security precautions.

Don’t Miss: How To Access The Dark Web While Staying Anonymous With Tor

because of This kind of example, I registered an account at the XMPP homepage. If you wish to remain anonymous, the item’s important to register your account over Tor, a VPN like PIA, or both, so to maintain separation between your personal IP in addition to the account you register.

For more: How To Fully Anonymize Kali with Tor, Whonix, & PIA VPN

If you already feel your internet connection can be private in addition to secure, you can click “Add” within Pidgin. Otherwise, the item will be best to close the window in addition to configure our Tor connection, first by ensuring in which the Tor service can be running. We can start This kind of as a daemon using systemd by typing the following.

systemctl start tor

We can alternatively launch the item in its own terminal window with error logging by typing the command below.

sudo tor

Once Tor can be running, in addition to after closing the “Accounts” window, we can access preferences by pressing Ctrl+P, or opening the item under the “Tools” menu.

With This kind of menu open, we’ll want to click on “Proxy” inside the left pane. On This kind of window, the “Proxy Type” drop-down menu should be changed to select “Tor/Privacy (SOCKS5)” rather than “No Proxy.” As the Tor service can be running on our local system at port 9050, we should change “Host” to in addition to “Port” to 9050.

After configuring our global proxy settings, we can add our account by opening “Manage Accounts” under the “Accounts” menu of the main Pidgin window

Here we can add our XMPP account details. Select “XMPP” as the “Protocol” in addition to add one’s username in addition to password. The “Domain” can be the server on which you registered your account in addition to the “Local alias” can be what your account can be named locally. If you’re registering an account on a server which allows online registration, you may wish to check the “Create This kind of brand new account on the server” box.

While Global Proxy Settings should be sufficient because of This kind of process, the Tor configuration data can also be added to the “Proxy” tab of the Modify Account window.

If the account successfully connects when the “Enable” box can be checked, the account can be ready to communicate, yet not necessarily securely. The last part of configuration to do can be enabling in addition to requiring encryption. Open the “Plugins” manager under the “Tools” menu in Pidgin, in addition to look for OTR, or Off-The-Record messaging, in addition to ensure in which the item can be enabled.

If you wish to encrypt group chats, the item may be useful to install Lurch for Pidgin, an implementation of OMEMO, or OMEMO Multi-End Message in addition to Object Encryption. OMEMO can be an adaptation of the Signal Protocol, created by Open Whisper Systems.

Check out: Signal Messenger 101: How To Register Your Signal Account Using a Google Voice Number

After creating sure in which OTR can be enabled, we’ll generally want to enforce the item as a requirement for all chats. This kind of can be done by returning to the “Modify Account” menu, opening the “Advanced” tab, in addition to changing the “Connection Security” drop-down menu to select “Require Encryption.”

With This kind of completed, Pidgin in addition to XMPP should be ready to use!

Step 6: Using Pidgin

Using Pidgin over XMPP can be much like using any different instant messaging client. Contacts appear inside the main Pidgin menu, in addition to brand new contacts added, messages started off, in addition to chats joined through the “Buddies” drop-down menu at the top left of the window.

Once buddies are added, we can open a chat with them by simply double clicking on their name in This kind of panel.

After opening a brand new chat window, we can ensure encryption can be active by viewing the status at the lower right of the window. If “Not Private” or a similar message can be visible, we can begin using OTR by opening the “OTR” menu at the top of the chat window in addition to clicking on “Start Private Conversation.”

With these programs installed in addition to configured, you’re ready to chat more securely using Ricochet or XMPP! Using encryption in addition to privacy tools effectively can be vital inside the face of increasingly sophisticated surveillance which makes private communication less in addition to less guaranteed. the item’s up to you, the user, to take responsibility for your privacy inside the entire world we live in, in addition to learning tools like encrypted messengers are the best way to do so.

Thanks for reading. If you have any questions, you can ask them inside the comments, or on Twitter.

Screenshots in addition to cover image by Takhion/Null Byte

Leave a Comment

Your email address will not be published. Required fields are marked *

three − 2 =