WEBVTT 00:01.260 --> 00:01.710 Okay. 00:01.710 --> 00:09.780 So now that we know how to use emails to communicate on the darknet privately and anonymously, the 00:09.780 --> 00:14.760 other method of communication that you might want to use is instant messaging. 00:15.270 --> 00:20.850 Now, when it comes to instant messaging, just like everything we spoke about so far, there are a 00:20.850 --> 00:28.440 number of applications that we can use to do this, such as WhatsApp and Viber for phones and Skype 00:28.440 --> 00:30.290 for desktops and phones. 00:30.300 --> 00:36.420 And again, similar to everything we spoke about so far, a lot of these apps are not private and not 00:36.420 --> 00:37.070 secure. 00:37.080 --> 00:41.970 So a lot of them log what you do, they track what you do, they track your messages. 00:41.970 --> 00:45.070 They track the users that you talk to, communicate with. 00:45.090 --> 00:50.040 Some of them have permissions to listen on your mic and the list goes on. 00:50.370 --> 00:55.860 Not only that, even the apps that claim that they use encryption and they are private such as WhatsApp. 00:56.100 --> 00:59.190 We don't really know how this is implemented. 00:59.190 --> 01:00.500 We can't see the code. 01:00.510 --> 01:06.570 So there is even rumors that the end to end encryption in WhatsApp is not 100% secure. 01:06.570 --> 01:12.180 It's not 100% end to end, and Facebook might be able to read the messages that get sent. 01:12.570 --> 01:18.060 Now you'll face this issue with everything that is owned by one specific company, because a lot of 01:18.060 --> 01:21.390 these companies don't share the code used on their programs. 01:21.390 --> 01:24.390 So at the end of the day, you will just have to trust them. 01:25.290 --> 01:30.150 All this aside, all of these applications might be vulnerable to exploits. 01:30.150 --> 01:36.840 And we all heard about the WhatsApp vulnerability that affected all smartphones in which hackers could 01:36.840 --> 01:40.020 hack into any phone by simply calling the phone. 01:40.020 --> 01:43.740 And you won't even need to answer the call and you'll get hacked. 01:43.980 --> 01:48.090 Check out the link in the resources for more information about this vulnerability. 01:48.090 --> 01:52.560 But this is just an example on how these apps can be dangerous. 01:52.560 --> 01:58.770 And again, putting all of this to the side, even if the apps are 100% secure and even if they are 01:58.770 --> 02:06.270 100% private, these apps are installed on operating systems that are not secure and private, such 02:06.270 --> 02:09.090 as iOS, Android, Windows and so on. 02:09.090 --> 02:14.520 And we spoke about how all of these operating systems log data and track their users. 02:15.360 --> 02:21.120 Therefore, if you want to protect your privacy and anonymity, it's a better idea to, first of all, 02:21.120 --> 02:27.150 use an operating system that is more private than other operating systems such as Thales. 02:27.480 --> 02:34.170 This will solve the problem of the operating system and then use a messaging service that is more private 02:34.170 --> 02:36.600 and the messaging app that is more private. 02:37.110 --> 02:40.020 So we're already using Thales and we know how to do that. 02:40.020 --> 02:42.420 So we have the first part of the problem solved. 02:42.810 --> 02:48.720 The next thing that we want to do is to use an instant messaging service that is more private. 02:48.720 --> 02:51.990 And to do this, we're going to use X NPP. 02:52.320 --> 02:57.420 This is a free and open protocol that is not owned by anybody. 02:57.420 --> 03:00.300 So it's not controlled by a single company. 03:00.330 --> 03:01.980 It is decentralized. 03:01.980 --> 03:09.750 So anyone, even you can go and create your own server and use that to communicate with other x NPP 03:09.750 --> 03:10.560 servers. 03:11.100 --> 03:16.530 We can also enhance its security by using OTR and we'll talk about that later on. 03:16.890 --> 03:21.430 And this is a widely used method of communication on the Darknet. 03:21.450 --> 03:25.260 Therefore, it is very important to learn how it works. 03:26.010 --> 03:31.980 So in this lecture, I'm going to show you how to create an X NPP account, and then we'll see how we 03:31.980 --> 03:35.640 can improve its security using OTR in the next lectures. 03:36.480 --> 03:44.250 Now, like I said, X NPP is decentralized, so anyone can run their own server and you can even use 03:44.250 --> 03:46.920 your own server to set up an account. 03:46.980 --> 03:51.570 So right here I have a list of public x NPP servers. 03:51.570 --> 03:54.240 I'm going to include the link of this in the resources. 03:54.480 --> 03:57.990 Now, as you can see, there is a lot of servers that you can use. 03:58.080 --> 04:00.540 You can think of these as email providers. 04:00.540 --> 04:03.480 So each one of them will allow you to create an account. 04:03.480 --> 04:11.640 And once you create an account, you can communicate with any x NPP server with any XMPP account, regardless 04:11.640 --> 04:13.380 of what server it's made on. 04:13.380 --> 04:14.790 So it's similar to e mails. 04:14.790 --> 04:20.320 When you create a Gmail account, you can use it to communicate with Hotmail, Yahoo or any other email. 04:20.340 --> 04:21.930 This is exactly the same. 04:21.930 --> 04:27.660 You can set up an account with any of these servers right here, and once you do, you can communicate 04:27.660 --> 04:33.120 with all of the others, even if you're communicating with a server that is set up by a person, not 04:33.120 --> 04:34.140 a public server. 04:34.890 --> 04:41.190 Now you can see for each server right here we have a hidden service that you can use to access the server 04:41.190 --> 04:42.900 from within the Tor network. 04:43.170 --> 04:50.130 The inbound registration column here specifies whether you can sign up to this account without accessing 04:50.130 --> 04:50.700 the website. 04:50.700 --> 04:57.090 So if you can sign up using the XMPP protocol on its own, using your instant messenger such as pigeon. 04:57.240 --> 04:58.500 In many cases, if. 04:58.500 --> 05:00.210 Even if it says it's enabled here. 05:00.400 --> 05:01.450 It doesn't really work. 05:01.450 --> 05:07.180 So it's better to click on the link of the server that you want to sign up with and manually sign up 05:07.180 --> 05:08.680 and I'll show you that in a minute. 05:09.340 --> 05:18.070 The EP compliance gives an indication of the features and the specifications of X and P that this server 05:18.070 --> 05:19.550 has implemented. 05:19.570 --> 05:24.790 So if you click on this right here, you'll actually get this link right here and it will have a list 05:24.790 --> 05:29.560 of the servers that we have and we can see the features in here on the top. 05:29.560 --> 05:35.500 And each of these features are specifications will be green if the server is implementing it. 05:35.500 --> 05:40.300 So you can see this server right here is implementing all of the specifications. 05:40.450 --> 05:46.300 If we go down, you'll see some servers have red in here, which means that they haven't implemented 05:46.300 --> 05:48.490 this specific specification. 05:49.150 --> 05:54.370 Now you don't really need to go through all of this because again, in this list it's telling you excellent 05:54.370 --> 05:56.560 for the ones that are implementing everything. 05:56.560 --> 05:59.470 So you can just pick one of the ones that say excellent. 05:59.590 --> 06:08.440 And finally, the IAM Observatory grade is a grade of the security of the server of how well they implemented 06:08.440 --> 06:12.400 their TLS, which is their encryption and their DNS SEC. 06:12.670 --> 06:16.180 Again, if you see a for this, that means it's pretty good. 06:16.180 --> 06:18.370 So you can go for one of these servers. 06:19.150 --> 06:24.530 Now, like I said, you can pick any of the servers in here before you do that, as usual. 06:24.550 --> 06:30.640 I highly encourage you to read the privacy policy and see reviews about the server before you actually 06:30.640 --> 06:31.840 go ahead and use it. 06:31.870 --> 06:37.330 But for this lecture, I'm going to use this mail, which actually is a good server and I've seen good 06:37.330 --> 06:38.470 reviews about it. 06:38.980 --> 06:41.260 And as you can see, you get a normal website. 06:41.260 --> 06:44.780 And what we want to do with this right now is just simply register. 06:44.800 --> 06:51.100 So I'm going to click on register to register with them and it's asking us some very simple information 06:51.100 --> 06:52.750 such as a username. 06:52.780 --> 06:55.650 Again, make sure you set this to your fake identity. 06:55.660 --> 06:57.610 So I'm going to set it to John Wick. 06:58.390 --> 06:59.920 I'm going to set a password. 07:01.130 --> 07:04.070 And answer the question and that's it. 07:04.070 --> 07:04.730 We're done. 07:04.760 --> 07:10.580 So as you can see, a very, very simple registration process, very similar to what you would do when 07:10.580 --> 07:12.230 you're signing up for an email. 07:12.440 --> 07:19.040 It didn't ask us for any personal information, and it took us a few seconds so you can actually even 07:19.040 --> 07:20.420 create temporary accounts. 07:20.420 --> 07:25.760 So every time you want to communicate with someone or every week or every two weeks, you can just create 07:25.760 --> 07:30.290 a new account and use that to improve your security and anonymity. 07:31.130 --> 07:38.330 So the username that I picked was John Wick, JH and w c k and it's the server that we have. 07:38.330 --> 07:44.890 Is this so my account is going to be jh n w c k at this m.d. 07:44.900 --> 07:50.540 So like I said, it's very similar to the way e mails work and even the format is very similar to the 07:50.540 --> 07:51.950 format of emails. 07:52.610 --> 07:53.390 So that's it. 07:53.390 --> 07:58.550 The account is created and in the next lecture I'm going to show you how we're going to use this account 07:58.550 --> 08:05.030 to log in to the server using an instant messenger that comes with tales, and we'll see how we can 08:05.030 --> 08:07.940 use it to communicate with other accounts.