WEBVTT

00:00.720 --> 00:01.140
Okay.

00:01.140 --> 00:08.640
So now that we know how to create an x NPP account, configure pidgin to sign into this account, add

00:08.640 --> 00:11.130
the user and communicate with friends.

00:11.280 --> 00:18.570
In this lecture, I want to show you how to improve the privacy and anonymity of this method of communication

00:18.570 --> 00:22.680
of X NPP using a plugin called OTR.

00:23.400 --> 00:28.710
So as you can see right now, when we're sending messages, you can see in here at the bottom, right,

00:28.710 --> 00:32.550
it's saying that our communication is not private.

00:33.420 --> 00:39.900
To understand why our communication is not private, let's have a closer look on what happens when you

00:39.900 --> 00:40.980
send a message.

00:41.370 --> 00:45.090
So we have David and John here that want to communicate.

00:45.090 --> 00:48.900
They're using an X NPP server to communicate.

00:48.900 --> 00:50.730
It doesn't matter what server they use.

00:50.760 --> 00:53.850
Like I said, they could be using two different servers.

00:54.150 --> 00:57.210
So David has a message that is a secret message.

00:57.270 --> 01:05.340
He sends it to the XMPP server that he uses and then this server might relate to other servers or directly

01:05.340 --> 01:06.690
send it to John.

01:07.750 --> 01:10.480
Then John Can opened the message and read it.

01:10.960 --> 01:17.200
Now, pretty much all of the servers in the list I gave you in the previous lecture support TLS and

01:17.200 --> 01:22.750
if you choose a grade A server, then that means they're using the latest and greatest specifications

01:22.750 --> 01:23.740
for TLS.

01:23.740 --> 01:31.630
So that means the communication between you, between the clients and the server are encrypted and hence

01:31.630 --> 01:32.890
the red lines in here.

01:32.890 --> 01:36.070
That means all of this communication is encrypted.

01:36.070 --> 01:42.580
And if anybody manages to intercept this connection here or here, they will not be able to read the

01:42.580 --> 01:45.310
message because the message will be encrypted.

01:45.310 --> 01:46.600
It will be gibberish.

01:47.280 --> 01:49.840
The only problem is listen to what I said.

01:49.860 --> 01:54.780
I said, the communication between you and the server is encrypted.

01:54.780 --> 01:59.110
So what that means is it means you will be able to read the message.

01:59.130 --> 02:04.710
The server will be able to read the message and the receiver will read the message.

02:04.950 --> 02:08.460
Now it's fine that you and the receiver can read the message.

02:08.490 --> 02:15.480
The only problem is the fact that the server can read the message because the communication between

02:15.480 --> 02:17.310
you and the server is encrypted.

02:17.310 --> 02:22.650
But once the message is delivered to the server, the server will be able to read it.

02:22.980 --> 02:28.110
Now, like I said, you want to make sure you use a server that you trust and read about the reviews

02:28.110 --> 02:30.240
and read about their privacy policy.

02:30.240 --> 02:35.280
And even if the server is great and will not share anything that you do and will not log anything that

02:35.280 --> 02:35.910
you do.

02:35.940 --> 02:39.450
It's still not great that servers can read what we type.

02:39.450 --> 02:41.070
It's not very private.

02:41.820 --> 02:48.810
Therefore, the solution to this is to use a plugin called Otar, which is short for off the record.

02:48.810 --> 02:56.880
And the idea behind this plugin is to make this communication as close as possible to an off the record

02:56.880 --> 03:00.180
private communication that you can have with a friend.

03:00.630 --> 03:05.970
So whenever you're talking to someone about something privately and you don't write anything about it,

03:05.970 --> 03:10.140
so it provides end to end encryption, it provides authentication.

03:10.140 --> 03:13.050
So we'll be able to verify the person we're talking to.

03:13.080 --> 03:17.250
It provides perfect forward secrecy and deniability.

03:18.030 --> 03:21.570
Now, the way this works is so let's go back to our diagram.

03:21.570 --> 03:27.420
We have David, who wants to send a message over an XMPP server that is used in TLS.

03:27.420 --> 03:32.250
So as you can see, we have red lines here indicating that the communication is private.

03:32.400 --> 03:40.200
But what happens is before sending this secret message, David is going to encrypt the secret message.

03:40.230 --> 03:42.360
So the message will become gibberish.

03:42.360 --> 03:48.090
And then and only then he will forward it to the x NPP server.

03:48.810 --> 03:52.920
This means that the message that the server will receive will be gibberish.

03:52.920 --> 03:54.480
It will not be readable.

03:55.410 --> 03:58.520
Then the server will relay this message to John.

03:58.530 --> 04:05.310
When John opens this message, it's still gibberish and he will have to use a key to decrypt it and

04:05.310 --> 04:07.350
read the content of the message.

04:08.220 --> 04:14.820
This way the only two entities that are able to read the content of the message are David and John,

04:14.820 --> 04:16.760
the sender and the receiver.

04:16.770 --> 04:22.950
And even though the XMPP server will read the message, the content of the message will be gibberish

04:22.950 --> 04:27.060
because it got encrypted by David before sending it.

04:27.390 --> 04:33.510
Not only that, anyone that intercepts the communication and here they will have to bypass two layers

04:33.510 --> 04:34.170
of protection.

04:34.170 --> 04:40.590
Now they'll have to bypass TLS and the encryption implemented by the OTR plugin.

04:41.550 --> 04:47.880
So let's go ahead and see how we can configure this with pigeon so that we can encrypt our messages

04:47.880 --> 04:49.410
and send them privately.

04:50.700 --> 04:55.170
So right here, I'm already logged in to the account that we created previously.

04:55.530 --> 05:03.060
And before I send any further on private messages, I'm going to go to tools plugins.

05:04.190 --> 05:07.550
And I'm going to look for OTR or off the record.

05:07.970 --> 05:09.290
We have it right here.

05:09.290 --> 05:11.930
And as you can see, it's enabled by default.

05:11.930 --> 05:15.440
And I'm going to click on Configure to configure this plugin.

05:15.830 --> 05:19.520
And what I want to do right now is make sure that it is enabled.

05:19.670 --> 05:25.850
I want to make sure that automatically initiate private messaging and require private messaging are

05:25.850 --> 05:33.140
ticked so that even if I try to send any messages unencrypted in the future, pigeon will refuse that.

05:33.140 --> 05:35.480
So I'll have to always use encryption.

05:36.110 --> 05:36.710
That's done.

05:36.710 --> 05:38.150
Now I'm going to close this.

05:39.960 --> 05:43.200
And now when we come here, when we come to a conversation.

05:43.200 --> 05:46.980
So let's close this and just show you the steps from the start.

05:46.980 --> 05:51.540
So you'll double click because you want to talk to your friend and again before you do anything.

05:51.540 --> 05:54.960
As you can see, it's saying the communication is not private.

05:54.960 --> 06:01.680
So you can either click on this, you can click on the otter in here or on this icon.

06:02.100 --> 06:09.480
So I'm going to click on this and we're going to select Start Private Conversation to enable OTR off

06:09.480 --> 06:13.560
the record and start communicating with my friend privately.

06:14.310 --> 06:19.620
So as you can see, it's telling us that it's generating a private key for me and it's done.

06:19.620 --> 06:21.450
So I'm going to click on okay.

06:21.570 --> 06:30.480
And right now, if I send a message, so let's say this is a test and send it if we go here.

06:31.500 --> 06:35.310
As you can see, this is the friend that I sent a message to.

06:35.340 --> 06:41.250
He automatically got a private key as well because I requested to initiate a private conversation.

06:41.250 --> 06:45.510
And as you can see automatically for him, it's saying it's unverified.

06:45.510 --> 06:48.270
So it changed from private to unverified.

06:48.270 --> 06:51.150
We'll talk about what the unverified means later.

06:51.150 --> 06:56.460
But basically this means that the communication between us now is encrypted.

06:56.460 --> 06:58.680
And as you can see, we get the message.

06:58.680 --> 07:07.020
So now if I say hello back and go to the other person, as you can see, we received it right here.

07:07.020 --> 07:13.950
And basically this means that any message I send from here or from the other account is always encrypted

07:13.950 --> 07:18.990
at my end and only decrypted at the end at the destination.

07:18.990 --> 07:23.250
So even the server will not be able to read the contents.

07:24.000 --> 07:25.980
So that's it for this lecture.

07:25.980 --> 07:28.260
Now our communication is private.

07:28.530 --> 07:34.710
As you can see, we still have one more notification in here saying that our communication is unverified,

07:34.710 --> 07:36.540
so we bypass the private problem.

07:36.540 --> 07:39.330
Now our communication is unverified.

07:39.450 --> 07:44.070
I will talk about what that means and how to fix this in the next lecture.