Using Secure Chat

Micah Lee has a good tutorial on installing and using secure chat.

To recap: We have installed Orbot and connected to the Tor network on Android, and we have installed ChatSecure and created an anonymous secret identity Jabber account. We have added a contact to this account, started an encrypted session, and verified that their OTR fingerprint is correct. And now we can start chatting with them with an extraordinarily high degree of privacy.

FBI Director James Comey, UK Prime Minister David Cameron, and totalitarian governments around the world all don't want you to be able to do this.

Posted on July 17, 2015 at 6:35 AM • 43 Comments


JBJuly 17, 2015 7:36 AM

And as long as your chat partner has perfect opsec, and nobody you don't want spying on you has a keystroke logger on your or their computer, you are safe.

Clive RobinsonJuly 17, 2015 8:28 AM

@ Bruce,

With regards UK PM David Cameron, I suspect that personaly he does not give a 5h1t about Crypto or Privacy, he's proved himself not to have sufficient knowledge or intelligence, or care to aquaint himself with any unbiased information. Which is why Theresa May ---current Home Sec-- had no luck with her "snoopers charter" when the party were in coalition with a slightly more switched on political party.

Thus now they are nolonger in coalition Theresa May has been chewing Camaron's ear. She in turn is being pushed by very self interested heads of the Home and Foreign Intelligence services, GCHQ and various Chief Police officers via their "union" ACPO.

None of whom can be said to show self restraint in these areas. Just a day or so ago Sir Anthony May the UK govt Interception of Communications Commisioner released a fairly daming report showing that a considerable number of entirely innocent people came to considerable and probably lasting harm at the hands of gung ho usage of intercept data without any sanity checking.

Sir Anthony has revealed what may be 'tip of the iceburg' figures for just police activities of a thousand clear cases out of the total recorded 517,000 accesses to "communications data" --ie actual content-- made last year that were missuesed and "the impact on the effected individual's life was significant" or had "a very serious consequence". With only nine of the misuses being down to errors from telecom suppliers it clearly indicats that police proceadures and oversight with what is "evidence" is very shocking and begs questions about their other activities.

Unfortunatly Sir Anthony gives the game away on the numbers by not naming and shaming the telecommunication providers, the police forces or individual officers. Because "naming and shaming" would lead to a "subversive error culture" and thus cause "greater impactim" on victims. All of which is a way of saying such a culture already exists and thus only reports either errors of no real importance or where they can not be hidden, thus the thousand reported is with a high degree of certainty under reported...

Interestingly Sir Anthony had a barbed comment for the current political incumbrents. By pointing out current systems are distinctly not fit for purpose and saying he hoped his report would contribute to the "significant public debate" about "the privacy implications of the public authorities' use of intrusive powers", he is firing a shot across Theresa May's full steam ahead attitude and saying she should sort out the current mess before adding unneeded complications with more badly thought out and ill constructed overly broad legislation.

Unless some one actually has the gumption to broach this with David Cameron he is unlikely to take this "red alert" message in.

Thus will continue with his usless "no place to hide" empty rhetoric which gets US Pres Obama so excited and thus publicly complementary of Cameron. Which unfortunatly makes Cameron think he's an international statesman of substance ( which the EU has repeatedly shown is most definitely not the case as they laugh at him, not with him).

ThothJuly 17, 2015 8:55 AM

Using Secure Chat is not as simple as it seems if the condition is to prevent Medium Strength Attacks and below attack vectors.

Considering the adversaries at that level being capable of infecting the OS kernel and firmware via remote installation methods and have somewhat better capability at their disposal to process screen display, keystroke and mouse cursor to some extend and read the memory of the RAM and Hard disk and do some simple logic decision.

A normal OS like Linux and BSD variants (and worst case being Windows) that have been hardened to attempt firewall configuration, ACLs (SELinux/AppArmour) and filter off runnable executables as the common approach to userland security.

These OSes are not able to withstand their components breaking down due to their mostly monolithic architecture. Microkernels might help but it will be especially useful if these microkernels are security designed like the NICTA seL4 or to use stuff like Genode.

The integrity of the toolchains are also called into question and a malicious toolchain will always likely be doing things the user of the infected programs most likely doesn't want it to happen.

Security of firmwares and the ability to write to and edit firmware components and even bury itself within the firmware blobs would be disastrous since no amount of wiping the OS or swapping the hard disk out would ever save the situation.

The assurance requirements would go deeper and add more security requirements if a higher assurance is needed.

In simple, it is not simply just downloading a "Secure Chat" application and you are safe. There are too many dependencies to be "safe" or "stay private/ go off-the-record".

If the requirements are to inconvenience script kiddies and not to protect against more powerful attackers like semi/organised attackers, the application itself would have been somewhat OK for such a scenario but considering that "attacks get better", even script kiddies are capable of wrecking nasty pains with just clicks on their GUI hacking programs and a simple "install the Secure Chat program" will not work anymore.

If the needs are to protect against more skilled organisations that have the purchasing power to buy more powerful malwares from contractors or to develop MSA attack vectors (like a Warhawk Govt agency trying to trap a journalist talking to a whistleblower), the above I mentioned must be considered. The computing platform must be trusted. The toolchains must be verifiable. The application must be trusted.

If the needs is to protect against very skilled Warhawk Govts attempts, that is very unlikely to succeed but the use of hardware level security like one-way traffic via data diode, guards, trusted electronic hardwares and all the other Orange Book tactics and tactics used by Govt Agencies themselves must be applied in a stringent manner to at least reach a level of survivability against such High Strength Attack threats. Things like flammable papers containing encrypted quorum-based key shares, using @Clive Robinson's home built weird looking rig to deter remote HSA surveillance tactics found here (, using TFC to communicate with ephemeral keymats and other high assurance but very manual methods are needed. If one could obtain old CPU cores or some form of programmable CPU cores that can be trusted, one could even write a very simplistic cryptographic processor that forgets when powered down or even make your own electronic encryptor if you are skilled in that area.

EHJuly 17, 2015 8:58 AM

Running on Android so they are assuming android is safe though Snowden leaks suggest otherwise. Likewise Tor security has been found to be flawed as discussed by Steve Gibson in Security Now #493 see:
If you are trying to protect yourself from governments, I find the measures described above to be less than effective. If you are trying to protect yourself from the run of the mill data snoopers, these measures are going overboard. Security is only as good as its weakest link and there definitely weak links in the tool chain described above.

Rufo Guerreschi July 17, 2015 9:23 AM

How can the level be "extraordinarily high degree of privacy" if compromising the end-point can allow an attacker to undetectably own you? if very often can do so in a scalable manner through NSA Turbine, FoxAcid and their private world similar (though lesser) systems?

If even going to the huge trouble of using TailsOS wouldn't protect you from vulns in design and fabrication phases of cpu, SoC, etc. to even the very probable bugs in the overall critical HW/SW stacks, that have very insufficient ratio of expert audit relative to complexity?!

E. GoldsteinJuly 17, 2015 9:48 AM

@Clive anent Cameron, Obama's butler, his lack of self-restraint is duly noted and the courts are stepping in to restrain him.

K.S.July 17, 2015 10:08 AM

New use for CryptoWall:

Dear British Citizen,

We have encrypted your hard drive using strong encryption. The decryption password is "password'. Strong encryption is against the law in your jurisdiction. Unless you transfer 1 bit coin to the following address we will notify the authorities.


The Extortion Team

CallMeLateForSupperJuly 17, 2015 10:56 AM

In the paragraph Bruce quoted, I count seven (7) operations that a user must make in order to get a secure chat going. Evidently this chat-cum-Tor tool is for power users only, given the prevailing wisdom that email/file encryption tools, e.g. GPG, are too complicated for the comman man... er... person. (I dispute the validity of that "wisdom", but that's another subject.)

primondoJuly 17, 2015 11:30 AM

@CallMeLateForSupper: I thought the same thing, but you can always use an easy-to-use (but nonetheless secure) messenger like Silent Text or Threema to chat with your mom.

namelessJuly 17, 2015 11:37 AM

OTR is a great protocol. We know from Snowden leaks that the NSA has trouble with OTR. I'd definitely trust it. I've used it many times before.

That said, It does need to be updated: the last release was October 2014. The key agreement only uses 1536 bit DH, and really should use 2048 or larger. Not that there is anything wrong with 1536 bit DH, nobody has been able to break it yet. It just seems a little too close to the edge. Personally, I'd like to see them switch to ECDH in the future using Curve25519 or maybe P-256. They've discussed it in the mailing list, but I'm not aware of it being currently implemented.

Source on OTR key size:

NP hardJuly 17, 2015 11:40 AM

Tendentious wording.
The problem is with that word "you":

FBI Director James Comey.... [doesn't] want you to be able to do this.

An inverse tendentious wording would be:

FBI Director James Comey wants ISIS to be able to do this.

My take:

Mr. Comey doesn't give a hoot about "you." Your unimportant little secrets --which you treasure dearly, but mean absolutely nothing to the future of the world -- are just background noise to his agency. What Mr. Comey does care about is being able to listen in on potentially history changing conversations. Like say, those between the commercial airline pilots who have drifted off to join ISIS and operatives in another country. That's pretty important to him. As it ought to be.

This is not an easy problem. Why pretend it is?
Being deliberately tendentious doesn't help the solution along.

cypherJuly 17, 2015 11:45 AM

Using Textsexure/Signal seems to be a lot easier way of getting basic level of security.
I've tried ChatSecure and it really doesn't work reliably enough with mobile devices.

rgaffJuly 17, 2015 12:08 PM

@NP hard

It's not tendentious when ALL OF "YOU" are ISIS suspects! You are a suspected terrorist! Therefore he absolutely DOES want to listen to you, every single one of you, just to see if his suspicions can be proven true somehow! Of course, he'll use technology to help him "listen" to that much data and process it, because he doesn't have the manpower to physically listen with actual human ears to that much data.... But that doesn't change the nature of it, it's just using technology to reduce the manpower necessary.

Clive RobinsonJuly 17, 2015 12:18 PM

@ NP Hard,

What Mr. Comey does care about is being able to listen in on potentially history changing conversations.

Yeah well he's out of luck on that, that boat sailed a long long time ago and is now well over the horizon of what Mr Comey or the US Government can do legaly or otherwise.

All that Mr Comey is going to achive at the end of the day is a right royal mess, in which the US Government will find it's economy being by passed, thus the US Dollar will lose "trading currency" status and the US economy will probably tank at that point.

It's other people with a few more brain cells realising that, the trick is to use what is left of US trade status to force through PPT and other trade agreements which through the conflict resolution process force other sovereign governments to pay "kick backs" to US Companies for not buying US products. Nothing not even "National Security" issues beat that nasty little clause as Australia amongst others discovered.

Thus PPT is rather more of a serious security risk than most people realise, I just wish they would wake up to what the US is doing with trade agreements, before the idiots sign on the dotted line.

AlanSJuly 17, 2015 12:21 PM

In the past Bruce has made the point that a just society depends on the protection of individual privacy and maximizing corporate and government transparency. Etonian Dave wants the opposite, so it will be no surprise that while the British Nasty Party are demanding backdoors into people's encrypted communications, they are also trying to restrict access to government papers

JdLJuly 17, 2015 1:19 PM

"FBI Director James Comey, UK Prime Minister David Cameron, and other totalitarian governments around the world all don't want you to be able to do this."


AlanSJuly 17, 2015 1:32 PM


I think authoritarian applies. The Tories have been under the sway of Hayek since Thatcher and Carl Schmitt was a major influence on Hayek's political philosophy. It's certainly not liberalism.

edgeJuly 17, 2015 2:26 PM

@Most_of_the_commenters_above -

Yes, if they can get into the firmware or the OS, you are stilled vulnerable. That's not the point. This is all about raising the price of surveillance. Right now the price of surveillance of most chat applications is low enough to make total bulk surveillance achievable. These more secure chat programs, while not invincible, require more costly attacks which can only be done in a targeted manner.

albertJuly 17, 2015 2:38 PM

It should be obvious by now that cyberspying hasn't been very useful as an anti-terrorism tool. It certainly hasn't been worth the money spent on it. The OPM fiasco proves that no one really cares about protecting US computer infrastructure. I submit it would be easier to control the US power grid than to hack the OPM. Much easier.
So you gotta ask, why pour more and more money into it? Yeah, I'm the first to say, 'follow the money', but I have to wonder what other benefits US mass surveillance* has.
Compromised hardware, and compromisable firmware (damn that flash memory) can negate the most Herculean software security efforts. So, if we have it, and they have it; what is the end game? Where is the secret sauce that will make us king of the world?
Maybe we need to flash forward. Maybe the anti-secrecy folks have a point.
* Man, I've been here too long if I can spell 'surveillance' correctly every time:)

rgaffJuly 17, 2015 2:44 PM


I agree with your point. Any raising of the bar is an improvement, and we must do that.

Just beware that at this point, I don't think we can really trust that governments aren't trying to get (or haven't already gotten) mass cooperation (willingly or coercively) from hardware and OS manufacturers to keep the mass surveillance going even once that bar is raised. This is the frustration that I think the other side is expressing.

But that doesn't mean don't raise the bar though. It just means, don't relax and think we've "arrived" once it's raised, we then need to raise it again... and again... and again... all in as quick of succession as we can.

Napoleon SoloJuly 17, 2015 3:12 PM

@Bruce "FBI Director James Comey, UK Prime Minister David Cameron, and totalitarian governments around the world all don't want you to be able to do this."

Or they say they don't, so that you will. What better way of luring you into using a system they've already secretly broken than to claim all sorts of doom and gloom because it exists?

Oh, please don't throw me into that briar patch.

Striped NorwegianJuly 17, 2015 4:30 PM

If you have not yet done so, you guys might want to check out ricochet (, a fork of the now defunct Torchat. It is based on Tor hidden services, so in principle it should protect data and metadata, including resistance against correlation attacks. If you are able to contribute or review code, please swing by their git account and say hello. It really is a worthwhile project.

alexJuly 17, 2015 4:53 PM

Whatever clever OpSec setup you can think about, it's not human nature to be consistent. Also, putting so much energy in OpSec will make you ineffective, Ego: once you're a real target, you're doomed anyway.

Truculent AirbusJuly 17, 2015 4:55 PM

@cypher (re. textsecure):

Textsecure must be downloaded from Google Play (using an existing google account) and requires a registration via SMS with a California-based company. (Guess who's listening in for all the SMS with all of the user ID details.) It simply obliterates any hope of anonymity. SMSSecure, a fork of Textsecure, can be downloaded from F-Droid and does not force users to submit any details or sign up to any service.

ThothJuly 17, 2015 7:21 PM

With the ability to mass infect / backdoor computers with more advanced programs from small contractors like Hacked Team, I wouldn't be surprise any nation state would be able to mass takeover computer systems and who needs to do "sslstrip" when you can simply sit on as many endpoints as possible remotely and listen in ?

Mass infection capabilities are probably getting cheaper everyday and easier if we were to guess even Hacked Team could produce stuff like those to sell them off the black market to rogue nations.

BuckJuly 17, 2015 7:24 PM


Yes, if they can get into the firmware or the OS, you are stilled vulnerable. That's not the point. This is all about raising the price of surveillance.
Seeing as we are all subsidizing the cost of this surveillance through our tax dollars and sunk opportunity costs, is this really a wise course of action? Do we really want to force the FBI to start fscking up all of our firmware because they believe that someone, somewhere, at some point in the future may use strong encryption to communicate ideas that they don't agree with?

The annoyance factor and lost productivity is bad enough without even considering the potential for abuse...

Policy trumps technology almost every time.
It's really all about priorities.

Increasing the price is probably great business for those in the (counter)surveillance industries, but it will be miserable for the rest of us.

rgaffJuly 18, 2015 12:23 AM


As @Thoth pointed out above, I'd like to further point out that several recent-ish no-longer-read threads have spam at the end now...

rgaffJuly 18, 2015 12:26 AM

@ Buck

I find your "don't ever try to improve technology, it will always be hopeless" attitude puzzling...

CallMeLateForSupperJuly 18, 2015 10:03 AM

I find your 'don't ever try to improve technology,
it will always be hopeless' attitude puzzling..."

Apparently Buck is a member of the "resigned" crowd. They're everywhere, darn it!

"Do we really want to force the FBI to start fscking up all of our firmware because they believe that someone [...] may(sic) use strong encryption [...]"

You seem to be unaware that NSA has been doing precisely that for some years now.

Rolf WeberJuly 18, 2015 10:21 AM

Encryption that need a tutorial are non-sellers. This is one reason why end-to-end will never prevail for average users.

rgaffJuly 18, 2015 10:26 AM

@ CallMeLateForSupper

yeah, I just don't really understand the "resigned crowd"... to me, it makes me want to work harder, not give up... it's only impossible when we stop trying, self-fulfilling prophecy and all.

BuckJuly 18, 2015 2:57 PM


"don't ever try to improve technology, it will always be hopeless"
That's not quite what I meant... I'm just not sure what technological problem this will improve. Is it there currently a shortage of firmware rootkits going around? As we all should know, it's much cheaper to attack than defend. Increasing the cost of surveillance may end up costing the defenders much more than it would cost an agency determined to avoid "going dark" at any cost. I can't afford to replace all my hardware after each new 0day hits the wild, so I'll just have to live with it. :-\

This might in turn lead major hardware manufacturers to open-source their firmware and diagnostic tools, which I would consider a major win! ;-)

Technology can be used to rapidly share information, which I generally think is a good thing. However, it can also lead to increased inequality. If that trend continues to accelerate, we might not be worrying only about our infrastructure getting hacked but also about it being physically destroyed.


You seem to be unaware that NSA has been doing precisely that for some years now.
Oh no, I'm fully aware of that... Let's just say I'm not really looking forward to having my disks trashed because every local PD in the world has decided it would be a good idea to deploy rootkits incase they ever need to defeat the 'dangerous evil' that is encryption...

Markus OttelaJuly 18, 2015 5:36 PM

@ Nameless:

Appelbaum said he has read statements, that the NSA can't decrypt OTR communications. Basically, what it means is it can't decrypt the communication retrospectively, i.e. NSA can't decrypt AES encrypted data. But like Snowden said on multiple occations it's the end points that are weak. You don't have to break AES when you can "own the smartphone [running TextSecure] the minute it connects to [their] network", or install a keylogger/screencapper, or steal the private OTR key from the computer and MITM the E2EE transparently; Bulk CNE is again, the future of mass surveillance, so when the NSA says "exploit it all", they mean it, so OTR isn't going to help us until we patch the last 0-day of every OS.

WaelJuly 19, 2015 1:05 AM

At a very high level, there are three general attack points:
1- In transit (transport, protocol)
2- In use (OS, Device)
3- At rest (Storage, Cloud)

Secure Chat hardens the first, and the first only; one out of three. It's an improvement that needs two more complimentary measures for (2) and (3).

voracious lisaJuly 19, 2015 6:23 AM


There are so many reasons why proprietary, web-based chat is wrong (especially if it promises any form of privacy or anonymity whatsoever), they wouldn't even fit in a post.

Bottom line to anyone who may have been tempted: don't be fooled. Do NOT use them.

NP hardJuly 19, 2015 4:06 PM

Clive Robinson:

All that Mr Comey is going to achive at the end of the day is a right royal mess, in which the US Government will find it's economy being by passed, thus the US Dollar will lose "trading currency" status and the US economy will probably tank at that point.

What no zombies munching on the haunches of American children? Which is to suggest you revisit all that. As the prediction feels more like a reflection of a pessimistic inner echo chamber than external reality.


The OPM fiasco proves that no one really cares about protecting US computer infrastructure.

Really? Proves? In whose mind? One can similarly assert that Home Depot and Sony and Target don't care about protecting their computer infrastructure either. Does that make an ounce of sense? Of course the US Govt. cares about self-protecting it's assets. Here's a counter idea: Hardware and software have been adopted quickly (Moore's Law) by businesses and governments and individuals. Computer security is an arcane adjunct in that adoption race. Ergo, the failure to protect is bound to occur, and I would speculate as well: The total numbers of hacks follows Moore's curve.

rgaffJuly 19, 2015 4:28 PM

@NP hard

"I would speculate as well: The total numbers of hacks follows Moore's curve"

Then it would follow, the US Government really should be putting a great amount of effort/money into making communication, computers, and all of electronics hardware more secure.... instead we have the opposite happening: they're deliberately trying to weaken everything from hardware to protocols to encryption standards!!

I supposed that's because they care such a great deal about protecting US infrastructure, that's why they're deliberately trying to weaken it, and amplify the numbers of hacks?

BeepeeepeepJuly 19, 2015 4:42 PM

@Truculent Airbus

Nice try, shillimus maximus. TextSecure only sets you up with their system at the start and it doesn't ask for any personal info. Moreso, SMS is fundamentally an insecure protocol and leaks information like crazy. SMSSecure is objectively worse at privacy than TextSecure.

But hey, if you wanted to prove that you're a spook trying to get people to use bad security tools, than you're well on your way!

Markus OttelaJuly 19, 2015 5:23 PM

@ draft

The automatically generated passwords in do not have sufficient entropy (56-60 bits). (I contacted service provider on this issue). If you use the service, make sure you use a strong password, maybe run following in terminal to generate one:

cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 48| head -n 1

PeterJuly 24, 2015 9:00 AM

@ cypher

"Using Textsexure/Signal seems to be a lot easier way of getting basic level of security."

I have tested a secure chat (browser and end to end based) called GhostMail (yes they also do emails) for a while, it actually runs smoothly. No apps yet. All chats are wiped when logging off.

They are out of Switzerland which suits my comfort level.

They still lack a few features (i.e. save stuff in draft etc.) but all in all a good experience so far.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.