Privacy of Instant Messenger Conversations

People have been using many various instant messengers and this trend is going to continue and number of users to be increased in next years. It is used for chats, voice communications, file sending and even some additional services such are remote assistance, application sharing, playing games etc. IMs are used for both: private and business communications.

There are many security issues that are related to use of IMs. It can be used for spreading malicious software, phishing, spam. But what many users avoid is that it might be easy to monitor and eavesdrop someone’s instant messenger conversations. This is attack on privacy.

Let’s mention here some of instant messengers that are used widely: MSN, Skype, Yahoo Messenger, Google Talk, AIM, ICQ… I probably missed many on this list.

There are many discussions about these issues on many discussion groups, blogs and Web sites. I tried to find more about this and to look at some solutions to protect privacy in instant messenger conversations. I focused on MSN / Windows Live Messenger, Skype and partially on some others.

Microsoft covered privacy issues of wide range of its products and service, including Messenger and Windows Live at this location. There is Messenger Privacy Supplement here.

Even with careful reading I haven’t found is Microsoft able (I think they are) to eavesdrop instant messenger conversations. It is understandable that this can be enforced by government agencies and bodies for security reasons. What is concern for many companies that use MSN as important mean of internal communication between employees, does this give Microsoft possibility, for example, to look at others’ plans, architecture, design, and development of software.

There is interesting discussion on AOL instant messenger (AIM) titled “AOL Eavesdrops, Grants Itself Permission to Steal Your AIM Conversations”, here.

It says:

“Although you or the owner of the Content retain ownership of all right, title and interest in Content that you post to any AIM Product, AOL owns all right, title and interest in any compilation, collective work or other derivative work created by AOL using or incorporating this Content. In addition, by posting Content on an AIM Product, you grant AOL, its parent, affiliates, subsidiaries, assigns, agents and licensees the irrevocable, perpetual, worldwide right to reproduce, display, perform, distribute, adapt and promote this Content in any medium. You waive any right to privacy. You waive any right to inspect or approve uses of the Content or to be compensated for any such uses.”

I wrote at this blog about similar issues related to Skype security concerns here, here and here. There also voices that some companies banned use of Skype in their systems and networks (for example here).

There are many articles or posts that talk about similar issues, I’ve found interesting:

To be honest, even moderate software developer or network administrator, can either develop solution for eavesdropping or sniffing of network communication. There are many tools for this available on Internet as source code, or toolkits that developer can use to add additional features such as content filtering, analyze and so on. I will disappoint many of readers here as I don’t want to direct you to that tools and development kits. I will rather talk about some possibilities how to protect your privacy.

How to protect your privacy?

There are different products on the market that you can use to protect content of your conversations. I’m going to mention and discuss couple of them here.

Zone Alarm (Check Point Company) has separate product IMSecure Pro for advanced instant messaging protection. This tool keeps your instant messages confidential and protects your privacy. It also safeguards your PC from dangerous IM traffic and works with your existing IM clients: AOL Instant Messenger, ICQ, MSN Messenger, Yahoo!, ICQ, and Trillian. Also it is part of ZoneAlarm Internet Security Suite.

Interesting company and product that colleague (thanks to Nenad Hrnjak) pointed me to is GSI Online Limited and their product Total privacy, here.

You should have in mind that you should check with local laws can you use these products. I’ve heard that some governments / countries will not allow encrypting your communication. Also you should be aware that fact that you use encryption can be trigger for other to pay special attention on you.

Share this... Tweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Email this to someone

3 Responses

  1. Dragan, It might also be of value to note that the jabber client PSi enables its users to encrypt messages and chats with the click of a little lock. Its built on open GnuPG.

    Most people should move away from proprietary instant messaging anyway, jabber and PSi offers good alternative and you can use gateways to talk to your not so evolved freinds on MSN, Yahoo, AIM or else. (see: http://psi-im.org/wiki/Encryption)

    Finding a good server with the appropriate gateways can be tricky, I use jabber.apinc.org.

    Good luck

  2. Icarus,

    Thank you for update. I missed to mention jabber in post above. I think that many readers will find this information, that you provided, very useful.

    Regards,
    Dragan

  3. Vladan Maricic

    In my opinion, another good IM client with plugin for encryption is Pidgin 2.0.0 (ex Gaim).
    It can be found here — http://www.pidgin.im/ — and it works with:
    AIM, Bonjour, Gadu-Gadu, Google Talk, Groupwise, ICQ, IRC, MSN, QQ, SILC, SIMPLE, Sametime, XMPP, Yahoo! and Zephyr.

    Additionaly, the plugin can be found here — http://gaim-encryption.sourceforge.net/ –.
    “Gaim-Encryption uses NSS — http://www.mozilla.org/projects/security/pki/nss/ — to provide transparent RSA encryption as a Gaim/Pidgin plugin.”

    Greetings, Vladan

Leave a Reply