Off-the-Record (OTR) is a type of digital instant messaging encryption program. Instant messages (IMs) sent over the Internet, much like email, are akin to postcards, in that any third-party who intercepts them can easily read the contents of each message. Encrypted IMs would be analogous to a letter sealed inside of an envelope; while it is still possible for third-party interception to know whom both the sender & receiver are (that is, the metadata), they cannot read the contents of the IMs themselves. OTR uses end-to-end encryption, much like how PGP uses public key cryptography, without the use of a third party service provider who would otherwise not only be supplying the encryption, but also would be storing your decrypted messages on their server; with end-to-end encryption, its just the two users and the software they’re using between each other.
While some OTR users would suggest that all IM users must always use OTR for every single IM, this is not always possible, whether because a user needs to communicate with an individual who refuses to use OTR, or because an IM is being sent to a group or public chat room, anyway. You’ll also need to consider how you and your associates will verify each other’s fingerprints, whether that be by encrypted email or VoIP, for instance.
The following tutorial will demonstrate how to configure OTR for the Apple Macintosh operating system using the Skype IM/VoIP service. Any other combination of software and operating systems are not applicable for this particular set of instructions.
The OTR Encryption Installation Guide
Before you get started, make sure you first have 1) a reliable Internet connection that doesn’t “time out,” 2) a good browser, such as Firefox, and 3) a Skype handle already configured with your Skype client.
Step 1: Download the Adium IM client.
Step 2: Download the Skype API plugin.
Step 3: Configure Adium with your Skype client. Click Adium on the menu bar, then select Preferences. Under the Accounts tab, click the “+” sign at the bottom of the window, select Skype API, and then enter your Skype login details.
Step 4: Find another individual who has completed the previous steps.
Step 5: Initiate an OTR chat with your associate.
Step 6: Verify each others’ encryption fingerprints. Write or speak your associate’s fingerprint to him, and once he confirms its accuracy, then your associate repeats this by writing or speaking your fingerprint back to you.
Step 7: Disable logging of OTR secured chats.
Step 8: Disable notifications of OTR secured chats.
Congratulations, you’ve successfully installed OTR; now you can send and receive encrypted IMs. If you’d like additional technical support with installing OTR as per this specific combination of software on a Mac OS, then feel free to send me an encrypted email using my PGP public key with the subject line “OTR Configuration Help” (and don’t forget to pass me your public key first!). If you’d prefer some additional guidance with using Adium’s OTR capability, then I suggest you also read both the Surveillance Self-Defense Project’s “How to: Use OTR for Mac” and Security in a Box’s “Pidgin with OTR” (just for comparison’s sake, if for no other reason).