As everybody but the worst conspiracy theorist knows, everything sent over
the Internet is recorded and can be used against us (the buzzing noise you're
hearing is an armed drone circling the building).
Encrypting e.g. Internet Relay Chat a la PGP would protect the message on
the wire from eavesdropping. But if the message is recorded (which it is),
then a compromise of the involved secret keys would allow decryption at
a later date. And since thorough inspection of laptops at airports is routine,
we can assume that keys do get compromised now and then. With classical
public key crypto, the potentially incriminating content is also digitally signed,
so it can be used as a strong evidence against the utterer.
Can we make conversations on the Internet more like private conversations,
which are not normally recorded and where utterances are not signed?
This was answered to the affirmative in Borisov, Goldberg and Brewer's
paper Off-the-Record Communication .
And there's an implementation.
A working constellation for OTR conversation on IRC consists of
There're other clients supporting OTR, e.g
- a pure Python implementation of OTR in the module
- weechat IRC client
- Python plugin for
/OTR command to the standard IRC commands, to initiate
OTR conversations etc.
as packaged for various linux distributions.
For private conversations on IRC I would strongly suggest using OTR.