Open Source Browser-based P2P Encrypted Chat Service

If you are not think of becoming the President one day, if you are not involved in any illegal activity, if you do not keep anything back from your wife (some men may have a nervous smile on these words) or husband and you have no secrets from your boss – probably you should not steam your beam over encrypting personal conversations online. But even in this case, do not rush to conclusions. You will never know what may happen. What if one day you decide to become a big gun?

As you may have guessed, this article focuses on encryption of personal messages online. Most people (you are likely to be one of them) do not consider that most of their conversations contain any secrets. Yet, some written chat messages are better to be kept from surveillance of anyone you like: your chief, journalists, wife, etc. You are not going to hide anything from the police, are you? So many people would agree that the encryption of private conversations online is the right thing to do. But how it works?

Until recently the most common method to encipher personal conversations were to use the Pidgin client with installed Off-the-Record Messaging plugin. It supports multiple instant messaging protocols such as ICQ, Jabber (XMPP), etc. That is, if previously you were using, for example, the official ICQ client and you really loved it, now you will have to say goodbye to it, install Pidgin instead, link your account to other messaging protocols, download and install Off-the-Record Messaging plugin, configure it and … ta-dah! Now try to persuade your friends to do the same. A small remark to those geeks who still trust this method: even that does not fully protect your conversations, because a hacker can use logs stored on the centrilized servers.

Realizing all this most people may disappointedly give up on the idea of keeping personal conversations safe from the snooping eyes. But here is a good news. There’s a free online service named OTR.to (shorted from Off-the-Record), meaning there’s nothing on the record. It is very easy-to-use and can solve the problem of encryption completely. Just see for yourself.

This service is browser-based and requires no registration. So in order to start a private chat you should go to OTR , copy a generated URL and send it to a person you plan to talk to. On following the link, he/she will open a chat window.

Or you can send an automatically generated ID instead of the URL. The second method may seem more complicated than the first one, since your talker will have to open otr.to page by himself and paste the ID number there. However, it is very convenient. You can send a short ID in sms, dictate it over the phone or just send it using the owl post delivery (not meant to be serious).

So you have a chat window opened. You will see two buttons below, their names speak for itself: sound and encryption. In all other respects this a simple chat window, with the only difference that after closing your conversation disappears completely.

Another nice feature is the Self Destructing Message, the second tab in the main menu. This feature allows you to create a message that your recipient will read when it is convenient to him. You can tick ‘Delete after reading’ box, indicate the expiration time (from 5 minutes to 1 year), and you can activate ‘Create message for every new line’ (then you will have as many messages as the number of lines, each with its own password).

Once you have typed your message, press ‘Create message’. You will get two URLs generated to choose from. The first contains the information about the password, so the person who receives this message encrypted will have just to click ‘Decode Secret’ to read it. The second URL does not have the information about the password, so you’ll have to send a password, too. To maximize security you can give it through other communication channels. Thus, in order to read the message your recipient will have to follow the link, insert the password into a required field and click ‘Decode Secret’.

Now some words about technical details of how it works. As stated on the site, otr.to is a p2p chat service, meaning that your computer and your friend communicate directly, so the logs are not stored on third-party servers. OTR (Off-the-Record Messaging) cryptographic protocol is the most secure for encryption. The project is open-source written in JavaScript, so anyone can see how the script works.

Therefore, otr.to service solves the problem of protecting personal conversations just perfect. For the first time neither you, nor your friend will be burdened with security measures.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...