Learn to encrypt your Facebook voice calls and instant messages.
- Understand Facebook communication basics
- Install the messaging application Jitsi
- Add your Facebook account on Jitsi
- Encrypt your Facebook instant messages
- Encrypt your Facebook voice calls
Brenda and Isaac are journalists communicating via Facebook. They know that law enforcement agencies are able to intercept their Facebook messages because they are unencrypted.
They need to learn how to encrypt their communication. If they don't, they worry the content of their communications will be used against them.
You can easily enhance the privacy and security of your Facebook communications by using encryption.
When you communicate over Facebook without the use of encryption, the company and all other third parties it potentially shares your data with (including other advertising companies and law enforcement agencies) can have access to the content of your instant messages (IM) and voice calls (VoIP).
Not only can insecure communication potentially expose your data to beach, but also that of your contacts.
To enhance the privacy and security of your communications, you can install Jitsi: a client which supports the Off-the-Record (OTR) protocol for IM encryption and ZRTP for VoIP encryption.
OTR clients like Jitsi not only makes the content of your communications inaccessible to various third parties, such as governments and corporations, it also makes it inaccessible to Facebook.
Download Jitsi through its website.
Double click on the downloaded Jitsi file; the Open File - Security Warning dialogue box might appear. If it does, click on "Run" to activate the Windows Installer screen, followed by the "Welcome to the Jitsi Setup Wizard" window.
Click on "Next" to activate the "End User License Agreement" window; check the "I accept the terms in the License Agreement" option to enable the Next button, and then click on "Next" to activate the "Destination Folder" window.
Click on "Next" to activate the "Additional Tasks" window and accept the default settings as presented.
Note: Enabling the Auto-start when computer restarts or reboots option may slow down the overall function of your computer, especially if you already have multiple applications configured to run when your computer starts up.
Click on "Next" to activate the "Ready to Install Jitsi" window, and then click on "Install" to activate the "Installing Jitsi" window displaying the installation progress bar.
Click on "Finish" to complete the installation process and automatically launch the "Jitsi Sign in" window as follows:
Note: In some instances, installing and launching Jitsi for the first time triggers a Windows Security Alert prompt screen. This alert is normal behaviour for the MS Windows operating system, it is ok to continue with using Jitsi.
Even if you do not click on any of the buttons, and simply close the prompt window, Jitsi is still able to communicate through Facebook Chat.
Select both Private and Public networks check-boxes, and then click Allow access to see the Jitsi Sign in window or main user interface window.
Facebook has two settings that you might need to change before Jitsi can connect to your Facebook Chat.
Facebook requires a username for Jitsi to connect to Facebook chat. Many Facebook users already have a username.
To check your username, log in to your Facebook account: your username is what appears in the location bar of your browser after https://www.facebook.com/ when you view your Timeline or Page.
Your username is also included in your Facebook email address (e.g. email@example.com).
You can get a new Facebook username by going to your Account Settings > General section or by visiting https://www.facebook.com/username.
To set a new username Facebook might want to verify your account, which might require sending an SMS to a mobile phone number which you will need to provide to Facebook in the verification process.
For more details see Facebook’s explanation of usernames.
Facebook’s “application platform” needs to be turned on before Jitsi can connect to Facebook Chat.
Visit your Facebook Account Settings > Apps section and check that the setting for “Apps you use” is turned “On”.
Note: Turning Facebook’s "application platform" on opens up much of your Facebook data to third-party application developers.
This data is available not only to the Facebook applications that you use, but also to the Facebook applications used by any of your friends.
After turning on Facebook’s "application platform", be sure to check the settings under "Apps others use". This allows you to hide some personal information from applications used by your friends.
Unfortunately, Facebook does not offer settings to hide all personal information.
Certain categories of information (like your friend list, gender, or info you have made public) are visible as long as Facebook’s "application platform" is turned "on". It is up to you to determine whether this is an acceptable trade-off.
Now you are prepared to add your Facebook account on Jitsi. To do this follow the steps below:
Select File > Add New Account... in the main menu bar of Jitsi.
In the "Add New Account" dialogue, Network menu choose Facebook, enter your username and password and Click "Add".
Select Tools > Options from the Jitsi menu and subsequently select the Security tab and its Chat sub-tab. You will then see a window similar to one shown in the image below:
Click on the "Generate" button. As a result you will see the fingerprint of the key that has been generated:
One key is generated for each account. You only need to do this again if you add a new account or install Jitsi on another device and do not move the existing keys to it.
Select a contact from the Jitsi main window and click on the send message icon (first from the left under the contact's name) to open a text chat window:
Note the Encrypt chat with OTR icon, the open padlock on the right-top side of the window. This inconspicuous symbol informs you whether the chat is encrypted or not. Now the lock is open (there is a tiny space between handle and the body of the lock!).
Click on the Encrypt chat with OTR icon. Note the changes in the window:
Observe that the padlock is now locked. This means that whatever messages you and your contact send to each other are encrypted. Note the message that this is an unverified private conversation and that you should authenticate your contact.
Click on the link authenticate firstname.lastname@example.org to open the Authenticate Buddy window:
Note the message that encourages you to compare the fingerprints of vyour keys with your contact over another channel (not this text chat). In doing this, you can be more certain that you are communicating with your contact and not somebody else.
A good choice for key comparisons is to do it face to face, or via video or voice communication as these provide easier means to authenticate the identity of the other person.
After you compare fingerprints, select the option I have verified the fingerprint from the pull-down menu and click on Authenticate Buddy:
Closing the Authenticate Buddy window returns you to the chat window:
Note that padlock no longer includes the orange triangle with the white exclamation mark. This means that you have authenticated your contact.
The authentication should be done only once per contact. If the triangle with exclamation mark returns, it means that you are chatting to somebody who you have not yet authenticated.
This can happen when your contact moves to another device with another encryption key (another installation of Jitsi, or another OTR enabled program, etc.). In this case you will need to re-authenticate each other again to be sure of the identity of person with whom you communicate.
Jitsi offers voice and video chats which can be independently encrypted with open standard called ZRTP.
Click on the contact in Jitsi contact list and click on the voice (second icon from the left under the contact's name) or video (third) icon - see figure 5 above. A new window will appear indicating that Jitsi is establishing the connection:
Your contact will see incoming call notification:
If your contact accepts the call you will receive information that you are connected:
Note the red open padlock. This means that your call is not yet encrypted with ZRTP.
Wait... Your and your contact's programs are establishing an encrypted connection, which may take a moment.
If they succeed you will see the letters zrtp appear against an orange backgrond with a closed padlock like below. If they don't succeed in establishing a connection, you still can chat but without encryption
You can disconnect, restart Jitsi and try again to see if this time the programs will connect with encryption. ZRTP may not work in calls between accounts from different providers (such as between Google and Jit.si).
Observe the section under the letters zrtp and padlock with the message "Compare with partner" followed by 4 characters.
Read these letters to your contact and ask if she sees the same characters. If she does, it means that your communication is encrypted and nobody is interfering with it.
You can click Confirm. The orange zrtp field will turn green:
You may close the black confirmation section of the window by clicking on the white x sign on upper-right part of the black section:
Jitsi lets you voice and video chat with more than one person. Note that with this communication, ZRTP encryption can be engaged between initiator of the call and other parties, but not between parties themselves.
- Tactical Technology Collective: Security in a Box