OTR Messaging Guide with Pidgin

PUBLISHED 9 AUGUST 2019

Author: InvisibleUser Team

Categories: Communication Privacy

In this article, we will tell you why Pidgin is the best OTR client and provide an OTR Messaging guide for beginners.

We all use messaging services, like SMS, WhatsApp, iMessage, Google Hangouts and Facebook messenger at work or for private conversations. It is a very convenient way to communicate and aside from internet costs, it is completely free. Unfortunately, popular services are highly compromised when it comes to privacy. There are much better options. In this post, we will focus on Pidgin, the #1 OTR client.


Pidgin

Pidgin is open-source and very easy-to-use. The well-designed GUI makes sure that beginners do not make mistakes when setting up the client. Only that way, the software can protect both computer experts and less tech-savvy people.

That is crucial, because journalists and their sources need Pidgin, for example. Many of them are not computer experts. A difficult program would be an obstacle for their private communication, so Pidgin helps them do their important work. You can download Pidgin from the official website.

Setting up OTR in Pidgin

When you start Pidgin for the first time, an account manager opens and lets you add your accounts. After logging in, you can see who is online and start chatting. The client needs a third party OTR plug-in to use the protocol, so please install it.

The plug-in is simply called “Off-the-Record Messaging (OTR)”. Pidgin and its plug-ins are available for all desktop OSs. For all platforms, you can get the OTR plug-in and installation instructions from the CypherPunks website.

With the plug-in, the Pidgin software encrypts everything automatically for you. It is only available on desktop, but for mobile communication there is Signal, which we describe in our article “Chat securely with the Signal Messenger”.

Protocol Support in Pidgin

Natively-supported chat protocols:

  • Bonjour
  • Gadu-Gadu
  • Google Talk
  • Groupwise
  • IRC
  • SILC
  • SIMPLE
  • Sametime
  • XMPP
  • Zephyr

Chat protocols that need plug-ins:

  • Amazon Chime
  • Battle.net
  • Discord
  • Facebook Chat
  • Google Hangouts
  • ICQ
  • Instagram
  • msn-pecan
  • Signal
  • Skype
  • Telegram
  • Twitter
  • WhatsApp
  • Yahoo

IRC and XMPP are two very common protocols for online chats. IRC is Internet Relay Chat and XMPP is the Extensible Messaging and Presence Protocol. IRC is an old-school chat that has been around forever. It was developed in 1988, long before smartphones, WhatsApp and Facebook have been around.

All chat protocols are listed on Wikipedia.


OTR Messaging Guide for Pidgin (non-technical)

We will now explain the steps you have to take. Below, you will find a gallery with screenshots of the steps on a Windows PC.

  1. Download and install Pidgin
  2. Install the OTR plug-in: Download and extract the file. On Windows, move the contents to the user directory %APPDATA%\.purple\plugins. On Linux, move it to ~/.purple/plugins. That is all you have to do. Your folder may be different, just extract the plug-in ZIP file and move the contents into the plug-in directory or use the installer of the plug-in from the website.
  3. Add your account: When you open Pidgin for the first time, you see the Welcome Screen, click on Add... to add an account. Add your XMPP (e.g. Google Talk) or IRC profile and type in username and password. Follow the steps of the account wizard (self-explanatory). When you choose IRC instead of an existing account, you can directly select your nickname and the network (server) you want to use. You can then select a channel within the network you have chosen. Enter it and you can see all people using the channel. Now, a new window should appear and tell you that the account was added. In another window, you will see who is online. Without OTR, you could chat now, but we are going to set up OTR for privacy-focused chatting. You will need a common secret, like a strong password or passphrase. Meet in person with your contact or send it via PGP to exchange the secret you two will use.
  4. Set up OTR: To configure OTR, go to Tools>Plug-ins and scroll down to find OTR. Tick the box and click configure. Choose the account and tick every box in the Default OTR Settings.
  5. Generate a key: Click Generate to generate the private key. Leave this menu and go back to the main menu. Now, go to Buddies>Add. and add your contact. Open a chat with him/her, then click OTR and choose Authenticate Buddy.
  6. Confirm the secret: They will get your request and you will see window to configure your secret, which you have exchanged previously. It should really be a strong password. They will see a similar window. Your contact has to authenticate too, so they have to enter the same secret. If he/she enters the same password and clicks Authenticate, your conversation status changes to private.
  7. Check the status: Check if you see Private in the bottom-right corner to be sure. Start chatting!

PLEASE NOTE: Always make sure that you are using Pidgin version 2.13 (or above), older versions are not safe!

Further Information

You can watch this video from SourceForge for chatting and this video for the OTR setup.

Our OTR Messaging guide covers the basics, but there are far more plug-ins for added privacy and convenience in Pidgin. A full list of plugins is on the Pidgin website.

Previous

Ultimate Chat Privacy with OTR Messaging

Next

Chat securely with Signal Messenger