Safe Online Communication: A Brief Guide to Encryption Methods

By Ava McKinneyOnline Safety

Safe Online Communication: A Brief Overview

We all know there are many ways to protect our conversations online. This article presents the most popular methods for encrypting messages—briefly and to the point, without diving into technical details. It’s intended for those who haven’t yet decided how to secure their online chats.

XMPP: The Foundation of Secure Messaging

XMPP is an open, XML-based protocol for instant messaging, file sharing, voice messages, and more. It offers several advantages:

  • Decentralization: No dependence on a central server.
  • No spam: Spam is virtually nonexistent.
  • Encryption support: OTR in Pidgin, or PGP with other clients.
  • Server flexibility: You can switch servers as needed.
  • Multiple clients: Many different apps support XMPP (Pidgin, Psi+, and others).
  • Security and isolation
  • Flexibility
  • Reputation: Used by many multinational companies for private and corporate servers.

If you’re interested in technical details or the weaknesses of XMPP, you can find more information here and here.

What is OTR?

OTR (Off-the-Record) is a cryptographic protocol for sending secure messages. It uses a combination of AES, symmetric keys, Diffie–Hellman, and the SHA-1 hash function for strong encryption. The main advantage of OTR is that it encrypts messages in real time, not after they’re sent.

OTR is easy to use and reliable. Some popular apps that support OTR for instant messaging include:

  • Pidgin (Windows or Linux)
  • Adium (OS X)
  • ChatSecure (iPhone and Android)
  • Jitsi (Linux, Windows, Mac OS)

What is PGP?

PGP (Pretty Good Privacy) is a program and set of functions for encrypting and digitally signing messages, files, and other electronic data. It can also transparently encrypt data on storage devices, like hard drives.

PGP uses a two-key system: a private key and a public key. Here’s how it works:

  • You write a message, like “Hi, Mom!”
  • You encrypt it, turning it into unreadable code (e.g., “OhsieW5ge+osh1aehah6”).
  • You send this code over the internet. Many people might see it, but only the intended recipient can decrypt and read it.
  • The recipient uses a special key to decode the message. This key is kept secret and never shared.
  • The public key can be shared with anyone who wants to communicate with you. Even if someone intercepts the public key, they can’t decrypt your messages without the private key.

The keys themselves are large numbers with special mathematical properties. If you encrypt something with a public key, only the matching private key can decrypt it.

What About Messengers?

Messengers are the most convenient way to communicate, especially on smartphones. For extra security, it’s best to use a VPN (like OperaVPN or GlobalVPN) alongside your messenger app.

Popular secure messengers include:

  1. Telegram: Uses the MTProto protocol, which combines several encryption methods. For authorization and authentication, it uses RSA-2048 and DH-2048; for message transmission, it uses AES with a key known to both client and server. Cryptographic hash algorithms SHA-1 and MD5 are also used. In “secret chats,” only the sender and recipient share the encryption key (end-to-end encryption), using AES-256 in IGE mode for messages.
  2. Wickr: An alternative to Telegram, supporting multiple encryption standards (AES 256, ECDH 521, RSA 4096 TLD). Wickr is designed to leave no trace, deleting messages from both user devices and servers. It also offers a complete wipe function, making messages unrecoverable. Wickr encrypts nearly all content types (images, audio, video), prevents copying or forwarding, and blocks screenshots. The developers promise military-grade encryption.

Other messengers exist, but to avoid promoting competitors, only these are highlighted. If you’re curious about more options, you can find them here.

Other Ways to Hide Your Conversations

There are services that let you send temporary, self-destructing links with messages or files. You can set the link to expire after it’s read, after an hour, a day, etc. You can also password-protect the link. Most developers claim there are no logs, no archives, and all content is encrypted. While this can’t be guaranteed, these services can be useful for one-time communication.

Examples include: secureshare.pw, privnote.com, pastebin.com

Anything Else?

There are even anonymous social networks (like Diaspora, Friendica). For those who want to stay off the radar, you can even chat in online games—an old-school method.

We hope this article was helpful for anyone still deciding how to protect their online conversations. A detailed guide on setting up TOR, PGP, PIDGIN + OTR, and PSI will be published on our channel soon. Stay tuned!

Wishing you security and anonymity,