End-to-End Encryption for XMPP Instant Messaging
Certain actors, be they governments, intrusive corporations, or just individuals with access, will not be deterred by laws that are meant to protect your privacy. Outsiders have access to your communications in a ways that are hidden from you and from the legal authorities designated to protect you.
There are three ways in which an outsider can access your instant messages:
Accessing messages in transit
As you communicate over the internet, your packets pass through many routers that are controlled by the companies that maintain the internet. When you send messages to the e2e.ee server, your packets are encrypted using Transport Layer Security (TLS). An outsider with access would be able to see that you are communicating with the e2e.ee server, but he could only read the communication if he had strong enough decrypting power. Splitters exist that provide outsiders continuous copies of internet traffic for review. TLS encryption is likely not an obstacle to governement actors.
Accessing messages on the server
Messages sent through the e2e.ee server are decrypted on the server, removing TLS encryption, and then encrypted again with TLS and sent to the recipient. Messages are stored in an archive on the server that is used to synchronize chat history on multiple devices. Here is an example of an archived message:
<message type='chat' to='gruñón@e2e.ee' id='purplee37d5ec5' email@example.com/3WqkL6_h'> <body>Hey gruñón! We need to keep this a secret! Do not mention it to anyone!</body> </message>
If the participants use End‑to‑End Encryption, only the metadata of each message is in plain text as seen in this example:
<message type='chat' firstname.lastname@example.org' id='purple9312d747' from='gruñón@e2e.ee/pidgin'> <body>?OTR:AAMDVhx5UEYhGKsBAAAAAgAAAAMAAADAx4ifhy/Tuj5HH6UG/y U3TtV+xvPAMX0IYpPI/NZUOBX7rbqD2zkzqzX7TnLGBts316/k PIHVQ8cAJ0R5CNeL4GkqjPFhX8A84V8b5l9Jl8H5V0XKKozG+2 xUbSaRDxrFVZwjdySWd/jIImdY7aTMiqMPlFakn4g06USKwmSq dl+JLp4H//b/3lKofE86ZHASbnk2GfEaSonqT3hDe1h5VGiegO HJ2YkNID0wsiGAhArVCxgN5W4j9fwSsuYkR4xHAAAAAAAAAAEA AAABnnYoyUp4ODVsPvRDOJJXFDdW0GTsAAAAFC0mENFfAElR7R +TUfR3n3pAV/U1.</body> </message>
Accessing messages on one of the end-point devices
Messages exist in decrypted states on the participant’s devices. If an interested outsider gains access to one of the devices, physically or remotely, encryption will not prevent him from snooping.
Ensure Your Privacy
Simply by using e2e.ee you have a heightened level of privacy because, unlike other services, neither your email address nor your mobile phone number has an association with your account.
Here are some additional steps you can take to increase your privacy even more depending on your needs:
- Use TOR or a VPN to prevent packet snooping and tracing packets back to you.
- Use End‑to‑End Encryption to make message content legible only to the participants of the conversation.
- Ensure the security of your devices by scanning them for unauthorized software. An even more secure approach is to boot your device from a trusted read-only operating system.
- Immediately after a chat that includes sensitive information, have the participants purge their Message Archives from the Account Management Page.
- When the participants of a chat use accounts on the noarchive.chat domain, none of their messages are archived on the server.
Topics covered on this page:
Anonymize your instant messaging traffic over the Tor Network.