Good Open Source, Multi-Platform, Secure IM Client?

Phil O. writes "I work for a company with 30+ locations across North America. Some offices have hundreds of employees; some only a dozen. We're looking for a secure, multi-platform IM client we could implement across the organization. One group is pushing for Microsoft's solution, but it has a number of drawbacks (including cost). What other options are out there, and what has worked well in similar situations? Security is a big concern for the company."

Sametime

[Anonymous Coward]

IBM's Lotus Sametime is very good I think. No idea how much it costs though, probably not cheap and it isn't open source.

Re:Sametime

[enharmonix]

We use sametime at my office and it's just like any other IM client I've used. Two points of note - it offers encrypted chats, and the collaboration tools (screensharing, etc.) work better than Microsoft's Messenger products. I don't doubt, however, that OSS can compete with this - I'd only go ST if you're already using Lotus Notes.

Re:Sametime

[__aardcx5948]

We use sametime at my company, and it's piece of shit. When it works, it works. Often when someone types something in a chat and I click the minimized sametime window to reply, try to write something in the message box, and sametime freezes. Lots of hdd access of no apparent reason. We experience the same on all our machines (2GB RAM). Don't get me started on Notes 8...

Re:

[Anonymous Coward]

I work for IBM. Sametime works okay, but there are tons of problems with it. Just one, for instance, is that you can "smilie bomb" someone with their default java client. Basically you just up the java max heap size, and then send them 256M of smilies so it fills up their heap and crashes java. Fun stuff. I use Pidgin to connect to sametime using the meanwhile plugin myself.

It shouldn't.

[Junta]

No software should have that problem. If it can't handle it, it should reject/drop the message, not crash (preferably with a substitute message saying message was dropped because sender.

Not confirming the Sametime behavior described, just speaking from experience of many many instances of developers feeding me BS about how they shouldn't have to tolerate some condition or another as it is artificial and stupid, not acknowledging a DoS as a serious problem.

Re:Sametime

[Exstatica]

no way, http://www.igniterealtime.org/ [igniterealtime.org].
Openfire is amazing and with thier Sparks client it gets even better.
Includes SSL, open API, different database backend, including LDAP. I've been running it for my office on a linux box connecting to a windows AD authentication. Best part about it is you can manage everyones contact lists. So no more invite this person add this person.
Openfire (formerly Wildfire) is a real time collaboration (RTC) server dual-licensed under the Open Source GPL and commercially. It uses the only widely adopted open protocol for instant messaging, XMPP (also called Jabber). Openfire is incredibly easy to setup and administer, but offers rock-solid security and performance

BTW i'm not affiliated with them, i just have used thier projects for years. Go opensource!

Re:Sametime

[bigstrat2003]

Are you kidding? The Spark client is the biggest piece of shit I've ever used. Random freezing (the UI will just freeze for up to a minute on my work PC), stops remembering what group you put buddies into... it blows ass.

Re:

[Exstatica]

I used to have that issue to, But i updated my java recently and the issue has cleared up.

Re:

[devjj]

I'm with you on this one. Spark absolutely blows. You'd never know Openfire is as great as it is judging from the client designed for it.

Re:

[darkpixel2k]

We run Openfire as well. Spark is multiplatform (Windows, Linux and Mac) but, as you can read from the other comments, it's not so great.

I used something similar. A linux box running ejabberd with a script that runs every night to sync accounts with AD. I used the shared rosters to put people into groups (until they support rosters from AD groups). Then I used the spark client because it was the only one I found with an MSI package (the company is almost entirely Windows except for the jabber server), and then I deployed it through Group Policy.

Finally, I wrote a quick VB Script that runs on login and checks if a user has a .profile or

Re:

[a_nonamiss]

I administer two Openfire servers at different locations in my company. One runs on a Windows server, the other on a Linux server. One has a mysql backend, the other runs on MS SQL. Both integrate seamlessly with Active Directory, and provide SSL encrypted communications between each other and the clients. Honestly, despite the vastly differing setups between the two sites, it's amazing how easy it was to get them to work with each other. I have to admit that Spark needs quite a bit of work, but there are a

Sametime is slightly open source

[TimTucker]

Although Sametime itself isn't open source, the newer versions are based on Eclipse (as are the more recent versions of Notes). Whether or not the overhead of running an instance of Eclipse to handle IM is a good idea or not is up to you.

Anonymous Coward

[Anonymous Coward]

Jabber server, pidgin clients, and http://pidgin-encrypt.sourceforge.net/ for security. Really it's a shame this even made it to slashdot. Can't anyone google anymore?

Re:Anonymous Coward

[Chris Acheson]

OTR is more secure that pidgin-encryption, and works with other IM clients as well.

Portable

[Forty Two Tenfold]

Plus, pidgin is portable.
http://portableapps.com/apps/internet/pidgin_portable [portableapps.com]

Re:

[fxkr]

You might want to check their homepage [cypherpunks.ca] and the Wikipedia [wikipedia.org] article.

OTR works very well for me. I recommend Pidgin as a client and Jabber as a protocol.

Re:Anonymous Coward

[2starr]

No kidding. I'm looking for a good open-source web browser. Anyone know of one?

Re:Anonymous Coward

[Fred Ferrigno]

Anyone know a news site for nerds, something with stuff that matters?

Re:Anonymous Coward

[Kent Recal]

Maybe try digg [digg.com]?

Pidgin + OTR

[314m678]

Pidgin + OTR pluggin

http://www.pidgin.im/ [pidgin.im]

http://en.wikipedia.org/wiki/Pidgin [wikipedia.org]

http://www.cypherpunks.ca/otr/ [cypherpunks.ca]

Re:

[TheLink]

Pidgin for windows is pretty crappy though

It hangs quite often (more if you don't use the tab mode, and if you use tab mode, if some spammer spams you, you can't tell from the taskbar who sent you the message - it could look like someone else is sending you a message).

It often doesn't succeed in sending messages to people on MSN - 5 minutes after I send, it'll tell me it failed. 5 minutes!

You can't easily filter out "spim", even if you use stuff like bot sentry you still get bugged about it- which completel

Re:Pidgin + OTR

[JCSoRocks]

The MSN bug is the only one I've run into. Other than that I've always thought Pidgin was great. I've been forced to switch over to Windows Live Messenger and I really don't like it after using Pidgin. The Outlook integration doesn't make up for the clunkier UI and the inability to connect to other networks.

Re:Pidgin + OTR

[Bert64]

Most likely the MSN bug in pidgin is due to having to reverse engineer the protocol every time it gets changed...

Re:

[biz0r]

Pidgin unstable? This is news to me and I use pidgin to connect to AIM, MSN, and Google. And combined have over 150 contacts I converse with...sometimes a dozen at a time.

I have never had issues sending messages to people on MSN either...are you certain it isn't just the specific computer you are using it on?

Re:Pidgin + OTR

[srussell]

Note that the OTR plugin is available for several IM clients, including KDE's Kopete, Miranda, mICQ, and several others.

I'm still waiting for it to show up for the Android chat client, but it is still early days...

--- SER

Re:

[kelnos]

If you're the kind of person who actively doesn't trust your jabber server, then I imagine you're the kind of person who will actually check OTR key fingerprints, and thus the MITM attack described in your link doesn't really work. (Well, ok, it works, but it's trivially detectable.)

jabber

[muckdog]

I'm betting www.jabber.org will be echoed over and over in the responses. Considering Google uses it to power Gtalk I say its scalable.

Re:jabber

[rlp]

I agree - not too hard to set up your own jabber server with an SSL connection. If you REALLY want to be secure, you won't rely on someone elses server.

Re:jabber

[Macrat]

Here's a jabber server with ssl ready to go.

http://wikis.sun.com/display/CommSuite/Sun+Java+Communications+Suite+Information [sun.com]

Re:jabber

[Britz]

If the clients use end-to-end encryption and share the password through a secure different channel (e.g. encrypted email) does it really matter if the server is your own?

Re:

[westyvw]

Thats the bottom line. You want your own IM server. Use that as a filter before you even get started looking.

Multi-platform

[jkinney3]

Microsofts solution is NOT multiplatform. Anything that runs jabber protocol has a multiplatform client.

Re:Multi-platform

[Haeleth]

Microsofts solution is NOT multiplatform.

What do you mean? It runs on both kinds of computer, XP and Vista.

Pidgin?

[yakumo.unr]

So how about Pidgin [pidgin.im] with the OTR plugin [cypherpunks.ca]? afaik you can't get more secure than OTR with IM, and it's available for a few different clients.

Re:

[cowtamer]

Mod parent up. Pidgin is not as full-featured as MS's IM, but otherwise rocks (esp. wrt security)

Re:

[Liam]

Kerberos [mit.edu] will authenticate without storing or sending passwords. It works for email, remote login (ssh, telnet, rlogin), file service (AFS, ftp) and web as well. Pidgin supports Kerberos, though you wouldn't know it to look at the documentation; it took me a while to realize I needed to load the Debian package libsasl2-modules-gssapi-mit [debian.org].

Openfire + Spark

[mackil]

We use the Openfire server (www.igniterealtime.org) with the Spark client over several offices in different states and over 3 different platforms. SSL is available as well (which we use).

So far no problems beyond user error. I'd recommend it.

Re:

[ErnieD]

I'll second that, we use Openfire within our IT department (spanning 3 locations plus accessible via VPN). Spark is the primary client we give to our people but they're also free to use any other Jabber client they want like Pidgin, Miranda, Exodus, etc. We have SSL enabled and message auditing & archiving turned on which is also important for businesses in certain markets. We have it authenticating off our Active Directory via LDAP lookup. There's also a Flash-based web client which simply is a SWF tha

Re:

[SuperQ]

I use openfire for my personal jabber server, it's been reliable, and keeps getting good updates.

I haven't used the spark client, and I haven't had good luck with the web client. That's probably the biggest thing I wish I could find was a good web client like gmail chat.

Re:

[WuphonsReach]

We use Wildfire (a.k.a. Openfire) with Pandion (on the Windows machines) and iChat on the Macs. Some folks use Miranda or other chats. Openfire/Wildfire ties nicely into Active Directory, letting you populate user lists and do authentication against the AD. We're using SSL to secure the transport protocol.

Pidgin with OTR

[betterunixthanunix]

Use Pidgin with OTR. It is a good balance of security and convenience, you just need to be careful about not having your hardware stolen (OTR keys are not symmetrically encrypted the way PGP keys are). You might be able to resolve that by also using whole disk encryption...

Re:

[lostchicken]

OTR doesn't actually use the keys it stores for the encrypted message. When you start a new conversation, both sides generate a new set of session keys randomly. The stored key is then used to sign the session keys so that the other party can trust that the session key is valid, and from you.

If you lose your keys, an attacker can pretend to be you until you update the public keys that your friends will be looking for, but previous messages aren't compromised. In that way, it's a fair bit safer than PGP.

Jabber?

[nine-times]

I've never actually implemented Jabber before, but it seems like the obvious answer. You should be able to set up your own server without paying any software costs, and use GAIM/Adium. I think encryption is supported, but it's slightly less of a concern if the traffic never leaves your own network.

Actually, depending on your requirements, you may not want clients to encrypt traffic, so that you can log and archive it.

Re:

[infinityxi]

Jabber is actually a pretty easy set up. You can grab a ejabberd or OpenFire and set your domain up around it. Encryption and retention is also pretty easy to set up. It seems to make the most sense if this is about in house communication on a company level as one can easily make JIDs mirror email addresses.

Re:

[krakelohm]

I second the use of Openfire. I have been using it since it was wildfire, its nice and small on the server, web interface for setup and uses Jabber so you can choose the client that works for you. One note though, I would stay away from their client (spark), it works good but man its a memory hog and slowwwww.

http://www.igniterealtime.org/projects/openfire/index.jsp

Re:

[SuperQ]

I also love openfire, I tuned the java memory usage down a bit, but I guess I don't have enough users to see if it's slow or not.

How many users and what hardware are you using?

It supports clustering, so I guess you can always scale it that way.

IRC plus ssh/ssl tunneling

[jonaskoelker]

Actually, depending on your requirements, you may not want clients to encrypt traffic, so that you can log and archive it.

Exactly my thoughts.

I'd recommend IRC. Set up one IRC server per location and tunnel inter-office connections over ssh or ssl [have a look at stunnel]. Whether to encrypt intraoffice communication depends on local requirements, but again there's stunnel.

If employees don't trust each other or the sysadmins, your organization probably either has serious problems, or it's the DOD.

Re:

[Binestar]

If employees don't trust each other or the sysadmins, your organization probably either has serious problems, or it's the DOD.

Or it's something like a Hospital or Dr office and everyone doesn't need to know that Patient A is being moved by Nurse Station A to Nurse Station B and is his room ready?

Information wants to be free, but privacy is a good thing. I'm actually in the process of examining various Jabber servers for something that can authenticate to Active Directory and supports encryption for a Surge

Any XMPP Client

[infinityxi]

I would go about your problem by first separating the client from the actual protocol. If you are worried about cross platform I would of course go with an XMPP solution. You can do the following:

- Run an OpenFire server Here [igniterealtime.org]
- Pick from a slew of XMPP clients but I would problem pick the Spark IM Client (Same people as the OpenFire software)

This way you don't have to worry about Client A working with Protocol B across Windows/Linux/Mac.

Using XMPP is also an easy way to control your IM facilities as you can create an organizational system for creating names such as using email addresses as screen names and not have to worry about Bob from Accounting using PiMpMaSta23.

I would evaluate OpenFire and the Spark IM client and see if it fits. The server is very easy to set up and administer. You can also use Pidgin or Psi as XMPP clients although I think Spark is the most professional looking of the three.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Pidgin performs beautifully cross-platform

[Arrogant-Bastard]

Pidgin is portable, under active development, works for multiple IM protocols, sports a healthy collection of plug-ins that augment its functionality -- include OTR to provide relatively secure messaging services. It's not perfect by any means, but I've deployed it across a 150-person organization and found that it more than met their needs. So if you're going to spend money -- not that you need to -- one possible course of action is to try pidgin, identify any issues that are causing you problems, and negotiate a deal with the developers: make a contribution to fund the development, which in turn not only benefits you but the entire rest of the user community.

Why IM?

[Hatta]

Why not IRC?

Re:

[0100010001010011]

Internally hosted IRC server with only SSL connections.

Re:

[Khyber]

I have yet to see a reliable working UnrealIRCd server hack.

As long as they didn't use mIRC and kept their IRC network completely internal (kinda tough to do without some VPN connecting to the other 30+ locations plus password entry into channel (or an allow list) they shouldn't have too much of an issue.

And of course IRC does have SSL connection capability.

Re:

[jonaskoelker]

kinda tough to do without some VPN connecting to the other 30+ locations

Uhmm... you are aware that as part of the IRC spec, IRC daemons are to organize themselves in a spanning tree, right? [netsplits happen when an edge gets cut].

Run one IRC server at every office. They connect together tunneled with stunnel or ssh. Then you have intraoffice communication independent of any other office, and secure interoffice communication when the net is up.

Most clients support sending un/pw to the server, and most servers support throwing off clients with bad un/pw combos. Or do it the

Re:

[Khyber]

Some clients are simpler, and I'm sure ChatZilla is easy enough for some corporate person to look at, figure out how it works, change it up some so it simply connects on loadup to the servers and channels. And since Firefox is on Mac/Linux/Windows, it'd be trivial to implement.

From there, it's just typing your message in a bar and hitting enter, and reading. It's the same as a bunch of people in one AIM chat window, just a different viewing screen and different protocol.

Openfire and Spark

[DnemoniX]

I have used this combination at two jobs now, it supports multiple offices and also has LDAP integration if you wanted to hook it up with Active Directory. There are also a handy assortment of plugins available.

GroupWise IM

[Emrys01]

Novell GroupWise Instant Messenger is secure by default. It has its own client or you can use Pidgin. The server is not hard to set up and get running either. (Disclaimer, I work for Novell.)

Re:GroupWise IM - whoa no

[poetmatt]

Nobody on slashdot would typically suggest Novell for anything. Patent issues, selling their soul to MS, working with mono, You should know better. [boycottnovell.com]

Pidgin + OTR + Jabber server if needed = good solution, open source, no software costs of any kind (only hardware).

Re:

[Bert64]

Does it use standard protocols (XMPP, or maybe SIP)?
Does it store it's user data (users/passwords, profiles, logs etc) in standard formats?

I think it would be foolish to implement something proprietary, because it will restrict your movements in the future.

Check out SupraBrowser

[Anonymous Coward]

SupraBrowser [sourceforge.net]

It's a secure, threaded IM client (all socket communication 3DES encrypted with a zero-knowledge proof SRPP [stanford.edu]), written in Java, that runs on Linux, Mac, and Windows. It was developed for the hedge fund industry in Boston. I developed it initially, but it's mainly being maintained, not developed further because we don't receive any new feature requests.

Don't let the extensive features fool you. It's primarily a secure, threaded IM system. The other features were added (email gateway, auto-forwarding to email, embedded web browser with sophisticated tagging engine) based on its being used *very* heavily every day and requests coming from highly advanced users of the system.

There is also a Firefox plugin that integrates with it, as well as a pure ajax client written in the Eclipse Rich Ajax Platform.

Feel free to contact me personally for any details or help setting it up. The release on sourceforge assumes fairly good technical abilities (building it from ant, getting xulrunner to work with javaxpcom) and is not a general packaged release. However, it is running many places in production.

suprasphere@gmail.com

David Thomson

Why OSS?

[kuzb]

Why does it have to be opensource? Do you intend to develop code/patches for it?

Re:

[Loibisch]

Maybe not now, maybe he might later if the whole project goes under.

Re:

[geekoid]

A) If he really wants security he is going to want to look at the code.

B) Maybe he wants to support the philosophy?

C) You are protected against forced upgrades.

D) You will always be able to get support. Worse case that will mean hiring someone to add the feature you want.

E) Cost.

F) Longevity.

XMPP with TLS and (optionally) GPG/PGP

[Enleth]

You can setup the thing completely in-house (you don't have to trust a contractor), or you can opt for a canned solution (for example Jabber, Inc., http://www.jabber.com/ [jabber.com], they do provide everything for big and small companies, and are backed by Cisco). It uses SSL/TLS for secure connections both between clients and servers (C2S) and between separate servers (S2S), with full support for certificate authenticity checking, and even PGP/GPG encryption between the users, should they need to exchange really confifental data that even a rogue company server admin shouldn't be able to intercept (message encryption, pretty rare among proprietary protocols, but happens), or be sure that joe.the.boss@company.com is really Joe, their Boss, and not someone who just happend to "borrow" their laptop at the airport (signed presence, something, AFAIK, no other protocol provides). There are XMPP servers and clients for almost every platform possible, open-source or commercial, the protocol is open and approved by IETF for IM-style communication.

I won't give you any specific names, but I believe it wouldn't be very difficult to find a few *very* big companies using XMPP to prove to your boss that it's being used like this by big players in the industry.

And, frankly, that's the only open solution to your problem.

Zimbra

[sfbiker]

Check out Zimbra [zimbra.com]

It can replace your Exchange server for email, has an XMLPP IM server built-in, and is much more cost effective and easier to administer than Exchange.

Re:

[account_deleted]

Comment removed based on user account deletion

OpenFire Jabber server

[Nicodemus]

I would recommend the open source OpenFire [igniterealtime.org] server. Install it on your own server, then set the preferences to force SSL connections. Then communicates passed between clients on any platform are SSL encrypted. Turn off local client logging for better security. Beyond that, it's all client-side stuff that doesn't port as well.

Nicodemus

Spark/Openfire?

[chiger_bite]

I have been a fan of the Spark Client and Openfire Server [igniterealtime.org] as an IM platform for quite sometime. They are built on the XMPP and Jabber protocols. After being in a corporate environment before, I know it's hard to convince management to go with an OSS solution as they seem to think that if it doesn't have a price tag, it's not secure. The Spark/Openfire platform come in an 'Enterprise' flavor with support to appease management as well. Both the client and server are built on a plug-in style architecture, so it's pretty easy to include your own software add-ins. There are really too many features for me to really go into though.

I don't think Pidgin

[morgauo]

Pidgin's a great client for personal use. I use it and like it a lot.

Sure, they can set up a Jabber server of their own, then connect to it with Pidgin and use one of the encryption plugins for security but I doubt an organization that is concerned about secure IM is going to be interested in a solution with so much possibility for the users to start adding their own personal, outside, public IM accounts.

I would say Jabber server with any jabber only client which supports encryption and can have it's confi

We use Pidgen

[FreeBSD evangelist]

Multi-platform =and= multi-protocol.

jabberd/jabberd2

[defsdoor]

I run half a dozen jabberd servers (and one jabberd2) and use PSI on windows machines for clients. I also generate the user rosters myself with some nifty scripts so that users always see everyone else in the companies.

Don't waste your money on open source

[Antique Geekmeister]

In this case, for once, I have to say just use a commercial solution. Maintaining your own servers is expensive, and supporting it is a headache your IT people don't need. Just go with Skype if you want video and free phone service as well, that is very multi-platform. It's not open source, I admit, but it works well.

Re:

[Bert64]

Using a third party external server could open up legal implications... You really don't want your private internal correspondence going outside of the company network.

Jabber/XMPP

[mnslinky]

At our office, we were using IRC for many years. We recently rolled out a jabber/xmpp server, Openfire, and associated clients for the users' platforms. It's secure, and full-featured.

XMPP based

[OrangeTide]

Anything that is Jabber/XMPP based will support a wide range of clients and has the ability to use SSL. You not only can encrypt SSL traffic, but a good server will allow you to require clients that connect to have a known and valid certificate. And the server must have a certificate that is known to the client. It's only as secure as your process of distributing the certificates.

For a client there are many. Coccinella [coccinella.im] has a nice whiteboard features that I have found useful in the corporate world. But Pidgi

Are you joking?

[pak9rabid]

Are you serious?? Openfire [igniterealtime.org] for the XMPP (aka Jabber) server, and Pidgin [pidgin.im] for the client. If setup correctly, you can force SSL/TLS encryption. I've implemented this at my company and it's rock solid. Beats the hell out of any proprietary solution you'll find, if IM is your main goal. I'd recommend setting up XMPP service DNS records for your domain for a really slick implementation.

Jabber...

[Bert64]

Use a Jabber server, there are many out there, and it also offers the benefit that you can split the service up into subdomains, ie your larger sites have their own local jabber server but can communicate with the others, so you have for instance:
user@newyork.yourcompany.com
user@london.yourcompany.com

You can also open it up to the outside if you want, and you can also make people's jabber id's match their email addresses...

For clients, being an open standard you have a huge choice of clients, pidgin is good

Google.

[cephalien]

I'm willing to take the -1, Flamebait on this:

Did you even -think- about trying, oh, say, a web search on this?

Google is pretty good, I suggest you try it.

What a pointless Ask Slashdot.

Re:

[SuperQ]

Goog apps for your domain works really well, and since it supports jabber clients/federation, it's really flexible about what you connect. There are a few enterprise features like "warn user if contact is not on your domain" and forced encryption.

gale

[John Meacham]

there is gale [gale.org] which is secure, protocol based, distributed, and quite nice all around.

CenterIM is the way

[pngwen]

I use CenterIM, formerly called CenterICQ.

It's ncurses based, so it runs in any real computation environment. It supports Yahoo, ICQ, AIM, MSN, Jabber, IRC, Google Talk, Live Journal, RSS feeds and more!

It's a wonderful client, tiny footprint, and it runs where programs belong, on the command line!

Re:skype

[Zsub]

Skype? Since when is Skype secure man?! Have you read Slashdot [slashdot.org]?

Re:skype

[morgan_greywolf]

Read? Who reads anything on here? I only post.

Re:

[philspear]

I suppose it's a question of "How secure does it need to be?" If it's launch codes, then I would be uncomfortable with any IM type exchanges, send a messenger in a tank for that. If the company we're talking about is "Del Taco corporate offices" then Skype is probably "secure" enough that Taco Bell wouldn't bother.

I'd be curious as to the general consensus as to what the chances that if say Pfizer were to be communicating trade secrets via skype or messenger, that those messages would be stolen by another

Re:

[GodWasAnAlien]

"More Skype security Speculation."

Do you have any evidence that the Skype protocol is secure?

Note, Obscure != Secure.

Re:

[devjj]

Does this mean we can finally stop arguing about whether or not Mac OS X's marketshare helps it remain "secure"? I kid...

Re:skype

[MrNaz]

Holy crap! You're a genius!

Tomorrow I'm going to go to the office and disguise the server rack as a refrigerator. Then my data will truly be safe, because even if a hacker does get in, he'll never believe there's any valuable data in a cheese sandwich.

!speculation

[tripmine]

Not speculation [slashdot.org]

Re:skype

[The Moof]

next time try to read more than just the title

But my "Slashdot User's Handbook" says I'm not supposed to!

Anyway, I was wondering if there was any papers or anything to follow up that post. Something that would move it from speculation to truth. There's some papers in the comments linking to notes about obfuscating against reverse engineering. The last sentence just said the Austrians claim they can easily listen into the conversations.

Re:skype

[s4m7]

But my "Slashdot User's Handbook" says I'm not supposed to!

Ha! Nobody's read the handbook!

Re:There is only one true IM client

[eln]

talk requires a terminal that can handle curses (vt100 or similar). This creates a barrier that's simply too cumbersome. I would suggest using write instead.

If encryption is needed, I would suggest rot13. For double encryption, rot26 can be used. Or, you could do what they did in WWII and "encrypt" by using an obscure language that few outsiders are likely to be able to decode. Since getting your coworkers to learn Navajo is probably out of reach, I suggest Pig Latin.

Really, I think the submitter is making this harder than it needs to be.

Re:

[dgatwood]

I know you're kidding, but since the write command does not involve the network in any way, it is precisely as secure as the server admin is trustworthy. No encryption is needed. Now that telnet connection to the server, on the other hand.... :-D

Re:

[clone53421]

Nah, if you're really hardcore you'll tattoo your messages onto the heads of couriers. If you need to make a secure transmission, you just have to wait for their hair to regrow.

Re:

[0xABADC0DA]

Since getting your coworkers to learn Navajo is probably out of reach, I suggest Pig Latin.

Or if that's too oringbay maybe 'Ruddfuckers'... that's where you pranstose the first tetler of pomcound words with the next part (also words with frepixes). It takes a while to gifure it out though...

Re:

[infinityxi]

I would really not want to use Skype for anything more than personal use, especially not company use. It might be a good program (matter of opinion) and it might have decent voip but then again the guy asking could have easily went with using AIM, Yahoo, or GTalk. It sounds like he wants to use something more suited to IM and for a company you should really want to have control over accounts, usernames, and compliance and I don't think Skype is good enough for that.

As for the security issue. I am sure it is

Re:

[dvice_null]

If one client can do that, then the server seems to have an issue. But Miranda should not be there because it is not cross platform as was requested.

Re:

[LingNoi]

Why would you want to pay for IM when there are so many good IM clients and servers you can use for free? It's like paying for a web browser, just doesn't make any sense.

Re:

[Bert64]

IRC clients have been text based for years, text based clients predate all these horrible gui based irc clients and are still widely used.

Re:

[Bert64]

Asterisk will do it if you're using SIP...
It can also compress the voice chat session using GSM compression or similar to save space.