Ask HN: Instant Messaging for the paranoid?

21 points by palish ↗ HN
I'd like an IM client which supports:

- persistent logging (no matter which computer I'm on, all logs from all conversations are available)

- encrypted logging (unless I enter some passphrase, no one can read my logs)

- the ability to turn off logging for a specific conversation

- the ability to edit / delete parts of log files and have those changes eventually reflect to all other machines, Dropbox-style

- multi-service (AIM, MSN, Yahoo, Gtalk, perhaps IRC too?)

Does such a thing exist, or some combination of plugins exist to achieve the same?

22 comments

[ 4.3 ms ] story [ 49.7 ms ] thread
Doubt an OOTB solution exists, but you could probably cook something up with irssi or WeeChat and BitlBee. Just run it on a machine with system-level encryption.
If you can edit the logs, what is the use of maintaining them? I can understand deleting part of the log, but editing?
Something is said that he/she wants 'stricken from the record?'
That is the deleting part (I believe their can be two options, one to delete without any mark and one which inserts "some text missing" sort of message wherever there is a deletion).

But if you have the ability to edit the logs (like changing my 3 line reason as to why I don't like you to a plain and simple "I hate you"), it will end any reliability in the logs.

He isn't really looking for reliability in that sense as far as I can make out
If you are on a Mac, I would look into Adium [1]. It provides the multi-service functionality that you're looking for, which is probably the hardest part of the entire operation.

Persistent logging and the ability to synchronize your edits could easily be accomplished by storing your logs in a Dropbox-synchronized folder.

The logging changes that you are looking for could easily be done by modifying the Adium source code (it's an open-source project) to suit your needs. Unfortunately, this will require that you dive into the Objective-C yourself, as I do not know of any plugins that make this happen.

1: http://adium.im/

I like this suggestion. Obtain dropbox-like features by leveraging dropbox.
Pidgin provides quite a few hooks for shell scripts, you could pretty easily make a shell script to use GPG to encrypt the log files, push them to Dropbox and sync whenever your im session starts/ends.
Why would you want all this log encryption if the actual IM exchange itself lacks privacy?

I could understand encrypting the logs to protect them in the event of a computer loss or some such, but I can't quite fit in the need for selected logging and editing. AOL, Google and Yahoo still have a complete copy of all your IMs.

I suppose he is paranoid of his wife and or kids seeing his chats?
Yes of course. I want to be able to archive my steamy love "sessions" without fear of reprisal.

It couldn't possibly be that I am under NDA, and that I talk with coworkers primarily via AIM. Couldn't be!

If you are under NDA, you shouldn't really be using 3rd party centrally-relayed communication service with unspecified data retention policies (such as AIM) in the first place.
... The whole company uses it. Literally every employee.
You could GPG encrypt your communications. Ayttm (http://ayttm.sf.net/) has a GPG plugin. I don't know about pidgin but I'm sure it has one too. Of course, the other end needs to have GPG capability as well.
Lookup Off-The-Record messaging. Doesn't cover the kind of log encryption you're asking about, but it's what you want (instead of what you asked for) I think.
Suffering from a case of empty-nest syndrome (daughter is away for the holidays) so I am entertaining myself with this little problem.

I first installed TruCrypt and created a 100MB file inside of Dropbox with AES-Serpent-Twofish encryption.

Then I mounted the file as a volume, then installed Pidgin Portable on the volume.

Everything seems to work fine, and is self contained. - persistent logging [in dropbox]

- encrypted logging [log files are inside the pidgin directory, inside the encrypted volume]

- the ability to turn off logging for a specific conversation [OTR pidgin/adium plugin]

- the ability to edit / delete parts of log files and have those changes eventually reflect to all other machines, Dropbox-style [can edit log files which are stored as html, if needed]

- multi-service (AIM, MSN, Yahoo, Gtalk, perhaps IRC too?) [yup]

Key management is the only issue, as I have never used TruCrypt before, I will leave that as an exercise for the OP.

You. Rock.

That is all.

I'm kind of poor at the moment, but I could buy you a $20 book or something. Or just wire you $20.

Pidgin also supports off the record chatting, for the truly paranoid.
How well or poorly does Dropbox handle the TrueCrypt volume-as-file? I've hesitated to put such files on Dropbox out of concern for the burdens they might create (both on Dropbox and on my "bandwidth").
One of the features noted in the 1.0 release notes was improved support for TrueCrypt volumes. Some quick searching of the dropbox forums (http://forums.dropbox.com/topic.php?id=14332) seems to indicate the since TrueCrypt uses a block cipher, dropbox should be able to only synchronize the changes (it's probably more bandwidth than the files alone, but certainly much better than having to sync the entire volume each time).
screen (multi-user, persistent)

+ irssi (irc)

+ bitlbee (XMPP, ICQ, AIM, MSN, Yahoo, Twitter. OTR built in)

+ gpg (on-the-fly encrypted config and log directories)

it's a hacker's solution but it's not complicated to put together when you know your way around those applications.