While instant messaging has become one of the major communication tools besides email, security is almost zero. Skype is the only systems that boast with encryption - but nobody really knows what the skype code is up to.
Whenever other im systems like ICQ, AIM, yahoo messenger and msn are used the conversation can be spyed on with a simple packet sniffer. And perhaps even more important: the messaging service gets the cleartext of all conversation.
While some clients have encryption plugins using rsa or gpg encryption, most of these plugins like pidgin-encryption (formerly gaim-encryption) are limited to one im client. For a long time I had been looking for a solution that would work from my gnome pidgin/gaim to a friends kde kopete setup. A solution working cross-platform from windows to linux would be even better.

The Off-the-Record Messaging project aims to provide a solution by supplying a library that does all the encryption and signing without depending on a specific instant messaging client. Plugins for various clients connect the library to the requested platform. As far as I have found out there are plugins for kopete and pidgin/gaim. Mac OSX and trillian users can use a proxy for icq/aim.


Setting up the plugin for pidgin is straight-forward: in the plugin options we can create a keypair for each IM account. In the message window a new button beside the input box will appear. A single click tries to initiate a secure connection the the other side. If everything works correctly the button will change and the following messages will be encrypted.