Avoid giving out private information

Not all of the instant messaging providers are ensuring complete encryption of the communication exchanges between their users, according to a recent survey conducted by CNET.com, a technology-oriented website.

The survey respondents were: AOL AIM, AOL ICQ, Facebook Chat, Google Talk, IBM Lotus Sametime, Microsoft Windows Live Messenger, Skype and Yahoo Messenger.

One of the 10 questions asked in the survey pertained to a ‘yes or no’ query on whether the IM provider shields its users from eavesdropping. The survey found that complete encryption was provided only by the following providers: Google Talk, Lotus Sametime from IBM, AOL Instant Messenger and Skype. 

The other systems provided only partial security, mostly in assuring secure log-ins (except Facebook Chat). This implies that after an instant messaging connection has been established the conversation that follows is not protected.

The importance of encryption cannot be overstated. In the case of people who have open wireless Internet, an eavesdropper can easily intercept their unencrypted instant messages by using dSniff or similar software which can be downloaded for free.

Police authorities may intercept without difficulty and decode unencrypted instant messaging chats with the use of software sold by WildPackets. This is usually done in wiretap conditions and could include VoIP calls and e-mail.

CNET emphasizes the point that while encryption is crucial, there is no guarantee that it is sufficient. There is the possibility that the encryption system can be compromised because of a poorly constructed algorithm, for example, or errors in implementation. On the other hand, having encryption is much better than having none at all.

Facebook Chat was included in the survey. The company, however, refused to participate whereas all the other companies gave answers to the 10 questions without making a big fuss. The survey team reported that as far as they could determine, Facebook Chat did not provide security for logging in (implying that a competent eavesdropper glean a user’s password) and for the conversations.

The survey respondents also assured that they do not keep content logs of their users’ IM communications. Some of them kept records of user log-ins, but these were stored for a limited time only.

Safety Tips:

* Avoid giving out private information like passwords and credit card data on instant messages.
* Remember strangers you meet online are not necessarily the persons they say they are.
* Provide no data in your IM online profile; if the system requires you to fill in data, it is best to place fictitious data.
* Use a different password to your IM system from the password to your system or e-mail.
* Do not allow automatic downloads.