With the recent removal of the 140-character limit in Direct Messages by Twitter, DM's have now become a much more useful platform for communicating between individuals and groups. Sadly, DM's are still sent in plaintext between users and Twitter has no plans currently on encrypting these messages, at least as of August 2015. Since these are stored in plaintext at rest, an adversary can see the content of the message you are sending, which the two parties might not wish to happen. Fortunately as a few applications with basic Twitter support which also have excellent support for OTR, all hope isn't lost and it is possible to have the dream of end-to-end encrypted DMs, without the headache that copying and pasting PGP messages might bring.
In a previous version of these instructions I wrote on how to set up Adium and Pidgin as standalone clients for Twitter+OTR. Sadly due to problems with the Twitter libraries in each of these respective clients, this is near impossible as of 2015-08-31, but can be fixed in future versions.
Below are guides for setting up your Twitter account in Bitlbee, which will allow you to connect to it with a client of your choosing. I've tested out sending messages between two twitter accounts I control in each of these clients following these steps.
Before we get to the instructions, I want to make it absolutely clear that doing this protects the content that is being sent in each DM. The following is still possible to view by Twitter:
- Whom you are exchanging messages with
- What times the messages are being sent
- The overall length of the conversation
- What IP addresses were accessing each Twitter account
Unless the two parties are taking clear steps to anonymize these (like using throwaway Twitter accounts, tied to a throwaway email address, connected to only using Tor), an adversary can still figure out that Akiko is talking to Boris.
Also, I would like to note that the below clients can only currently handle a two-way conversation as mpOTR isn't implemented in these applications yet. So for the time being, your group chats will still be sent in plaintext.
Difficulty: Advanced
Note: Bitlbee isn't a stand-alone client like the Adium and Pidgin, but an IRC<->IM gateway. You will need an IRC client which has OTR support to connect to the Bitlbee gateway to send encrypted DMs. Pidgin, Adium, Weechat with the otr.py script, and irssi-otr all have OTR support for IRC, and have decent communities that can help if you run into any snags
- Install Bitlbee -- should be in your package manager on Linux, for other platforms (like Cygwin or OS X), you will need to compile from source.
- Once Bitlbee is installed and configured to your liking, connect your IRC client to it -- Instructions for how to do this in Pidgin and Adium are below. Scroll down to set up your clients if not already set up!
- Type
register $passwordwhere $password is a unique password that only you know. This is used for persistance between connections to Bitlbee - Type
account add twitter $usernamewhere $username is the username of your twitter account - Type
account listto list all the accounts you have set up in Bitlbee. This will give you a list of numbers, take the number that is next to your twitter username. If you haven't configured any accounts, the number will be 0 - Type
account $number onwhere $number is the number from Step 5. - Bitlbee will now try to connect to your twitter account, which will send the URL to authorize this as a Twitter client in a PM buffer. Click that URL to proceed.
If a connection to bitlbee is lost, you can always reconnect with your client and type identify $password where $password is the value you set during Step 3 of the Bitlbee instructions.
Difficulty: Easy
- Download and install the following:
- Pidgin from https://pidgin.im
- If on Windows, download the OTR library for Pidgin. Linux should include the library by default.
- After all of these are installed, start Pidgin
- Click
Accounts->Manage Accounts-- this will bring up the Accounts window - In the Accounts window, click the
Addbutton - In the Add Account window, change the
Protocoldropdown toIRC - Enter in the
Usernameyou set up with your Bitlbee instance. This will likely be your username. - Under the
Serverfield, enter inlocalhost-- this is assuming that you are running bitlbee on the same box as your chat client - In the Advanced tab, change
Portto the value you specified in your bitlbee configuration file (default is 6667) - Click
Add
From here proceed with step 3 in the Bitlbee instructions
Difficulty: Easy
- Download the latest version of Adium from https://adium.im -- Adium includes OTR support out of the box
- Click
Adiumin the Menu Bar, then clickPreferences. This will open the Preferences window - Click on
Accounts, then click on the+Menu at the bottom, then selectIRC - Enter in your username into the
Nicknamefield - Enter in
localhostinto theHostnamefield - Under Options, change
Portto the right number (6667 is the default) - Click
OK
From here proceed with step 3 in the Bitlbee instructions
Find a friend that has followed these instructions, and DM away! "Easy" right?
Okay it's a little finicky to deal with and set up I admit, but this is the best options we have at the moment. If you want OTR (or a better protocol like TextSecure) to be supported and widely adopted, lobbying Twitter and developers of third party clients is necessary.
This work is licensed under a Creative Commons Attribution 4.0 International License.
Bitlbee actually has OTR support, so using something like irssi-otr isn't needed.