Chat and IM sites

[porkar]

Can you wise people tell me if third parties, e.g. snoops, agencies, etc read your chat messages while you are online? Can they tap/bug your chat as they can tap your phone?

Can they read your saved messages without having physical access to your computer? Do IM providers save your messages?

 

[Rollyco]

IM providers routinely archive conversations and traffic logs for periods of time. Depending on your local laws, they may even be required to do so.

Law enforcement (LE) usually "taps" your IM conversations by requisitioning chat logs (what you said) and traffic logs (to whom you said it to) from the IM provider. Depending on your jurisdiction, the legal burden of proof to get a warrant from a judge might be less or more (or non-existent) for each type of log. Check your local laws. Here in the U.S.A., the administration is trying to make traffic logs of all types completely exempt from warrant requirements.

Bottom line is: if you want to keep the content of your IM conversations secret from LE "wiretaps" all parties must use encryption such as OTR. If you want to hide the fact that you are chatting with someone, you need to use something like TorChat.

 

[porkar]

Thanks for the info. When I reloaded my OS earlier this year I tried to read old chat messages that I had saved in Yahoo IM but they were no longer there so I guess Yahoo did not save them.

 

[Rollyco]

Just because you can't access your old conversations doesn't mean they're not archived by Yahoo somewhere on slow storage.

 

[Ceewan]

Can they tap/bug your chat as they can tap your phone?

It has been done before. A hard line can be tapped and monitored.

Further your average IM messages can be traced from point A to B. I admit I have not kept up with the new technology but old IM services were never made to keep you anonymous. They were created to be convenient methods of person to person communication on the internet. This means creating a direct link from your pc to another pc. There have been many attempts to keep such traffic secure and anonymous and they have been constantly and consistently thwarted in one manner or another.

Of course on the fly encryption is a decent solution, IMHO. PGP has made emailing secure by using such encryption methods, (and that is old school). In this matter all traffic coming and going from your computer would be encrypted and unreadable garbage without a specific decryption key. Of course it might be a good idea to be careful who you give your key to, you really never know for sure who is on the other end of phone.