Using Pidgin

Before you can start using Pidgin, you must have an existing IM account with one of the providers listed above. You must type your IM login details into Pidgin.

Note: If you do not have an existing account registered with one of the providers listed above, and would like some help to do so, please refer to section 4.1 How to Create a Google Talk account.

2.1 How to Create a Pidgin account

Step 1. Select: Start > Programs > Pidgin to run Pidgin.

Figure 1: The Pidgin Buddy List Welcome screen

Step 2. Select: Accounts > Manage to activate the Accounts screen as follows:

Figure 2: The Accounts screen

Step 3. Click: to activate the Add Account screen as follows:

Figure 3: The Add Account screen displaying Basic and Advanced tabs

Step 4. Click the Protocol drop-down list to view supported messaging service protocols as follows:

Figure 4: The Add Account screen displaying the Protocol drop-down list

Step 5. Select the protocol that corresponds to your account.

Note: Different IM service providers will display their specific text fields for you to fill in. Some of them are automatically filled in (for example, if you select Google Talk, both the Domain and Resource text fields are completed for you). However, all services require that you enter a screen name, local alias and a password.

Step 6. In the Screen name field, type in your email address, (for example, terence.thetester@gmail.com)

Step 7. In the Password field, type in your password for this specific account.

Step 8. In the Local Alias field, type a nickname you would like to be identified by. (This field is optional.)

Important: Check the Remember password option if you want Pidgin to remember your password. However, to optimise privacy and security, it would be better to leave this unchecked, so that Pidgin will prompt you for your password whenever you connect. This way, other people are prevented from logging in and pretending to be you, when you leave your computer unattended for a period of time. Also, remember to exit or quit Pidgin when you have finished your messaging session!

A completed Add Account screen would resemble the following:

Figure 5: Example of a Completed Add Account form

Tip: Google Talk, IRC, SILC and XMPP clients can easily request an encrypted connection. Please read section 4.2 How to Enable a Secure Connection for more details.

Step 9. Click: to complete adding your account. This will simultaneously activate the updated Accounts screen and the Buddy List screen as follows:

Figure 6: The Accounts screen updated Figure 7: The Buddy List screen in Active mode

After you have completed these steps, you are ready to add IM contact information for your friends (or "buddies," as they are referred to in Pidgin).

2.2 How to Add a Buddy

Step 1. Select: Buddies > + Add Buddy as follows:

Figure 8: The Buddy List with the Buddies menu activated

This will activate the following screen:

Figure 9: The Add Buddy screen

Step 2. Select your account, where you are using the same messaging service as your 'buddy'.

Note: Both your buddy and yourself must be using the same messaging service, even if he/she is not using Pidgin. For instance, if you have only added a Google Talk account to Pidgin, you cannot add a buddy who uses MSN or Yahoo to this account. However, you can register and use multiple accounts simultaneously in Pidgin, thereby chatting with one buddy over Google Talk and with another over Yahoo or MSN.

Step 3. In the Screen name field, type in your buddy's email address. (Remember: In Pidgin, a Screen name generally refers to an email address.)

Step 4. In the Alias field, type in a nickname for your buddy.

Step 5. Click:

Note: After you have added a buddy, a message will be sent to him/her requesting his/her approval and authorisation for your request.

Figure 10: The Authorize buddy confirmation dialog box

After your buddy has authorised the request, he/she should follow similar steps to request your account.

Figure 11: The Add Buddy screen displaying buddy information

You will receive an authorisation request from them as follows:

Figure 12: The Add Buddy screen

Step 6. Click the Authorise button and your buddy will appear in the Buddy List as follows:

Figure 13: The Buddy List screen featuring a newly created buddy

2.3 How to Chat with Your Buddy

Step 1. Right-click on your buddy's name to activate a pop-up menu listing all the tasks you can perform as follows:

Figure 14: The Buddy tasks menu

Step 2. Select IM from the pop-up menu to activate a chat window as follows:

Figure 15: A typical chat window in Pidgin

Now you're all set to chat with your buddy using Pidgin. However, you must perform a few more steps to ensure that your chat sessions will be private and secure.

How to Secure Your Chat Session with OTR

Both communicating parties need to install and configure the OTR plugin before they can have private chat sessions. Pidgin automatically recognizes when both of you have the plugin installed and configured. If you request a private conversation with a friend who has not yet installed OTR, a message will be sent to that person explaining how they can obtain the plugin.

3.1 How to Enable the Pidgin-OTR Plugin

Enabling the Pidgin-OTR plugin is the first step towards having private and secure messaging sessions. To enable the Pidgin-OTR plugin, perform the following steps:

Step 1. Select: Tools > Plugins in the Pidgin Buddy List window as follows:

Figure 16: The Tools menu with Plugins selected

This will activate the Plugins screen as follows:

Step 2. Scroll down to the Off-the-Record Messaging option, then check it to enable this feature.

Figure 17: The OTR Plugins screen with Off-the-Record Messaging selected

Step 3. Click: to begin configuring the Off-the-Record Messaging screen.

3.2 How to Generate an Encryption Key

Secure chat sessions in Pidgin are enabled by generating a private key for the relevant account. The Off-the-Record configuration window is divided into the Config and the Known fingerprints tabs. The Config tab is used to generate a key for each of your accounts and to set specific OTR options. The Known fingerprints tab contains your friends' keys. You must possess a key for any buddy with whom you wish to chat privately.

Figure 18: The Off-the-Record Messaging screen displaying the Config tab

Step 1. To optimise your privacy, check the Enable private messaging, Automatically initiate private messaging and Don't log OTR conversations options in the Config tab as shown above.

Step 2. Click: to begin generating your secure key. Shortly, a screen notifying you that a private key has been generated appears as follows:

Figure 19: Generating private key screen

Your buddy will need to perform the same steps on his/her own computer.

Important: You have now created a private key for your account. This will be used to encrypt your conversations so that nobody else can read them, even if they manage to listen in between you and your buddies. The fingerprint is a long sequence of letters and numbers used to identify the key for a particular account. It resembles the following:

Fingerprint: 55A3638C 5DCF5BB8 0C7A2815 70DA5122 06507354

Pidgin automatically saves and verifies your and your buddies fingerprints, so that you will not have to remember them.

3.3 How to Authenticate a Private Conversation

There are 3 short steps involved in ensuring the security and privacy of your conversations.

• The first step, which we have just completed in section 3.2 How to Generate an Encryption Key, involves creating the key for your account.
• The second step requires you and your buddy to request a secure conversation.
• The third step is about verifying that your buddy is actually the person who you think he/she is. This process of confirming another person's identity is known as 'authentication' in Pidgin.

3.3.1 The Second Step

Step 1. Double-click on the account of a buddy who is currently online to begin a new IM conversation. If both of you have the OTR plugin installed and properly configured you will notice that a new OTR icon appears at the bottom of your chat window.

Figure 20: A Pidgin chat window displaying the OTR icon

Step 2. Click: to bring up a menu and select: Start private conversation

Your chat window will display the following message:

Attempting to start a private conversation with user@example

user@example has not been authenticated yet. You should authenticate this buddy.

Unverified conversation with user@example started.

and the OTR button will change to look as follows:

This means that you can now have an encrypted conversation with your buddy. However, this conversation is not verified. Your buddy may actually be someone else sitting behind that computer, or someone pretending to be your buddy. Here you will need to share a secret code word (pre-arranged earlier) to authenticate each other.

3.3.2 The Third Step

In order to authenticate your buddy in Pidgin, you will need to perform one of the two identification methods. You could authenticate each other by a code word, or by a question & answer process.

Using a code word for authentication

You can arrange a code word in advance, either by meeting each other in person or by using another communications medium (like a telephone, voice chat by Skype or a mobile phone text message). Once you both type in the same code word, your session will be authenticated.

Step 1. Right-click the OTR button in the chat window, then choose Authenticate Buddy as follows:

Figure 21: A Pidgin chat window displaying the OTR icon

An Authenticate Buddy window will pop up prompting you to choose the method for authentication.

Step 2. Click: on the drop-down menu and select: Shared Secret

Figure 22: The Authenticate buddy screen

Step 3. Type in the secret code word (it is case sensitive) and click the button.

Figure 23: The Shared Secret screen

Your buddy will see the same window at his/her end and will have to enter the same code word. If they match, your session will be authenticated.

Once the session is authenticated, the OTR button will change to . Your session is now secure and you can be sure that you are really speaking with your buddy.

Using the question & answer for authentication

If you cannot share a code word over an alternative channel, then you have another option for authenticating each other. Create a question and an answer to it. Your buddy will receive the question and if their answer matches yours, you are authenticated. Obviously, the answer will need to be typed in exactly the same on both ends.

Step 1. Right-click the OTR button in the chat window, then choose Authenticate Buddy as follows:

Figure 24: A Pidgin chat window displaying the OTR icon

An Authenticate Buddy window will pop up prompting you to choose the method for authentication.

Step 2. Click: on the drop-down menu and select: Question and Answer

Figure 25: The Authenticate buddy screen

Step 3. Enter a question and an answer to it. The question will be sent to your buddy. If their answer matches yours, the authentication will be successful.

Figure 26: The Questions and Answer screen

Once the session is authenticated, the OTR button will change to . Your session is now secure and you can be sure that you are really speaking with your buddy.

Congratulations! You may now chat privately. The next time you and your buddy chat (using the same computers), you can skip the first and third steps, above. You should only have to request a secure connection and have your buddy accept it.

Notice that when you Select: Buddy List > Tools > Plugins > Off The Record Messaging > Configure Plugin, the Known fingerprints tab now displays your buddy's account and a message that their identity has been verified.

Figure 27: The Off-the-Record Messaging screen displaying the Known Fingerprints tab

Creating a Google Talk Account

4.1 How to Create a Google Talk account

To create a Google Talk account, perform the following steps:

Step 1. Open your Internet browser and go to the Create Google Account page.

Figure 28: The Google Registration web page

Step 2. Type in the necessary registration details.

Note: In the Desired Login Name: field, type in a name for your email address/account. For reasons of anonymity and confidentiality, it should, ideally, not correspond with your first and last names.

Step 3. Click the Check availability button to see if your desired login name is available. If it is not, you might have to come up with something a little more original!

Step 4. Click to accept the conditions and create your Google Talk account after completing all necessary fields.

4.2 How to Enable a Secure Connection

Users who register and use Pidgin with a Google Talk, IRC, SILC or an XMPP compatible service, can configure Pidgin to use a secure connection, otherwise known as the Secure Socket Layer (SSL) or Transport Layer Security (TLS).

In the Basic tab in the Add Account screen:

Step 1. Select your IM provider, and fill in the required details, then click the Advanced tab.

Figure 29: The Modify Account screen displaying the Advanced tab

Step 2. Check the Require SSL/TLS to automatically enable a secure channel over which your messaging session can take place.

FAQ and Review

Q: I shut down Pidgin last night. Today, when I launched the program again, I did not see any of my contacts, even though I knew they were online.

A: This happens sometimes if your account was not shut down properly (the Internet connection was dropped or your computer had crashed). You need to re-enable your account. To re-enable your account Select: Accounts > Add/Edit menu and check the box next to your account.

Figure 30: The The Accounts screen with a re-enabled account

Q: Can I use Pidgin-OTR to chat with friends in both MSN and Yahoo?

A: Although Pidgin-OTR supports a number of chat and messaging services, you have to use the same provider to initiate an IM session with your buddy. You both need to use an MSN or a Google Talk account for example. However, in Pidgin you can register and be online with several IM accounts simultaneously. That's the beauty of using a multi-protocol IM client.

Q: What would happen if I had to access my Pidgin-OTR account on another computer?

A: You would have to generate a new private key to use with your IM account on that computer. You can start a conversation with your buddy using this new key, but you will need to authenticate your session again.

Q: What if I forget the login password for my IM account? Or what if someone steals it? Will they have access to my past and future conversations?

A: This is a very important question. First of all, if you forget your login password, you will have to generate a new IM account. Then, you can tell your friend about the new account by telephone, Skype voice-chat, or secure email. Finally, you should create a new, authenticated session with him/her. If however, someone steals your IM password, that person could try to impersonate you when using Pidgin. Luckily, he/she won't be able to authenticate the session without your shared code word, and so your buddy should be alerted and become suspicious. That's why authentication is so important. Furthermore, if you followed the instructions above and set the recommended preferences in the OTR 'Config' tab, then even someone who steals your password won't have access to your past conversations, since you chose not to record them.

5.1 Review questions

• What are the requirements for creating an account in Pidgin?

• Is it possible to register and use several instant messaging accounts in Pidgin at once?

• What are the requirements for having a private and authenticated chat session in Pidgin?

• How many times do you need to 'authenticate' your chat session with a given buddy?

• What is a fingerprint in Pidgin?

• What will happen to your OTR preferences (including received keys' fingerprints) when you install Pidgin and OTR on another computer?