Dies ist eine alte Version des Dokuments!
The Jabber-server of Systemli is maintained by a techie-collective belonging to the radical political left. The server itself is encrypted. Connections to the Jabber-server of Systemli are only possible with SSL-encryption. This means that your Jabber-conversations with other Systemli users (address ending in …@jabber.systemli.org) is completely encrypted through SSL. This equates the encryption standard of online-banking and is said to be safe. There are also other Jabber-servers: jabber.ccc.de of the Chaos Computer Club can be recommended as well as long as the SSL-encryption is enabled. (Advice: if you don't completely trust SSL (and/or the Systemli-peeps) and you wish additional encryption: use Off-the-record-encryption (OTR) or GPG additional to SSL: OTR/Pidgin http://www.cypherpunks.ca/otr/ . Here at Systemli we use it as well!)
Whoever tries to watch you can find out what times you go online encrypted with systemli.org. They can also see who else is doing this and when. They can monitor your encrypted traffic and make out if you use it more frequently at certain times. But they can't see who you are communicating with or about what. This results in very minor findings during a surveillance. (When using pgp-encrypted e-mails the findings are more interesting as they can see who you are talking to!) (Advice: if you don't want anyone to be able to find out when you are connecting to systemli.org and how much traffic you have, use the additional tool called TOR (see further down) to anonymise your conversations).
http://www.pidgin.im/download/windows/ or chose your corresponding operating system. (With Linux you can just use the general software download pool)
If you're techno-savvy enough you should check if you really downloaded the right software (when using Linux this is not necessary). If you're not…. pray to Bakunin that the cops or other fuckwits didn't just send you a fake Pidgin that turns out to be a 'federal trojan' (a spyware sent by the government).
Install Pidgin as your operating system demands it.
Protocol: XMPP User: choose a name that is random enough so you can't be identified through it Resource: leave that one blank (this is important as it could reveal information about your computer) Domain: jabber.systemli.org Password: insert your password here (special characters, numbers, upper and lower case; at least 12 digits long; don't use it for anything else). DON'T tick the box 'save password' (you should only ever consider this if your computer is completely encrypted). Rest: leave blank
Tick box: 'create this new account on server' and press 'Add'.
DON'T tick box: 'Allow plaintext auth over unencrypted streams'
Connect port: 5222 Connect server: leave blank [in case you use TOR you should insert the IP-address of the jabber server here (Command: tor-resolve jabber.systemli.org) In Windows you can find tor-resolve under %PROGRAMFILES%\Vidalia Bundle\Tor\] File transfer proxies: there is something pre-chosen but it's better to not use the possibility for file transfers. BOSH URL: leave blank Show Custom Smilys: why not,they're quite funny and useful
If you don't use TOR, you can leave this as it is. If you would like to use TOR, you firstly have to get it up and running: https://www.torproject.org/ Then adjust the settings as follows: Proxy type: SOCKS 5 Host: 127.0.01 Port: 9050 Rest: leave blank press 'Save'
sudo /etc/init.d/tor stop
If you lost the connection to the jabberserver after it, you set up tor and pidgin correct. Now you can start tor again and login to you jabberaccount:
sudo /etc/init.d/tor start
This is very important to do it right! If you got something wrong in the earlier steps, your jabber is quite likely to just not work. But if you make a mistake now, jabber works but you endanger you and other users!
Logging Tools → Preferences → Logging YOU HAVE TO TURN OFF ALL LOGGING!!! Make sure that non of the 'Log'-boxes are ticked. It is crucial that you do that before starting the first chat! Afterwards you can 'go online'
Now you get a message about a the SSL certificate. Look at the fingerprint before your first chat! Compare the SHA-1 fingerprint with the one you can see on https://www.systemli.org If the two fingerprints are similar, you can click on 'accept' or a respective button. Pidgin might tell you that it can't validate the fingerprint, but you can ignore that, as you have just done that yourself. The fingerprint expires at some point and a new one will be issued, which you can find under https://www.systemli.org/ or https://twitter.com/systemli. You will be notified before the certificate is renewed. At all times you can view the fingerprint of your account at: tools → certificate → info, to compare it with the ones displayed on the website. In case you are notified about a changing certificate and you can't find any hint on the Systemli website, please let us know immediately (mailto:firstname.lastname@example.org, you can find the pgp key on the website)!
To be able to encrypt your messages, download OTR (off-the-record-messaging) from this page: www.cypherpunks.ca/otr/ you will find it then in pidgin under 'tools' → 'plugins' enable the plugin 'off-the-record-messaging' close and restart Pidgin once you have added buddies, double-click on one of them as if wanting to write a message; go to 'conversation' → 'more' → 'OTR settings' and make sure that the box 'don't log OTR conversations' is ticked.
When you are online, you can add buddies to your list with 'Buddies' → 'Add Buddies'. If you are being added, you get a message asking you to confirm that buddy. To start a chat, double-click on the buddy. If the one you want to talk to is not online, you can leave a message that they will receive when they go online. Once the messages have been delivered, they are not on the Systemli server anymore. Because no-one uses logging (hopefully), the messages are gone after you have logged off from Pidgin. The one thing that remains on your computer though is the list of your buddies. If your computer is not completely encrypted and it gets confiscated/ stolen, who ever did it can access the buddy-list (including all of the infos your buddies have attached to their online appearance, and also anything you have renamed their nicks!). Therefore, please consider the following point!
https://systemli.org/jabber/, never anything different (like meebo, imo.im etc.).