How to send a #password securely over an unsecured #connection

A relatively common task for me as a hacktivist is to set up secure #communication channels for technologically innocent newbies. I could of course explain to them how #GPG works, but this often fails due to the lack of will to understand and download and install the programs. Very often I use #XMPP server inside the #onion network (TOR) for #communication. The target must install the Tor #browser for this and can then use an XMPP web client. I can set all that up. The only problem is how do I send the authentication data for the XMPP access securely over an unencrypted connection?

I use #PrivateBin for this #problem: https://privatebin.info

PrivateBin is a #PastBin with encryption and burn after reading features. I post a message on PrivateBin with all the information and burn after reading. The message is encrypted and can only be decrypted with a parameter send together with the URI. The URI can look like this:

https://privatebin.net/?55ac2c8792cb12b9#3fQw1R8SAAQUUGsoa7nDdkYwq34Pzw6GQeSA56v5nusq

If the user can log in, then the authentication data has reached him without being compromised. After that, everything else can be discussed over an encrypted connection. If the user cannot log in, the data may have been intercepted. If you operate the PrivateBin server yourself, you can see which IP has accessed it. You should change the XMPP server and create new authentication in this case.

It can happen that with a weak internet connection the page cannot be loaded completely and when you press reload, of course it doesn't work because the page only works once due to the "burn after reading". Then you have to send the whole thing again with a newly generated URI. But if this does not work several times you should be very careful. Secret service agents like to play the fool in order to tempt you to use unsecured communication channels that are easier for them to wiretap.


#wisdom #knowledge #internet #instruction #security #privacy #surveillance #encryption