Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Good Open Source, Multi-Platform, Secure IM Client?

Soulskill posted more than 5 years ago | from the real-time-tps-report-updates dept.

Communications 308

Phil O. writes "I work for a company with 30+ locations across North America. Some offices have hundreds of employees; some only a dozen. We're looking for a secure, multi-platform IM client we could implement across the organization. One group is pushing for Microsoft's solution, but it has a number of drawbacks (including cost). What other options are out there, and what has worked well in similar situations? Security is a big concern for the company."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered


Sametime (2, Insightful)

Anonymous Coward | more than 5 years ago | (#25588481)

IBM's Lotus Sametime is very good I think. No idea how much it costs though, probably not cheap and it isn't open source.

Re:Sametime (5, Informative)

enharmonix (988983) | more than 5 years ago | (#25588747)

We use sametime at my office and it's just like any other IM client I've used. Two points of note - it offers encrypted chats, and the collaboration tools (screensharing, etc.) work better than Microsoft's Messenger products. I don't doubt, however, that OSS can compete with this - I'd only go ST if you're already using Lotus Notes.

Re:Sametime (4, Informative)

Fackamato (913248) | more than 5 years ago | (#25588823)

We use sametime at my company, and it's piece of shit. When it works, it works. Often when someone types something in a chat and I click the minimized sametime window to reply, try to write something in the message box, and sametime freezes. Lots of hdd access of no apparent reason. We experience the same on all our machines (2GB RAM). Don't get me started on Notes 8...

skype (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#25588483)

skype is secure, free (as beer), feature full and efficient. Also has this new business plans.

Re:skype (5, Informative)

Zsub (1365549) | more than 5 years ago | (#25588631)

Skype? Since when is Skype secure man?! Have you read Slashdot [slashdot.org]?

Re:skype (1, Insightful)

The Moof (859402) | more than 5 years ago | (#25588779)

"More Skype Back Door Speculation ."

Not saying Skype is secure or anything, but do you have any hard evidence, or facts?

Re:skype (1)

Zsub (1365549) | more than 5 years ago | (#25588841)

Last sentence of my link, next time try to read more than just the title.

Re:skype (4, Funny)

The Moof (859402) | more than 5 years ago | (#25589025)

next time try to read more than just the title

But my "Slashdot User's Handbook" says I'm not supposed to!

Anyway, I was wondering if there was any papers or anything to follow up that post. Something that would move it from speculation to truth. There's some papers in the comments linking to notes about obfuscating against reverse engineering. The last sentence just said the Austrians claim they can easily listen into the conversations.

Re:skype (1)

Zsub (1365549) | more than 5 years ago | (#25589227)

That's true. I have tried to Google, but that is not really yielding satisfying results. I have come across several sites mentioning backdoors in the protocol or the program exploitable by government or someone else. Those are just rumours. However, via the Skype wiki [wikipedia.org] I found a website detailing the leaking of a German report [piratenpartei.de] to the German 'Piraten Partei'. I have read it and it seems to be a quote of sorts for "Skype-Capture-Software" and several options, including SSL decoding and the installation of it all. It also mentions two proxy-servers to hide their own IP adresses, but there is no price given. So all in all, this -- as far as I could find -- is the most concrete evidence supporting that Skype is in fact not secure.

Re:skype (2, Insightful)

GodWasAnAlien (206300) | more than 5 years ago | (#25588927)

"More Skype security Speculation."

Do you have any evidence that the Skype protocol is secure?

Note, Obscure != Secure.

Re:skype (1)

philspear (1142299) | more than 5 years ago | (#25589195)

I suppose it's a question of "How secure does it need to be?" If it's launch codes, then I would be uncomfortable with any IM type exchanges, send a messenger in a tank for that. If the company we're talking about is "Del Taco corporate offices" then Skype is probably "secure" enough that Taco Bell wouldn't bother.

I'd be curious as to the general consensus as to what the chances that if say Pfizer were to be communicating trade secrets via skype or messenger, that those messages would be stolen by another pharmecutical or other entity? Or is "secure" more for preventing computer systems from being compromised by hackers or viruses rather than competition? It's all good to say that the australian government can listen in on your skype conversations, but aside from your rights being eroded, what are some of the more tangible risks?

Re:skype (0)

Anonymous Coward | more than 5 years ago | (#25588635)

Skype has backdoors and Austrian government bragging about how they use it. Why would you think others cannot use these backdoors too?

Anonymous Coward (5, Informative)

Anonymous Coward | more than 5 years ago | (#25588493)

Jabber server, pidgin clients, and http://pidgin-encrypt.sourceforge.net/ for security. Really it's a shame this even made it to slashdot. Can't anyone google anymore?

Google? (-1)

Anonymous Coward | more than 5 years ago | (#25588995)

can't anyone what?

Re:Anonymous Coward (0)

Anonymous Coward | more than 5 years ago | (#25589125)

openfire / spark... is the way to go!

There is only one true IM client (1, Funny)

Anonymous Coward | more than 5 years ago | (#25588495)

talk [wikipedia.org]

Re:There is only one true IM client (1)

ReverendLoki (663861) | more than 5 years ago | (#25588837)

Ah, I miss the heady days of using talk at a phosphorescent green terminal. Modern IM clients should show text as it is being written! However, my mind shudders at trying to read a screen divided to allow a conversation of even 10 users.

Re:There is only one true IM client (1)

Captain Spam (66120) | more than 5 years ago | (#25589141)

ICQ used to allow that, as I recall. And, coincidentally, I think 10 users was the limit before it would fall to IRC-style multi-user chat.

Though it had its flaws, definitely. Like how it could mix IRC-style and talk-style users depending on preferences. And how IRC-style users sometimes got half-finished text lines from talk-style users repeatedly. And "phosphorescent green terminal" would've been nice — everyone was allowed to pick their own background and text colors AND change them at will. My eyes hurt greatly past that...

Re:There is only one true IM client (4, Funny)

eln (21727) | more than 5 years ago | (#25588923)

talk requires a terminal that can handle curses (vt100 or similar). This creates a barrier that's simply too cumbersome. I would suggest using write instead.

If encryption is needed, I would suggest rot13. For double encryption, rot26 can be used. Or, you could do what they did in WWII and "encrypt" by using an obscure language that few outsiders are likely to be able to decode. Since getting your coworkers to learn Navajo is probably out of reach, I suggest Pig Latin.

Really, I think the submitter is making this harder than it needs to be.

Re:There is only one true IM client (1)

dgatwood (11270) | more than 5 years ago | (#25589021)

I know you're kidding, but since the write command does not involve the network in any way, it is precisely as secure as the server admin is trustworthy. No encryption is needed. Now that telnet connection to the server, on the other hand.... :-D

Re:There is only one true IM client (1)

clone53421 (1310749) | more than 5 years ago | (#25589143)

Nah, if you're really hardcore you'll tattoo your messages onto the heads of couriers. If you need to make a secure transmission, you just have to wait for their hair to regrow.

Pidgin + OTR (4, Informative)

314m678 (779815) | more than 5 years ago | (#25588511)

Pidgin + OTR pluggin

http://www.pidgin.im/ [pidgin.im]

http://en.wikipedia.org/wiki/Pidgin [wikipedia.org]

http://www.cypherpunks.ca/otr/ [cypherpunks.ca]

Re:Pidgin + OTR (2, Informative)

TheLink (130905) | more than 5 years ago | (#25588821)

Pidgin for windows is pretty crappy though

It hangs quite often (more if you don't use the tab mode, and if you use tab mode, if some spammer spams you, you can't tell from the taskbar who sent you the message - it could look like someone else is sending you a message).

It often doesn't succeed in sending messages to people on MSN - 5 minutes after I send, it'll tell me it failed. 5 minutes!

You can't easily filter out "spim", even if you use stuff like bot sentry you still get bugged about it- which completely defeats the purpose.

The only reason why I'm currently using pidgin instead of "Windows Live Messenger" is the latter doesn't save chat logs if you shutdown/logout without "closing the program properly".

Would be happy to know if there's something more stable.

I tried trillian but the interface was terrible.

Lastly, maybe it's coincidence but my spim rates went up a lot soon after I tried pidgin and trillian.

Re:Pidgin + OTR (3, Informative)

JCSoRocks (1142053) | more than 5 years ago | (#25589055)

The MSN bug is the only one I've run into. Other than that I've always thought Pidgin was great. I've been forced to switch over to Windows Live Messenger and I really don't like it after using Pidgin. The Outlook integration doesn't make up for the clunkier UI and the inability to connect to other networks.

Re:Pidgin + OTR (0)

Anonymous Coward | more than 5 years ago | (#25589089)

I second you!
OTR is also available on Adium (same pidgin core) on OSX so even more widespread than previously thought

Re:Pidgin + OTR (4, Interesting)

srussell (39342) | more than 5 years ago | (#25589199)

Note that the OTR plugin is available for several IM clients, including KDE's Kopete, Miranda, mICQ, and several others.

I'm still waiting for it to show up for the Android chat client, but it is still early days...

--- SER

jabber (4, Informative)

muckdog (607284) | more than 5 years ago | (#25588513)

I'm betting www.jabber.org will be echoed over and over in the responses. Considering Google uses it to power Gtalk I say its scalable.

Re:jabber (1)

curtS (214040) | more than 5 years ago | (#25589051)

Agree - my former employer used it successfully with about 3k users. We mostly used the Exodus client.

http://silcnet.org/ (0)

Anonymous Coward | more than 5 years ago | (#25588515)


Multi-platform (4, Insightful)

jkinney3 (535278) | more than 5 years ago | (#25588517)

Microsofts solution is NOT multiplatform. Anything that runs jabber protocol has a multiplatform client.

Pidgin? (2, Informative)

yakumo.unr (833476) | more than 5 years ago | (#25588519)

So how about Pidgin [pidgin.im] with the OTR plugin [cypherpunks.ca]? afaik you can't get more secure than OTR with IM, and it's available for a few different clients.

Re:Pidgin? (1)

lunk (80231) | more than 5 years ago | (#25588547)

I agree, Pidgin supports tons of different protocols. I use it with the OTR plugin and can have secure conversations over any service from AOL to Yahoo to Jabber, even IRC.

Re:Pidgin? (1)

cowtamer (311087) | more than 5 years ago | (#25588777)

Mod parent up. Pidgin is not as full-featured as MS's IM, but otherwise rocks (esp. wrt security)

Re:Pidgin? (0)

Anonymous Coward | more than 5 years ago | (#25589087)

As long as you don't ever ask it to save your password. It keeps them all in plain text.

Pidgin w/OTR (1, Redundant)

andrewd18 (989408) | more than 5 years ago | (#25588533)

You could try recommending Pidgin with the Off The Record plugin [cypherpunks.ca]. I can't say I've personally gone through the code and verified all of its claims, but the plugin looks promising, and it's easy to install.

Openfire + Spark (5, Informative)

mackil (668039) | more than 5 years ago | (#25588537)

We use the Openfire server (www.igniterealtime.org) with the Spark client over several offices in different states and over 3 different platforms. SSL is available as well (which we use).

So far no problems beyond user error. I'd recommend it.

Re:Openfire + Spark (1)

SupremeChalupa (547765) | more than 5 years ago | (#25588591)

I'd second this post. We use it worldwide and have found it to be a GREAT collaboration and IM solution. It also includes logging capabilities if you have SOX requirements.

Re:Openfire + Spark (2, Insightful)

ErnieD (19277) | more than 5 years ago | (#25588805)

I'll second that, we use Openfire within our IT department (spanning 3 locations plus accessible via VPN). Spark is the primary client we give to our people but they're also free to use any other Jabber client they want like Pidgin, Miranda, Exodus, etc. We have SSL enabled and message auditing & archiving turned on which is also important for businesses in certain markets. We have it authenticating off our Active Directory via LDAP lookup. There's also a Flash-based web client which simply is a SWF that can be dropped in any web server, but we don't use that at present.

Re:Openfire + Spark (2, Informative)

SuperQ (431) | more than 5 years ago | (#25588981)

I use openfire for my personal jabber server, it's been reliable, and keeps getting good updates.

I haven't used the spark client, and I haven't had good luck with the web client. That's probably the biggest thing I wish I could find was a good web client like gmail chat.

Re:Openfire + Spark (0)

Anonymous Coward | more than 5 years ago | (#25589077)

We use this combination as well. I've found that Spark is a resource MONSTER. This may be because the logfiles are written to a roaming profile but I often have users complain that Spark is slowing their machine down. In addition it tends to eat over 100mb of memory... FOR AN IM CLIENT.

For those in the know (namely the IT department) we use Pandion. Its Windows only which sucks but it does a pretty good job.

Re:Openfire + Spark (0)

Anonymous Coward | more than 5 years ago | (#25589211)

We use this combination as well. I've found that Spark is a resource MONSTER. This may be because the logfiles are written to a roaming profile

No, it's because Spark is a huge java monstrosity of a program.

It's also very annoying to configure single-signon so that Spark uses your windows login kerberos credentials to log you in automatically.

Re:Openfire + Spark (1)

Dark4Sorrow (589052) | more than 5 years ago | (#25589093)

I just installed the Openfire server using the Spark client within the last 30 days and it's working flawlessly. We've tried out a few other solutions over the last few years, but this is the one that everyone seems to love the most. So, this is what I'd recommend as well.

Our rollout was not as big, but.. (0)

Anonymous Coward | more than 5 years ago | (#25588543)

Pidgin + Internal Jabber servers did it for us.


Pidgin with OTR (1, Redundant)

betterunixthanunix (980855) | more than 5 years ago | (#25588555)

Use Pidgin with OTR. It is a good balance of security and convenience, you just need to be careful about not having your hardware stolen (OTR keys are not symmetrically encrypted the way PGP keys are). You might be able to resolve that by also using whole disk encryption...

Spark IM (0)

Anonymous Coward | more than 5 years ago | (#25588557)

Spark Client and Openfire Server


Jabber? (2, Insightful)

nine-times (778537) | more than 5 years ago | (#25588561)

I've never actually implemented Jabber before, but it seems like the obvious answer. You should be able to set up your own server without paying any software costs, and use GAIM/Adium. I think encryption is supported, but it's slightly less of a concern if the traffic never leaves your own network.

Actually, depending on your requirements, you may not want clients to encrypt traffic, so that you can log and archive it.

Re:Jabber? (2, Informative)

infinityxi (266865) | more than 5 years ago | (#25588613)

Jabber is actually a pretty easy set up. You can grab a ejabberd or OpenFire and set your domain up around it. Encryption and retention is also pretty easy to set up. It seems to make the most sense if this is about in house communication on a company level as one can easily make JIDs mirror email addresses.

Re:Jabber? (1)

krakelohm (830589) | more than 5 years ago | (#25588839)

I second the use of Openfire. I have been using it since it was wildfire, its nice and small on the server, web interface for setup and uses Jabber so you can choose the client that works for you. One note though, I would stay away from their client (spark), it works good but man its a memory hog and slowwwww.


Re:Jabber? (1)

SuperQ (431) | more than 5 years ago | (#25588999)

I also love openfire, I tuned the java memory usage down a bit, but I guess I don't have enough users to see if it's slow or not.

How many users and what hardware are you using?

It supports clustering, so I guess you can always scale it that way.

Any XMPP Client (5, Informative)

infinityxi (266865) | more than 5 years ago | (#25588563)

I would go about your problem by first separating the client from the actual protocol. If you are worried about cross platform I would of course go with an XMPP solution. You can do the following:

- Run an OpenFire server Here [igniterealtime.org]
- Pick from a slew of XMPP clients but I would problem pick the Spark IM Client (Same people as the OpenFire software)

This way you don't have to worry about Client A working with Protocol B across Windows/Linux/Mac.

Using XMPP is also an easy way to control your IM facilities as you can create an organizational system for creating names such as using email addresses as screen names and not have to worry about Bob from Accounting using PiMpMaSta23.

I would evaluate OpenFire and the Spark IM client and see if it fits. The server is very easy to set up and administer. You can also use Pidgin or Psi as XMPP clients although I think Spark is the most professional looking of the three.

Skype? (0, Redundant)

BorgAssimilator (1167391) | more than 5 years ago | (#25588575)

I've heard good and bad things about Skype. They say that they have encryption, but other "security experts" have said that it's not secure enough for businesses (however, I have no sources to that effect). I use it on occasion to talk to fellow employees, and I like the features it brings (such as the video conferencing capabilities), even if the interface is ugly.

Then again, skype is more voip than instant messaging, so it may not be what you're looking for. Still, I'd consider it (despite its problems)

Re:Skype? (2, Insightful)

infinityxi (266865) | more than 5 years ago | (#25588941)

I would really not want to use Skype for anything more than personal use, especially not company use. It might be a good program (matter of opinion) and it might have decent voip but then again the guy asking could have easily went with using AIM, Yahoo, or GTalk. It sounds like he wants to use something more suited to IM and for a company you should really want to have control over accounts, usernames, and compliance and I don't think Skype is good enough for that.

As for the security issue. I am sure it is decently secure but if this organization as others rely on encryption for sending sensitive messages across the wire (I would really discourage people sending sensitive business information over IM) a third party solution isn't really the way to go. I would say run something in house (or co-located) and get a certificate.

You'll need a server, too (5, Informative)

Yosho (135835) | more than 5 years ago | (#25588585)

Everybody is saying "Pidgin", but a client won't do you any good without a server to connect to, and if you really care about being secure, you shouldn't trust any third-party server that is publicly accessible.

You should probably set up your own Jabber server; I recommend Openfire [igniterealtime.org], which is open source, easy to install, and pretty powerful. It is possible to mandate that all clients must use encryption to connect, which will do a pretty good job of keeping things secure, and you can use any XMPP client that supports encryption. If you don't want even the server to be able to read your messages, as others have suggested, installing an OTR plugin for your client is the way to go.

Re:You'll need a server, too (1)

morgan_greywolf (835522) | more than 5 years ago | (#25588831)

Niiiice. Web-based administration, supports server-to-server, group chat, handles registrations for you, etc. Nice monitoring and reports.

Very slick.

Pidgin performs beautifully cross-platform (3, Informative)

Arrogant-Bastard (141720) | more than 5 years ago | (#25588609)

Pidgin is portable, under active development, works for multiple IM protocols, sports a healthy collection of plug-ins that augment its functionality -- include OTR to provide relatively secure messaging services. It's not perfect by any means, but I've deployed it across a 150-person organization and found that it more than met their needs. So if you're going to spend money -- not that you need to -- one possible course of action is to try pidgin, identify any issues that are causing you problems, and negotiate a deal with the developers: make a contribution to fund the development, which in turn not only benefits you but the entire rest of the user community.

Why IM? (4, Interesting)

Hatta (162192) | more than 5 years ago | (#25588619)

Why not IRC?

Re:Why IM? (1)

morgan_greywolf (835522) | more than 5 years ago | (#25588683)

Why not IRC?

You must've missed the word 'secure' in the headline.

Re:Why IM? (2, Informative)

Khyber (864651) | more than 5 years ago | (#25588853)

I have yet to see a reliable working UnrealIRCd server hack.

As long as they didn't use mIRC and kept their IRC network completely internal (kinda tough to do without some VPN connecting to the other 30+ locations plus password entry into channel (or an allow list) they shouldn't have too much of an issue.

And of course IRC does have SSL connection capability.

Re:Why IM? (1)

morgan_greywolf (835522) | more than 5 years ago | (#25588881)

Given -- but to answer the question, you still have the problem of IRC's usability vs. IM clients. Everyone knows how to use an IM client. My wife finds IRC confusing.

hmmm.. (0)

Anonymous Coward | more than 5 years ago | (#25588621)

I'd have to say if you are a big company or so it seems, and security is your biggest concern. Wouldn't you mind paying money for a solution that has a company behind it. If microsoft's solution does not provide multiplatforming, look somewhere else. Wouldn't you want to pay a few dollars to have the piece of mind to know that the security of your company is safe.

Re:hmmm.. (0)

Anonymous Coward | more than 5 years ago | (#25588763)

If you google around you can find server hosting that provides you XMPP hosting. I am sure you can bundle that with third party support. The issue with Microsoft hosting is how much the guy asking cares about cross platform reliability. As I haven't used a Microsoft solution I won't say one way or the other. I'd say as long a company doesn't rely on a consumer grade IM service such as AOL or Yahoo, or even Google Apps, they are pretty good.

Sametime (1)

chrise123x (1153173) | more than 5 years ago | (#25588623)

What about looking at Sametime ? Multiplatform, secure, Java based and supports voip, webconferencing, sharing of apps and a whole bunch of other plugins. www.ibm.com/sametime.

Jabber (0)

Anonymous Coward | more than 5 years ago | (#25588627)

Jabber Security:

http://www.saint-andre.com/jabber/Security.pdf (fair warning: annoying pdf)


Openfire and Spark (1)

DnemoniX (31461) | more than 5 years ago | (#25588643)

I have used this combination at two jobs now, it supports multiple offices and also has LDAP integration if you wanted to hook it up with Active Directory. There are also a handy assortment of plugins available.

logs (0)

Anonymous Coward | more than 5 years ago | (#25588661)

I set up a truecrypt partition of a few megs to autoload on startup (with password) and then set my pidgin application folder inside that partition so that i can save all my logs, but have them password protected.

GroupWise IM (2, Informative)

Emrys01 (831422) | more than 5 years ago | (#25588677)

Novell GroupWise Instant Messenger is secure by default. It has its own client or you can use Pidgin. The server is not hard to set up and get running either. (Disclaimer, I work for Novell.)

Re:GroupWise IM - whoa no (1, Insightful)

poetmatt (793785) | more than 5 years ago | (#25588791)

Nobody on slashdot would typically suggest Novell for anything. Patent issues, selling their soul to MS, working with mono, You should know better. [boycottnovell.com]

Pidgin + OTR + Jabber server if needed = good solution, open source, no software costs of any kind (only hardware).

Re:GroupWise IM (0, Flamebait)

moderatorrater (1095745) | more than 5 years ago | (#25589221)

Disclaimer, I work for Novell

So, you're either Indian or very scared. Got it ;)

(I work with many, many ex-Novell employees)

Check out SupraBrowser (5, Interesting)

Anonymous Coward | more than 5 years ago | (#25588681)

SupraBrowser [sourceforge.net]

It's a secure, threaded IM client (all socket communication 3DES encrypted with a zero-knowledge proof SRPP [stanford.edu]), written in Java, that runs on Linux, Mac, and Windows. It was developed for the hedge fund industry in Boston. I developed it initially, but it's mainly being maintained, not developed further because we don't receive any new feature requests.

Don't let the extensive features fool you. It's primarily a secure, threaded IM system. The other features were added (email gateway, auto-forwarding to email, embedded web browser with sophisticated tagging engine) based on its being used *very* heavily every day and requests coming from highly advanced users of the system.

There is also a Firefox plugin that integrates with it, as well as a pure ajax client written in the Eclipse Rich Ajax Platform.

Feel free to contact me personally for any details or help setting it up. The release on sourceforge assumes fairly good technical abilities (building it from ant, getting xulrunner to work with javaxpcom) and is not a general packaged release. However, it is running many places in production.


David Thomson

Why OSS? (1)

kuzb (724081) | more than 5 years ago | (#25588693)

Why does it have to be opensource? Do you intend to develop code/patches for it?

Re:Why OSS? (0)

Anonymous Coward | more than 5 years ago | (#25589017)

So you know there is nothing fishy going on, and you know exactly how it communicates, and whom it communicates with, etc. Only open source programs make this possible.

Re:Why OSS? (1)

geekoid (135745) | more than 5 years ago | (#25589047)

A) If he really wants security he is going to want to look at the code.

B) Maybe he wants to support the philosophy?

C) You are protected against forced upgrades.

D) You will always be able to get support. Worse case that will mean hiring someone to add the feature you want.

E) Cost.

F) Longevity.

Secure Internet Live Conferencing (SILC) (0)

Anonymous Coward | more than 5 years ago | (#25588705)

silc is a good fit. Array of clients for Mac/Win/Nix easy to setup and use.

XMPP with TLS and (optionally) GPG/PGP (4, Informative)

Enleth (947766) | more than 5 years ago | (#25588711)

You can setup the thing completely in-house (you don't have to trust a contractor), or you can opt for a canned solution (for example Jabber, Inc., http://www.jabber.com/ [jabber.com], they do provide everything for big and small companies, and are backed by Cisco). It uses SSL/TLS for secure connections both between clients and servers (C2S) and between separate servers (S2S), with full support for certificate authenticity checking, and even PGP/GPG encryption between the users, should they need to exchange really confifental data that even a rogue company server admin shouldn't be able to intercept (message encryption, pretty rare among proprietary protocols, but happens), or be sure that joe.the.boss@company.com is really Joe, their Boss, and not someone who just happend to "borrow" their laptop at the airport (signed presence, something, AFAIK, no other protocol provides). There are XMPP servers and clients for almost every platform possible, open-source or commercial, the protocol is open and approved by IETF for IM-style communication.

I won't give you any specific names, but I believe it wouldn't be very difficult to find a few *very* big companies using XMPP to prove to your boss that it's being used like this by big players in the industry.

And, frankly, that's the only open solution to your problem.

Zimbra (4, Interesting)

sfbiker (1118091) | more than 5 years ago | (#25588727)

Check out Zimbra [zimbra.com]

It can replace your Exchange server for email, has an XMLPP IM server built-in, and is much more cost effective and easier to administer than Exchange.

SSL irc or jabber (0)

Anonymous Coward | more than 5 years ago | (#25588735)

Why not use irc or jabber over an SSL connection? Most clients already support it and it allows you to have as many groups as you want at a time.

SILC offers secured servers (1)

dannys42 (61725) | more than 5 years ago | (#25588745)

When I was considering IM solutions for my company, I was looking into SILC, as that lets me run my own servers in addition to keeping traffic encrypted. I know that wasn't part of your original question. But it may be something you want to look into. Pidgin apparently has SILC client support built-in as well.

SILC (1)

Deleriux (709637) | more than 5 years ago | (#25588761)

Dont know much about it, but it appears to support encryption straight from the transport level with no kludges like OTR.

Looks open source too.

XMPP (1)

Ash-Fox (726320) | more than 5 years ago | (#25588765)

Psi and a Jabber server of your choosing would do.

Psi is fully multi platform, supports various encryption options. It isn't any harder to setup and install than any other corporate instant messaging system.

Additionally, there is no cost involved.

OpenFire Jabber server (2, Informative)

Nicodemus (19510) | more than 5 years ago | (#25588833)

I would recommend the open source OpenFire [igniterealtime.org] server. Install it on your own server, then set the preferences to force SSL connections. Then communicates passed between clients on any platform are SSL encrypted. Turn off local client logging for better security. Beyond that, it's all client-side stuff that doesn't port as well.


on a related topic ... saving audio ? (0, Offtopic)

UnknownSoldier (67820) | more than 5 years ago | (#25588877)

Can any of the IM save the ENTIRE voice-chat session?

I need both incoming and outgoing voice saved. (A plain old wav file is fine.)


Seriously? Miranda? No. (1)

theantipode (664138) | more than 5 years ago | (#25589053)

How did miranda make it into the tags? I'm in IT at a company of about 270 people, and one single Miranda client is enough to bog down the server thanks to malformed data that it sends.

Spark/Openfire? (3, Informative)

chiger_bite (801427) | more than 5 years ago | (#25589061)

I have been a fan of the Spark Client and Openfire Server [igniterealtime.org] as an IM platform for quite sometime. They are built on the XMPP and Jabber protocols. After being in a corporate environment before, I know it's hard to convince management to go with an OSS solution as they seem to think that if it doesn't have a price tag, it's not secure. The Spark/Openfire platform come in an 'Enterprise' flavor with support to appease management as well. Both the client and server are built on a plug-in style architecture, so it's pretty easy to include your own software add-ins. There are really too many features for me to really go into though.

gale (1, Informative)

Anonymous Coward | more than 5 years ago | (#25589101)

Gale -- http://www.gale.org/ [gale.org]

It's secure, easy to set up (including both client and server), and there are multiple clients for it, including both command-line and GUIs, and for both Linux and Windows.

All messages are cryptographically signed (unless the user chooses to send anonymously), and messages can be either plain-text or encrypted, depending on who they're being sent to.

jabber (0)

Anonymous Coward | more than 5 years ago | (#25589131)

i too will say jabber for the mod points

I don't think Pidgin (2, Informative)

morgauo (1303341) | more than 5 years ago | (#25589139)

Pidgin's a great client for personal use. I use it and like it a lot.

Sure, they can set up a Jabber server of their own, then connect to it with Pidgin and use one of the encryption plugins for security but I doubt an organization that is concerned about secure IM is going to be interested in a solution with so much possibility for the users to start adding their own personal, outside, public IM accounts.

I would say Jabber server with any jabber only client which supports encryption and can have it's config locked down. Of course, they can block access to outside Jabber servers with a firewall but why not stop them from trying in the first place too.

Pidgin + Jabber (0)

Anonymous Coward | more than 5 years ago | (#25589157)

IM client security? Pshaw. None of the IM client vendors give a whack about security; Viruses and trojans abound.

What do you want security for? If what you want is corporate security, consider using pidgin, setting up a corporate jabber server, and locking all other IM services out.

Flash-based, secure (SSL) IM client for business (0)

Anonymous Coward | more than 5 years ago | (#25589171)


If you want an out-sourced solution, Concentric offers this one. Seems to meet your requirements.

(full disclosure - I work for them)

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account