Jitsi for Mac OS X Secure instant messaging and VoIP

Posted10 August 2016

Jitsi is cross-platform, free and open-source software for Instant Messaging (IM), Voice over IP (VoIP) and video chat. It is compatible with many popular IM and telephony services and provides reliable end-to-end encryption for text chats (and somewhat experimental end-to-end encryption for voice chats).

Jitsi is cross-platform, free and open-source software for Instant Messaging (IM), Voice over IP (VoIP) and video chat. It is compatible with many popular IM and telephony protocols, including Jabber/XMPP, Facebook Messenger, AIM, ICQ, MSN, Yahoo! Messenger and SIP. It provides end-to-end encryption for text chats through the Off-the-Record (OTR) protocol. It also supports end-to-end encrypted voice chat using ZRTP over SIP, though it tends to be somewhat unstable when used in this way.

Important: If you and those with whom you communicate use OTR encryption for text chats and ZRTP encryption for voice chats, Jitsi will protect the content of your conversations from service providers like Google and Facebook. However, these providers can still monitor certain metadata about the conversations you have through Jitsi. Examples include:

They can share this information with third parties, including other companies and governments. For conversations where such metadata could be sensitive, you and those with whom you communicate should consider using a trusted, independent service provider.

Jitsi allows you to use your existing accounts to communicate securely through the use of end-to-end encryption. This not only makes the content of your communication inaccessible to various third parties, such as government or corporate surveillance platforms, it also protects your conversations from those who operate the chat services themselves (such as Facebook, if you are using Facebook Messenger, or Google, if you are using Google Talk).

Note: Jitsi was written in the Java programming language. As such, Java must be installed on your computer in order for it to work. Though Java itself does not represent a significant security risk, Java browser extensions are often found to contain vulnerabilities that allow malicious websites to assume control of your computer or install malware. If your browser has a Java plugin installed, we strongly recommend that you disable it.

Jitsi is available for Mac OS, GNU Linux, and MS Windows. It can be used to communicate with other XMPP or SIP clients that support end-to-end encryption through OTR (for text chat) or ZRTP (for voice chat). Examples are recommended below:

To install the latest stable version of Jitsi, follow the steps below:

Step 1. Go to the Jitsi download page.

Tip: Make sure you're on the secure version of the Jitsi download page before you download anything. (The 'https' part encrypts the connection between your browser and the website, thus making it harder for an attacker to modify the file you're going to download.)

Step 2. Select the appropriate Jitsi Mac OS X Package for your computers operating system.

Figure 1: Jitsis Download Page

If you are using OS X versions 10.8 and above, click on the main Mac OS X Packages link directly below the apple icon. If you are using versions 10.6 or 10.7, click on the No-JRE Packages Mac OS X 10.6/10.7 link. Most users with up-to-date operating systems will click on the main Mac OS X Packages link.

Tip: If you are unsure of which version your operating system is, click on the apple icon in the menu at the top of your screen, then scroll down to select About This Mac. A window will appear that includes the current version number of your operating system.

Step 3. Click to download the appropriate version of Jitsi. Save it to your Downloads folder.

Figure 2: Downloading Jitsi

To install Jitsi, follow the steps below:

Step 1. Navigate to the folder in which you saved the Jitsi package (titled jitsi-latest.dmg' or jitsi-no-jre-latest.dmg). In this example, we saved it in the Downloads file.

Figure 1: The Downloads folder containing the Jitsi .dmg file

Step 2. Double-click the Jitsi .dmg file to mount it as a disk image. It should show up in a new window (Figure 2, below) and under Devices in the left-hand sidebar of a normal Finder window.

Figure 2: Inside the mounted Jitsi disk image

Step 3. Drag the Jitsi.app into the Applications folder.

Figure 3: Dragging the mounted Jitsi.app into the Applications folder

It will then copy over into Applications.

Step 4. Before we start using Jitsi, we should unmount (or 'eject') the Jitsi disk image. Find Jitsi under Devices in the Finder sidebar. Click on the {eject} icon next to it in the sidebar to unmount the disk image.

Figure 4: Unmounting (or ejecting) the Jitsi disk image

Jitsi is written in the Java programming language andat the time of writingrequires an older, 'legacy' version of Java in order to run on Mac OS X.

Therefore, the first time you run Jitsi, you will probably see a message (as seen in Figure 1, below) informing you that you need to install the legacy Java SE 6 runtime in order to open and use Jitsi. (This same legacy version of Java is also called 'Java for OS X 2015-001' by Apple, as seen in Figure 2, below.)

To install this required legacy version of Java, follow the steps below:

Step 1. Locate Jitsi in your Applications folder and double-click to open it.

Step 2. If you need to install the legacy Java SE 6 runtime, the alert in Figure 1 will pop up.

Figure 1: Alert window notifying the user to install the legacy Java SE 6 runtime for Jitsi

If you already have this version of Java installed, Jitsi will open without this installation message, and you can skip to Section 3, Adding accounts to Jitsi.

Step 3. Click on More Info in the alert window. This will open up a webpage in your browser where you can download the required legacy version of Java 6 from Apple.

Figure 2: Apple support page for legacy Java 6

Step 4. To download the legacy version of Java 6, click on the [Download] button at the top of the webpage. Save the file to your Downloads file.

Figure 3: Download progress bar in Firefox

Step 5. Navigate to the folder in which you saved the Jitsi file (titled JavaForOSX.pkg). In this example, we saved it in the Downloads file.

Figure 4: The Downloads folder containing the Jitsi .pkg file

Step 6. Double-click the Java .pkg file to mount it as a disk image. It should show up in a new window (Figure 5, below) and under Devices in the left-hand sidebar of a normal Finder window.

Figure 5: Inside the mounted Jitsi disk image

Step 7. Double-click JavaForOSX.pkg in the mounted disk image. It will open the installer for the legacy version of Java for OS X 2015-001.

Figure 6: Installer for Java

Step 8. There is no special installation details for Java. Click [Continue] through the Read Me section, then review and agree to the License agreement. To install Java in the default location for installation (Macintosh HD), input an admin-level password to authorize the installation of Java.

Figure 7: Java installation complete

When you are finished, the installer will show that the installation was successful.

Step 9. Click [Close] to exit the Installer.

Step 10. Before we continue, we should unmount (or 'eject') the Java disk image. Find Java for OS X 2015-001 under Devices in the Finder sidebar. Click on the {eject} icon next to it in the sidebar to unmount the disk image.

Figure 8: Unmounting (or ejecting) the Java disk image

When you have the newest version of Jitsi and the legacy version of Java SE 6 installed, you can open Jitsi for the first time. Depending on your System Preferences for Mac OS X, you may see a few messages when you run Jitsi for the first time.

To navigate these and run Jitsi for the first time, follow the steps below:

Step 1. As with most Mac OS X apps downloaded from sources other than those downloaded from Apples official App Store, youll see a confirmation alert the first time you open Jitsi.

Navigate to your Applications folder, locate the Jitsi app, and double-click to open it.

Step 2. Youll see the pop-up in Figure 1 below, asking you if youre sure you want to open Jitsi. Click [Open].

Figure 1: Confirmation alert when opening Jitsi for the first time

Step 3. Depending on what your Firewall settings are in the Security & Privacy section of System Preferences, you may also see a second alert as Jitsi opens.

Figure 2: Authorization alert for Jitsi to accept incoming connections

The alert window will ask you if you want the application Jitsi.app to accept incoming network connections? Click [Allow].

Jitsi supports many different services and protocols for text chat. The first time you launch Jitsi, you will see the window shown in Figure 1, which allows you to add the accounts you want to access through Jitsi.

Figure 1: Jitsi's initial account configuration screen

You can use this screen to enter a username and password for each of the services displayed, for a total of four accounts. But you must already have accounts for these services before configuring them for use here in the Jitsi client. The sections below describe how to set up accounts for various IM and VoIP service providers.

Note: Both Google Talk and Facebook may require that you change certain account settings before you can access their text chat services through Jitsi. To learn how, see the following two sections:

As shown in Figure 1 of the previous section, the first time you launch Jitsi, you will see an account configuration screen that allows you to add various chat services to the application. After you have added at least one account, this screen will no longer appear. In order to add additional accounts, follow the steps below.

Step 1. Click File in Jitsi's menu and scroll down to select Add new account... to choose the service or protocol you want to use.

Figure 1: Add New Account screen

Step 2. Select Google Talk from the Network drop-down list.

Figure 2: Entering Google Talk account details into the Add New Account screen

Step 3. Type your Google username

Step 4. Type your Google passphrase

Step 5. (Optional) Uncheck the Remember Password box.

Important: If you want Jitsi to remember your Google Talk account password for you, you should first enable its Master Password feature.

Step 6. Click [Add]

You can now use Jitsi to communicate through the Google Talk account you have added.

Note: If you are using 2-step verification to protect access to your Gmail account, you may see an error like the one shown in Figure 3 when Jitsi tries to access your account. (It will also display the same error if you get your passphrase wrong.)

Figure 3: Google Talk authentication failed (possibly as a result of "2-step verification" settings)

To access Google Talk using Jitsi, you will need to generate an "application-specific password". To learn how, see Google's instructions. When you have generated an app password for Jitsi within your Google account, you will enter that password within Jitsi as the main password for your Google Talk account.

There are two settings that you may need to change on the Facebook website first before Jitsi can use Facebook for chat: - Create a username for your Facebook account. - Turn on Facebooks application platform.

Step 1. Assign a username to your Facebook account on the Facebook website.

Before Jitsi can connect to Facebook to use its chat functionality, you must assign a username to your Facebook account. Unlike most Web services, Facebook does not require you to select a username when you create your account, but it does allow you to create one if you wish. You can confirm your username by signing into your Facebook account.

Your username is what appears in the address bar of your browser after https://www.facebook.com/ when you view your Timeline or Page. So, if your username is elena.katerina, you should see https://www.facebook.com/elena.katerina in your browser's address bar when viewing your Timeline. Your username is also part of your Facebook email address (elena.katerina@facebook.com, for example).

If you do not have a Facebook username, you can choose one by signing into your Facebook account and selecting Settings > General or by navigating to https://www.facebook.com/username.

Facebook may need you verify your account before allowing you to select a username. This could require giving Facebook a mobile phone number at which you can receive a text message. For more details see Facebooks explanation of usernames.

Step 2. Turn on Facebooks application platform in order to give Jitsi access to your Facebook account. To do this, sign in to Facebook, select Settings > Apps, then confirm that the Apps, Websites and Plugins setting is Enabled.

Note: Turning on Facebooks application platform opens up some of your Facebook data to third-party application developers. This data is available not only to the Facebook applications that you choose to use, but also to the Facebook applications used by your friends. After turning on Facebooks Apps, Websites and Plugins, be sure to check the settings under Apps others use. This setting allows you to hide some personal information from applications used by your friends. Unfortunately, Facebook does not offer settings to hide all personal information. As long as the application platform is Enabled, certain categories of data (including your friend list, your gender, and any information you have made public) are accessible to apps used by others. If this is unacceptable, you should disable Apps, Websites and Plugins and avoid using Jitsi with Facebook Messenger.

Once have chosen a Facebook username and enabled the application platform, you can add your Facebook account to Jitsi.

As shown in Figure 1 of the Add accounts to Jitsi section, the first time you launch Jitsi, you will see an account configuration screen that allows you to add various chat services to the application. After you have added at least one account, this screen will no longer appear. In order to add additional accounts, follow the steps below to add your Facebook account to Jitsi.

Step 3. Click File in Jitsi's menu bar and select Add new account... to choose the service or protocol you want to use.

Figure 1: Add New Account screen

Step 4. Select Facebook from the Network list to enter your username and passphrase

Figure 2: Entering a username and password into the Add New Account screen

Step 5. Type your Facebook username

Step 6. Type your Facebook passphrase.

Step 7. (Optional) Uncheck the Remember password box

Important: If you want Jitsi to remember your account passwords (or passphrases) for you, you should enable its Master Password feature.

Step 8. Click [Add]

You can now use Jitsi to communicate using your Facebook account.

XMPP and Jabber are different names for the same instant messaging (IM) protocol. It is an open standard, and there are many providers who offer free Jabber/XMPP accounts that you can use with Jitsi. The IM Observatory allows you to evaluate some security properties of public Jabber/XMPP services.

If you have experience running online services, you can also install a Jabber/XMPP server (such as ejabberd or Prosody IM) on your own server and provide accounts to members of a particular community or organization.

Below, we recommend a few services that have a great deal of experience protecting their users' privacy.

Excerpt from:

Jitsi for Mac OS X Secure instant messaging and VoIP

Related Posts

Comments are closed.