Frequently Asked Questions





General Questions



Questions Regarding Encryption



Questions Regarding Six/Four Routing




Why should I worry about whether or not someone else can read my IM messages? Who would even care enough to read them?

Yes! You should care.

Over 50,000,000 people use AOL Instant Messenger alone, not counting MSN, Yahoo, and other IM services. The information that passes over this network is a GOLDMINE. It would be absolutely foolish to think that, at the very least, the major governments of the world aren't intercepting part or all of the messages passing through. In addition, there is a high incentive for corporations to spy on the IM network since competitors freely discuss business strategies and plans through it daily.

Do you want to trust all these entities with your information? Sure, 90% of the average IM user's communication is not of any interest to anyone else. But bits and pieces of sensitive data can always be assembled over time.

Another huge problem is identity theft. Identity theft has quadrupled in 2002, and its continuing to rise in 2003. The reason is simple: it is more profitable to steal someone's identity than it is to steal their possessions. By stealing a few personal details, it is relatively easy to retrieve a corresponding Social Security Number, credit card number, and bank account number. With this information, criminals can construct a new identity and take out loans, ultimately leaving you with the bill.

All these threats are eliminated by using Ultramagnetic correctly.
Is Ultramagnetic a replacement for Gaim?

     NO. The only thing Ultramagnetic adds to the Gaim tree is encryption support and support for Six/Four. Furthermore, note that UM is a concurrent fork of the Gaim tree. This means that every so often, UM will re-synchronize with the upstream distribution. It is expected that most users of Ultramagnetic will also have Gaim installed.
Is Ultramagnetic safe to use right now (v0.80)?

     Yeah, probably.  =]
     I personally have a lot of faith in it, but then again, I'm biased. The code has withstood a fair amount of testing and held up through two major code reviews. I do not expect any surprises between now and v1.0 launch.


All encryption features have been implemented already. Here is a list of things that need to be done before v1.0 is released for general consumption:


What is Ultramagnetic's advantage over other encrypted IM protocols/utilities? And what's so great about the Six/Four network?

Sorry, I haven't come around to writing this section yet. Check back in 2 days.
AAAAH!!!@#$ My virgin eyes!!! What's with this profanity on the encryption & Six/Four initialization pages??

Hmm... if you had to ask this question, then you're definitely not a fan of Rage Against the Machine. The quote "Fuck you, I won't do what you tell me!" comes from their song called 'Killing In The Name'

For those of you who are still clueless, Rage Against the Machine fiercely protests against unjust governments and their oppressive ways. This is precisely the spirit in which Ultramagnetic was created. I understand that some people misunderstand the purpose of this quote and see it as childish or immature. However, this couldn't be farther from the truth.

When Ultramagnetic is compiled with encryption support, is it compatible with any other instant messenger clients?

As of this writing, no. As for the future, it is not planned.

Why, you ask? Well, for a few reasons. For one, designing and implementing a client to handle both encrypted and cleartext communications simultaneously is more complex (obviously). This complexity results in more maintenance effort as well as increasing the chances of introducing a security vulnerability (!!).

Second, it takes LOTS more effort by the end user to handle such an IM application correctly. The user would always have to double check that the encryption icon (or whatever) is on. This means that in about, say, one in a hundred IMs, the user will forget to check or make a visual error or whatever. This mistake might cost someone their life. (Think about the SSL icon that browsers use. Even *I* forget to check on that every once in awhile, and I'm as paranoid as they get!!)

With all of these risks, it does not seem to me that it is worth it to implement a 'compatability mode' in Ultramagnetic's encryption support, especially since its easy to run TWO IM clients simultaneously. This would accomplish the same thing in a slightly less convenient manner but without the huge risks mentioned above.

What are the technical specifications of the encryption?

All cryptographic code is handled with GnuPG's libgcrypt. Although libgcrypt as a library package is still in beta, the functions that compose it are taken from the highly-matured sources of GPG.

Here are Ultramagnetic's functional specifications (as of v0.80):

Keys are exchanged using 2048-bit ElGamal (a public-key cryptosystem).
Message authentication is performed with 1024-bit DSA.
Messages are encrypted with 256-bit AES in CTR-mode and authenticated with a HMAC-SHA1 with a 256-bit key.

Is Ultramagnetic's encryption compatible with Trillian's encryption?

What a stupid question!! Of course not! Trillian's handshake protocol uses the Diffie-Hellmen key exchange, which is completely unsafe because of its vulnerability to the man-in-the-middle attack. This is a big deal on a centralized instant message network like AIM, Yahoo, and MSN.

Essentially, the Trillian program is doing a severe disservice to its users because it is giving them a false sense of security.
Is the Six/Four support safe to use right now?

Six/Four support was removed pending the stabilization of the encryption support (in other words, I'm going to try to get v1.0 out first, before working on Six/Four support some more).