When you send an instant message via Apple’s iChat, your words are transmitted in the clear—anyone can use packet-sniffing software to read them, either on your local network or over AOL’s instant-messaging network (which is used to transmit iChat messages). This may be of little concern if your chats revolve around last night’s TV shows, but when chats contain sensitive personal or company information, security is a serious matter. Intego’s ChatBarrier X3 10.3.1 applies what sounds like a high standard—“military-grade” 512-bit encryption—to iChat messaging, but this level of encryption may not satisfy every user’s security needs.
ChatBarrier X3’s intelligent design is unobtrusive. When you initiate a text chat with another ChatBarrier X3 user, a background pattern of gray padlocks, and a small padlock icon beside the text-entry field, indicates that the chat is encrypted. Using the packet sniffer in Interarchy 7.2 (see our review, page 34) to examine the data stream, I verified that ChatBarrier X3 does indeed encrypt text. But while the program is ideal for messaging between iChat users, it doesn’t encrypt file transfers, chats with more than two participants, or Direct Instant Message sessions.
Unfortunately, ChatBarrier X3’s encryption method appears to rely more on obfuscation than on published security protocols. Intego says that the “military-grade” encryption is a proprietary “derivative of triple-DES encryption.” In practice, this means your iChat sessions are probably safe from casual eavesdropping, but the lack of an open, peer-reviewed encryption protocol precludes total security.
Macworld’s Buying Advice
If you require confidential chats, then a program such as Fire (which uses GPG, or “open PGP”) or BitWise Communications’ BitWise (which uses the Crypto++ library) may better serve your encryption needs. But for most people, ChatBarrier X3’s scheme is perfectly acceptable.