HOWTO secure your Meebo

Meebo is a Web 2.0 application that supports several IM protocols, AIM, Yahoo, MSN and GTalk. It paves the way for user who are behind the firewall to communicate with the rest world. However, as other IMs, the conversation between you and your buddies are not encrypted via SSL for the sake of server overload. the private talk is more or less like broadcast to the IT staff. How to secure my Meebo talk?

We can use SSH tunnel to encrypt the conversation. The idea is we run a proxy server in the trusted remote machine, and bring the proxy port(for example, 3128) to local by using the ssh tunneling, then use the localhost:3128

A trusted remote machine

First, we need a remote machine that is trusted. You can use your PC at home, or donate 1$ to Silence is defeat to open a unix account.

NOTE: Silence is defeat shutdowns the PayPal payment right now, the following method is verified in one Linux box at home.

Install the proxy server

Grab the latest version of squid, and build it.

wget http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE10.tar.gz
tar xvfz squid-2.6.STABLE10.tar.gz
./configure --prefix=${HOME}
make && make install

You need to setup the squid before run it. Open ${HOME}/etc/squid.conf.example, uncomment the http_port directive, enable the access to all users, and save it to ${HOME}/etc/squid.conf

http_port 3128
http_access allow all

You might need to change the port number to one non-used port; the allow all policy is not that scaring, since squid is not running in privileged mode, port 3128 is not open to the outside, only local users can access the proxy service. Run the service for you:

${HOME}/sbin/squid

Tunnel it

You need an SSH client, (OpenSSH for Linux, Mac OSX, Putty for Windows). For Linux, Mac OSX users,

ssh -L 3128:your_host:3128 user_name@your_host

and keep this terminal open. For Windows user, here is an illustrated HOWTO.

Test it

Change the connection setting of your browser to localhost 3128. You are all done.

Bonus: all the browser session are secured by SSH tunnel. IT may become suspicious what you are doing all day, though.