joebeone

Joe Hall here (CDT's senior staff technologist):

The answer to this question fundamentally depends on what you're trying to protect and who from (and their capabilities). I definitely recommend using off-the-record encrypted IM when you use GChat, but note that, unfortunately Google's term for "Off The Record" is not encrypted but it merely makes sure that no one keeps logs. True OTR chat is authenticated and encrypted and the keys are discarded such that if someone tries to pin you to a chat log they've saved, you can easily claim they made it up. Clients like Adium (Mac) support this but go here to see which IM clients truly support real OTR IM: http://www.cypherpunks.ca/otr/

As for email, if you are talking about sensitive stuff, I very much recommend you learn how to use strong crypto tools like GPG/PGP. It can be daunting at first, because doing things right requires that you learn a bit about crypto: http://www.techrepublic.com/blog/opensource/get-started-with-gnupg/165

Finally, everyone out there should be using a password manager (I disagree strongly with Mat Honan about the death of the password)... these tools store passwords, create very strong ones and even type them in for you (to bypass keylogging malware). Lastpass, Keepass, 1password ($$$) and Password Wallet are all good examples.

And if you don't know how to surf anonymously using the TorBrowser, please go here, learn about it and download the latest one! https://www.torproject.org/about/overview.html.en

Does FaceTime do e2e for sessions between more than two people? (I don't think it works like that.) Whereas Hangouts is a multiparty tool, that necessarily has to have heavy coordination in the middle (in order to know who to display as "talking" and to create smaller thumbnail-sized feeds to send off to peers). So I wonder if this is comparing something where we know we can do e2e well (FaceTime with a point-to-point connection) to something where it seems a bit challenging to do e2e at all (e.g., like mpOTR for chat, but video).

(If there are e2e multiparty video tools, I'd love to know!)

If you feel spendy, you might donate to https://www.torservers.net/ who aim to provide high-bandwidth exit nodes all over the world.

Alas, you'll need to take some time to learn about GPG/PGP or, god forbid, S/MIME. It gets very technical quick.

WebRTC is point-to-point... only two parties can communicate with it in a given session (check the w3c spec: "An RTCPeerConnection allows two users to communicate directly, browser to browser." http://www.w3.org/TR/webrtc/#introduction ). I does not do videoconferencing which you need a heavier middle server presence.