Wired on Friday:  People talk about 'chatting' on the Net, but there's a world of difference between communication online and blithely chatting with your friends in the real world.

Careers, businesses and reputations have been damaged by ignoring the difference. Leaked emails, accidental postings of confidential information and damaging logfiles are all indicators that when we talk online, we talk in a more fragile way.

Journalists and their contacts, investigators and lawyers, in particular, cannot transfer the advantages of their real world confidentiality to the powerful tools of the internet. On the Net, until now, there has been no such thing as an 'off-the-record' conversation.

The good news is that some computer security experts, sensitive to the differences between the chatting of the real world and that of the Net, are working hard to recreate the comfortable familiarity, and limits, of the casual conversation in the virtual world.

Making the move has proved tricky, unfortunately, and, beyond a small group of researchers who have invented 'off-the-record' digital chats, there seems to be little incentive among mainstream software manufacturers to implement it.

Fortunately, the researchers, Ian Goldberg, Nikita Borisov and Eric Brewer, have taken the matter into their own hands: this week they released code to give instant messages the same qualities as a good off-the-record chat.

It is ingenious code that could bring new powers to whistleblowers and investigative journalists.

But first, what exactly is wrong with online chats? Online chatting lacks three aspects that we take for granted in the real world: privacy, identity and deniability.

In real life, it's quite simple to give a little privacy to a chat that you'd like to keep secret: just retire to a place where you're confident that only you and your friend are listening to your conversation.

Not so online: most messages are sent 'in the clear' - they pass through several computers, all of which could listen in to the conversation without your knowledge.

When you find that quiet nook in the real world, it goes without saying that you can be assured that you know who you're talking to. Barring Mission Impossible-style Latex masks, your companion is almost certainly who you think. That's not true online: is boss@foo.com really who you thought it is? Who am I talking to on instant messenger anyway?

Traditionally, technologists fix the first of these problems - the privacy of a message - by using encryption, mathematically scrambling your message to makes it unreadable except by the person you're talking to.

Of course, there's no point carefully encrypting your conversation when it turns out you're mistakenly talking to your worst enemy. So correctly identifying who you are chatting with is just as important as privacy.

Fortunately, the mathematics that have given us uncrackable encryption techniques can also work to prove they came from a particular person. This is the source of 'digital signatures' of the sort one occasionally sees when installing new software.

Making online chats and email private and correspondence private and signable has been a solved problem on the Net for many years.

But there is another aspect that casual conversations possess - an additional, delicious characteristic that many people, especially journalists, are as eager to preserve, a quality that, unfortunately, encryption and digital signatures often eradicate, and that has been until now impossible to replicate with standard tools.

The technical term is 'repudiability': the ability to deny a conversation ever took place. When you're done with a private chat in the real world, it becomes almost completely deniable.

You may claim that I told you I was planning on seducing the president's wife, but, without a recording of our conversation, there's no evidence.

Any future revelation of the content of the chat becomes, literally, a "he said, she said" argument. If deniability sounds more like a recipe for criminal conspiracies than a quality to be preserved, would we know of Watergate if leakers like Deep Throat were identifiable the moment their revelations were published?

Sometimes the most important lead in an investigation or the key move in a diplomatic negotiation are provided by those who can later confidently deny they said anything of the sort.

The irony is that encrypted, authenticated communications may be more undeniable than normally weakly-protected online chats. An encrypted conversation may be safe when it is transmitted, but can be unlocked after the fact by anyone who has obtained the correct codes. And authenticating yourself for secure communications proves that it was you who sent the message.

Private, authenticated and deniable - pick any two has been the motto for online chatting until now.

Goldberg and Borisov's programme, OTR, finally provides all three to online communicators. The trick they developed was a way of authenticating the text of a message in a way that makes it possible for the journalist to know that it is really the whistleblower who is on the other end of their Net chat - but impossible for the journalist to prove that to anyone else.

It's the electronic equivalent of insisting "you didn't hear this from me" and having it stick. As a bonus, the code the team has written also provides strong encryption. And rather than keep all of this ingenuity locked up in a scientific paper, they've written the code so it can work with most popular instant messaging clients.

Budding Woodwards and Bernsteins may download the program from http://www.cypherpunks.ca/otr/ .

It would be excellent news for all our casual online conversations if such ingenuity were to find its way into the default installations of email and messaging clients. Sadly, that seems unlikely to happen.

Encryption and digital signatures remain mostly unknown and unused features in personal net communications, much less Goldberg and Co's ingenious additions.

Private chats online will remain everything but private for some time to come.