Nathan of Guardian <[email protected]> writes: > Perhaps "Off the record" can be broadened to mean, no logging, no > metadata, no plaintext?
OTR as we know it is about the e2e crypto between users, which is totally separate from whether the server logs user registrations. And one can be ensured by the endpoints, and the other can't be. So I think blurring these ideas is not helpful, in the spirit of simplifying as far as possibel but further. > As for requiring Onion, I am on the fence about it, but increasingly I > am leaning towards that any service that claims privacy preserving > principles should at least try to support Onion routing at some layer. > With Ostel, we could have worked harder to support the SIP signaling via > Tor and modify client apps to use TCP based SIP media sessions. I completely agree. I have actually been reluctant to turn on an ostel client by default because of not being clear about promises not to log. While that indicates my tinfoilhat level, I think concerns over logging IP address history and call partners are much less common than concerns about logging the content of conversations. > Mumble is another interesting case. Plumble for Android supports an open > protocol that anyone can run a server for, works completely over Orbot > with one tap, and the client doesn't log, and the server can be setup > not to. However it does not support end to end encryption. Is that O3 > worthy? Definitely not. For O3 I think you need all three. I was trying to make the point that "O [server promises not to log] O" is a lesser property that is still useful to talk about, not that it's as good.
signature.asc
Description: PGP signature
_______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
