-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 (WARNING: this is an experiment, please don't use for anything serious. treat OTRon-ed chats as normal FB chats in security/trustedness for now)
Hey libtech! Today seems like a "self-promotion" day. I'm ready to share a new open-source side project of mine; it OTR-encrypts Facebook.com chats with one click (think Mailvelope for FB chat): https://github.com/osnr/otron Haven't spread it widely yet or made it easy to install, I'm looking for feedback both on how well it works (it needs some more testing and does have some functionality bugs -- you may be blocked from FB chat for a few minutes if it goes wrong!), how easy it is to use, and on the general approach. This is really a stopgap, meant to give the "ordinary person" some weapons against dragnet surveillance that don't require serious routine changes (changing IM network, IM client). But I think it has value. My ideal is to make it automatically transparently encrypt with other OTRon users. Problems might include: - - Bugs and vulnerabilities (as I said, not well-tested) - - Brittleness (as an extension w/ userscript, we depend on a lot of properties of Facebook.com which they could change easily -- thinking about more general DOM-based approaches which could scale to Gmail and others) - - the "why encourage people to use FB??" argument, but I don't want to get into this Some thoughts about security: https://github.com/osnr/otron/blob/master/doc/threat-model.md Please let me know what you think! Omar -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJS6CROAAoJEJSwN2DbcGvXSrIH/06zWO+9ZjwxRuAyQosKJoOM hDeD+EBivJCMPStwWT+ZAvN7jaSil7R1jnfkR3YuiqWNERtMOlqXBCUcNi8eJhud VeuWkAGuiX9DerJ3ZFADt9FlLikmjTJlkUrs4CKP4y5T/NcSB+ghribSyLVTtAHG YCzp0kOxla/ahvgiuKUDMuY9W+RNGQb12Ok8NwTDdXSo3/gmaq99YcvCTF+wOsR4 s4K9h+6disXQZ9l+LvDG6lcuWC7Co3BtvDJXfF0WGvZG2uE12JTsgAVEix+XByGT y6Pr9UAHOeMBriWQPKxISj6C7JaXsUxL993a+uXYG8oXQOnKF8JYqANI1r5OW54= =5j6b -----END PGP SIGNATURE----- -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
