On 01/30/2014 05:29 PM, Gregory Maxwell wrote:
On Thu, Jan 30, 2014 at 2:13 PM, Nicholas Merrill <[email protected]> wrote:
Hey all
I wanted to let everyone here know that we (The Calyx Institute) opened
an experimental public and free Jabber / XMPP server to the public today
that has a number of interesting security features / policies
"We can't force you, but you are strongly encouraged to use Off The
Record Messaging to further encrypt your private conversations
end-to-end. "
Why can't you force it? The cleartext is available to the server. The
OTR traffic is trivially identifiable.
You might want to just rephrase it to say that you don't force it
rather than can't?
Since many people socialize mainly over the internet nowadays, OTR as an
option means that most if not all of your users will leak data in the
form of the plaintext conversations that _lead_ them to use OTR in a
particular circumstance. Worse, even if the reason for starting an OTR
conversation starts out-of-band (off the internet) you're userbase is
then divided into a small group of people who have "something to hide"
and everyone else.
So I'd recommend forcing OTR. Then the people discussing lolcats won't
feel so bad about wasting their time, because even seemingly frivolous
privacy helps to protect everyone else's.
-Jonathan
--
Liberationtech is public & archives are searchable on Google. Violations of
list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change
to digest, or change password by emailing moderator at [email protected].
