On Wed, Jun 27, 2012 at 01:48:05PM -0700, Chris Ballinger wrote: > I don't know enough about browser security to comment on that weakness but > I would assume that under regular circumstances (no SSL MITM) no text is > sent between your browser and Google until you hit send. I really would > like to get more regular people using OTR but it seems like the main > problem at this point seems to be changing people's habits.
No, the issue is that the javascript *on the GTalk page* might be intercepting your typing and doing whatever with it (including sending it back to Google). Much in the same way that the Google search bar "autocompletes" today by sending each keystroke back to Google. - Ian _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
