On Wed, 13 Mar 2013 18:39:16 -0400 (EDT) Paul Wouters <p...@cypherpunks.ca> wrote:
> On Wed, 13 Mar 2013, "Daniel ".koolfy" Faucon" wrote: > > > - Logging should be deactivated for the entire duration of the OTR > > session by *DEFAULT*, and the only way to re-activate it should be > > on a per-conversation basis, manually. I voluntarily refused to add > > an easy command to re-enabling the systematic logging of OTR > > conversations. Doing so is toxic > > I disagree. While I (reluctantly) agree with a default "no logging" > policy, it should be possible for users to enable this. Enabling them on a per-conversation basis, sure. Systematically for every conversation... I don't like it. While I am in favor of giving choice to the users generally, here we are giving the choice of putting people in danger. That's my complaint. > For instance, I use full disk encryption, so my logs are perfectly > safe. And I prefer having my logs because I often need to look up > things from my logs. From Quinn Norton's article about the Aaron Swartz prosecution: And if the prosecutor took my computer, I would have to go to jail rather than turn over my password. I had no choice. I'd been logging all of my communications for years, professional and personal. Aaron knew this, and he was furious at me for it when he read the subpoena. It was a kind of impersonal fury, not directed at me and my decisions, but the situation itself. "Why did you log?" he asked me repeatedly. I told him that it had kept me sane in my divorce. But he already knew that, he'd been there. These days, I not only don't log, I refuse to talk to anyone who does. I often refuse to communicate without encryption. But I had to continue to log during the investigation. I was told that changing my behavior while being investigated could be held against me, because in an investigation it is suspicious to learn from your mistakes. http://www.theatlantic.com/technology/archive/13/03/life-inside-the-aaron-swartz-investigation/273654/ Encryption doesn't take away the responsibility of logging. In some contexts, you might be forced to "cooperate" legally or violently. Strange game, the only winning move is not to log :) > Especially if OTR becomes the default enmasse, > not allowing people to log their conversation is a sure way to get > them to not use OTR. You assume that if everybody suddenly used OTR for every conversation "enmasse", but still logs everything, those communications are secure. When in fact, in that situation, you render passive surveillance useless, and computer seizure, compromise, or robberhose decryption so much valuable than passive interception would ever have been. When you get to the logs you get so much more than you could ever get from network surveillance, even when only compromising one person in a target group. But then again, there is no such thing as not enabling users to log conversations. This is delusional and counter-productive. But enabling the logging should strictly be on a per-conversation basis. The ideal situation being manually copy/pasting important bits while redacting the sensitive stuff away. Granted this is probably asking too much, but requiring to re-enable logging for specific conversations seems like a decent compromise between ideal and responsible logging on one hand, and "I want a few logs, re-enagle systematic logging of EVERYTHING OTR'ed, then forget about that switch and log everything to disk until the end of times". The "all ON" switch looks very risky to put on the UI (or plugin commands). I'm more in favor of a "ON just for this time, and then OFF again by default" solution. It at least requires the user to actively think about the consequences of logging that conversation. Every time. -- Daniel ".koolfy" Faucon Tel: France : (+33)(0)658/993.700 PGP Fingerprint : 485E 7C63 8D29 F737 FEA2 8CD3 EA05 30E6 15BE 9FA5
signature.asc
Description: PGP signature
_______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
