This is a tough situation, because using OTR can be about everything on the net, and especially everything handled by $ISP ought to be encrypted, but I'm not super paranoid
privacy really is important, and putting bits on disk is a major security risk So I'd say: definitely have OTR put out a notice that the conversation is being logged *every time*, if logging is on I would default to not logging OTR, and make people change it. it would be cool if there is some way (I know not enforceable) for an OTR peer to assert that it is or isn't logging, and to warn the user if the remote side is logging and they aren't. Or perhaps if one disables logging to have that flow across and disable. Again, I realize people can code around this, or cut/paste, etc. But it would set social expectations.
pgpDFrWgs69nw.pgp
Description: PGP signature
_______________________________________________ OTR-users mailing list OTR-users@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-users
