Gregory Maxwell: > On Wed, Sep 5, 2012 at 10:37 AM, Brian Morrison <[email protected]> wrote: >> On Wed, 5 Sep 2012 09:12:53 -0500 >> Karen Trudeau <[email protected]> wrote: >> >>> Any suggestions? >> >> I don't know what the developers decided to do after a discussion >> about this on the list a while ago, but for this new version with OTR >> active you must override the default no logging policy on each and >> every occasion you use it. > > I hope not, because the intuitive fix to thos is to not use OTR which > is a clear regression.
It's a bug. Logging being off by default isn't a bug though - it's to ensure that a user turns on logging if they want it and if they didn't want it, they won't accidentally shoot themselves in the foot. >> Having a log makes you vulnerable to seizure and search in >> jurisdictions that allow it, the point of OTR is to make conversations >> deniable and having them logged in plain text defeats that deniability >> instantly. > > Hogwash. OTR avoids cryptographically non-reputable authentication. > But nothing can stop something from logging the traffic/cryptographic > keys/ removing this misfeature (hopefully bug). A log on disk is as > reputable as any other plaintext, which is the goal. > Two logs that are identical, one produced on purpose and the other on accident is probably going to present a problem. So the goal isn't to pretend we can stop jerks from being jerks. The goal of not logging by default is to prevent pidgin-otr from adding to the problem. > I ca n see value it having some mode for cooperating clients to signal > logging or coordinate disabling it. But if it makes it so people > can't comfortably use OTR by default on every conversation without > inconvenience even "when they have noting to hide" it's a major > security/safety regression. It seems to me that signaling that users are logging would be a nice addition - if you violate my privacy by logging me, I'd like to know; that is far from perfect but surely it would create some interesting social discussions! All the best, Jake _______________________________________________ OTR-users mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-users
