[OTR-dev] Browser extensions for OTR
chrisballinger at gmail.com
Wed Jun 27 16:48:05 EDT 2012
I don't know enough about browser security to comment on that weakness but
I would assume that under regular circumstances (no SSL MITM) no text is
sent between your browser and Google until you hit send. I really would
like to get more regular people using OTR but it seems like the main
problem at this point seems to be changing people's habits.
On Wed, Jun 27, 2012 at 1:28 PM, Ian Goldberg <ian at cypherpunks.ca> wrote:
> On Wed, Jun 27, 2012 at 12:54:06PM -0700, Chris Ballinger wrote:
> > I noticed that a lot of people these days don't use dedicated chat
> > anymore and tend to use in-browser chat interfaces on platforms like
> > or Facebook. It's difficult to get people to change their behavior,
> > especially to get people to decide to run some 3rd party desktop software
> > with which they might not be comfortable. Also, a lot of people seem to
> > Gmail chat from places where they aren't allowed to install 3rd party
> > software.
> > Would it be possible/feasible to write browser extensions (Chrome,
> > FF) that use Emscripten (LLVM to JS compiler) to compile libotr, and then
> > hook into the DOM for Gmail or Facebook (or possibly any two user-defined
> > text fields?) for "seamless" in-browser OTR?
> Lots of people have considered that, but there's a major obstacle: how
> do you know the libotr plugin is actually being used, and it's not just
> sending plaintext to GTalk? As far as I know, there's no "secure
> chrome" mechanism extensions can use to confirm to the user that the
> running on the same page can't intercept the keystrokes.
> - Ian
> OTR-dev mailing list
> OTR-dev at lists.cypherpunks.ca
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OTR-dev