[OTR-dev] Browser extensions for OTR

Paul Wouters paul at cypherpunks.ca
Thu Jun 28 14:44:35 EDT 2012


On Wed, 27 Jun 2012, Ian Goldberg wrote:

> Lots of people have considered that, but there's a major obstacle: how
> do you know the libotr plugin is actually being used, and it's not just
> sending plaintext to GTalk?  As far as I know, there's no "secure
> chrome" mechanism extensions can use to confirm to the user that the
> text is being typed directly to the extension, and that other javascript
> running on the same page can't intercept the keystrokes.

I think similarly, cryptocat is trying to do this, but with homebrow
crypto on top....

https://crypto.cat/

One of their dev's has talked about otr, so i think they are aware of
it.

There is definitely a need for something that can be reasonably
downloaded and trusted on an unknown (internet cafe) machine, but as
Ian said, it's problematic.

Paul



More information about the OTR-dev mailing list