[OTR-dev] Browser extensions for OTR
Paul Wouters
paul at cypherpunks.ca
Thu Jun 28 14:44:35 EDT 2012
On Wed, 27 Jun 2012, Ian Goldberg wrote:
> Lots of people have considered that, but there's a major obstacle: how
> do you know the libotr plugin is actually being used, and it's not just
> sending plaintext to GTalk? As far as I know, there's no "secure
> chrome" mechanism extensions can use to confirm to the user that the
> text is being typed directly to the extension, and that other javascript
> running on the same page can't intercept the keystrokes.
I think similarly, cryptocat is trying to do this, but with homebrow
crypto on top....
https://crypto.cat/
One of their dev's has talked about otr, so i think they are aware of
it.
There is definitely a need for something that can be reasonably
downloaded and trusted on an unknown (internet cafe) machine, but as
Ian said, it's problematic.
Paul
More information about the OTR-dev
mailing list