[OTR-dev] Clever logging for weechat_otr plugin (+ log management discussion)

[Paul Wouters]

On Wed, 13 Mar 2013, "Daniel ".koolfy" Faucon" wrote:

> - Logging should be deactivated for the entire duration of the OTR
>  session by *DEFAULT*, and the only way to re-activate it should be on
>  a per-conversation basis, manually. I voluntarily refused to add an
>  easy command to re-enabling the systematic logging of OTR
>  conversations. Doing so is toxic

I disagree. While I (reluctantly) agree with a default "no logging"
policy, it should be possible for users to enable this.

The choice here is really a user preference and has nothing to do with
the protocol. Therefor, free software should not try to dictate local
user policy.

For instance, I use full disk encryption, so my logs are perfectly safe.
And I prefer having my logs because I often need to look up things from
my logs. Especially if OTR becomes the default enmasse, not allowing
people to log their conversation is a sure way to get them to not use
OTR.

Putting any kind of notification in the protocol is silly, because you
cannot trust the client is actually doing what it says. It adds as much
security as those snapchat phone applications offering self-destruct
photo sending options. It's a total false sense of security.

OTR is about protecting the transport of your conversation. Whether or
not you can trust your conversation partner's security setup is
something everyone has to consider before talking to them. The best OTR
can do is to not leave cryptographic evidence that can be used against
you. But it ends there.

twitter, facebook, sms, iMessage, email. It is all blending. Would you
design email software where you can only read a message once and then
it would self destruct? No.

Paul