[OTR-dev] Clever logging for weechat_otr plugin (+ log management discussion)

Gregory Maxwell gmaxwell at gmail.com
Thu Mar 14 10:36:48 EDT 2013 

On Thu, Mar 14, 2013 at 6:54 AM, Michael Rogers
<michael at briarproject.org> wrote:
> Your unstated asssumptions are that if logging is disabled by default,
> (a) users will be surprised, (b) users will be annoyed, and (c)
> existing OTR users will stop using OTR rather than enabling logging.
> I think all three assumptions are false.

I am absolutely sure they are true for some users, myself included—
having experienced an OTR update turning off my logging in pidgin and
causing me an expensive snafu. So I can speak with absolute certainty
here.

I reiterate: The greatest risk to people's security is people simply
_not using_ encryption/authentication because it is inconvenient and
the pain of using it is certain and in the present while the risks are
uncertainty, distant, and often misunderstood.

My position is that small changes in the most common risks matter more
than big changes in the smallest ones, and that frustrating logging is
one of these things.  There is a reason PGP is so rarely used, even
between high risk individuals.

> Anyone who chooses OTR does

OTR should be integrated and on by default in software and
opportunistically enabled without request— and it _is_. Without this I
wouldn't be able to use OTR in all my chat conversations because it
would be too hard to nag all the remote parties to install and enable
it, and so the annoyance/benefit tradeoff would make it only get used
rarely with potentially regrettable consequences. Continuing to
provide cleartext chat on the internet is socially irresponsible,
cleartext enables widespread dragnet surveillance and long term
archive.

[snip]
> If an existing OTR user wants to log an OTR conversation, despite
> knowing that they're undermining the benefits of OTR by doing so,

OTR provides many properties, logging only undermines a part of one of
them. For some users this is very important, for some users it is
unimportant— if you capture an unencrypted disk from many users they
are thoroughly hosed, including unlogged chat text ending up in swap.
Calling it "undermining the benefits" is throwing out the baby with
the bathwater.

I agree that there are real concerns about logging but there are still
not universally applicable and at the same time there are user
experience implications which also effect security.

More information about the OTR-dev mailing list