[OTR-users] Stylometry?

Paul Wouters paul at cypherpunks.ca
Sun Jan 2 10:14:15 EST 2005 

On Sat, 1 Jan 2005, Gregory Maxwell wrote:

> Right now a potential hole in the protection that OTR provides is that
> the remote party that you are communicating with could record a log of
> the conversation then

If you don't trust your conversation partner, you should not be telling
them anything, even over OTR.

I consider OTR a protection against external listening ears, and stil
assume all my conversations end up being logged on the remote disk.

As for obfuscating writing styles for a judge, I've learned that judges
t hard enough to understand normal technology, and they will strongly
dislike you if you start playing technological games in court.

> order against AOL produces a log of your last 10 years of IM traffic
> to use as a basis for analysis)

Those logs will be encrypted with OTR, and unreadable to everyone including
the sender and receiver.

> to have access to large corpuses of IM text and right now the only
> groups with access to such data (AOL, etc) have a substantial
> interested in preventing privacy improving technology. ..

That is not entirely true. It is really an American misconception that corporations
should have as much info and power through legal clauses in contracts to protect themselves
against third party claims or governments. I've argued on occasions (including
my upstream ISP) that not having such data or power is a much better defendable
position in court, and that having less power over a customer actually removes you
from conflicts of your customers with third parties much more effectively.
Unfortunately, in the US, lawyers will just not even think of removing the
'we can do whatever we want for whatever non-reason if we feel like it' clause.
And as a result, third parties will try to invoke that power (eg Scientology
to name just one). And I guess give those same lawyers work to do.....

> A long term approach for defense against stylometric analysis for IM
> systems would be to frustrate any attempts to collect a corpus of your
> IM writing for analysis.  This defense would likely be infeasable with
> email (due to public message boards), but is more realistic for
> realtime systems which are often more private.

You can turn your arugment around. Leaking a lot of my writing style gives
me the perfect excuse to write 'U 4r3 31337, k177 h1m' and claim that wasn't
you who wrote it. These types of games will be thrown out by any court or agency
as wild speculation at best.

Paul
-- 

"At best it is a theory, at worst a fantasy" -- Michael Crichton

More information about the OTR-users mailing list