[OTR-users] Deniability Fails?
Paul Wouters
paul at cypherpunks.ca
Tue Oct 23 23:46:50 EDT 2007
On Tue, 23 Oct 2007, Alex wrote:
> What if I were to carry on a private OTR conversation, and my ISP
> logged everything that came out of my modem?
>
> What if I had a client-server model protocol with OTR over to of it,
> and the government plugged directly into my server? Is all data coming
> out of that port then evidence? There is no way to say that someone
> modified the message in transit. :(
With full traffic analyses, that would indeed be hard. But it would
be easy to generate encrypted traffic that they wouldn't be able
to tell if it was IM traffic or not, leaving the way open again
that someone else said it instead of you. Eg using tor or some VPN
tunnel to the other end of the world.
Really, when you're in front of a judge, and the other party presents
all the decrypted IM messages, don't count on saying "it could have
been forged", regardless of whether all your internet traffic was
tapped or not. Judges don't like technology games at all.
Paul
More information about the OTR-users
mailing list