[OTR-users] List of OTR-aware software

db db.netres at gmail.com
Wed Jun 25 10:51:29 EDT 2008 

On Thu, Jun 19, 2008 at 8:59 PM, Michael Reichenbach
<michael_reichenbach at freenet.de> wrote:
> There are also already nice articles in the wiki.
> http://en.wikipedia.org/wiki/Off-the-Record_Messaging
> http://en.wikipedia.org/wiki/Comparison_of_instant_messaging_clients

In this article you can read

> The primary motivation behind the protocol was providing deniability for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing. This is in contrast with the majority of cryptography tools which resemble more a signed writing on paper, which can be used, at a later date, as a tool to demonstrate that the communication happened, who participated in it, and about what it was. Unfortunately, in most cases people using ordinary cryptography software are not aware of this and in most cases they would be better served by OTR tools instead. Hence the initial introductory paper was named "Off-the-Record Communication, or, Why Not To Use PGP".[1]

I really don't understand the purpose with OTR in any regular context.
Why do you want to be able to deny what you have written/said to
friends/colleges? Besides, OTR can not live up to this promise in a
more European legal system where courts typically can consider any
type of evidence/they are free to sift evidence at their will (e.g.,
if you have backup copies of logs that are several years old, and
these backups pre-dates a court case with a good margin, and these
copies are identical to the logs in you IM client most court would
consider these logs strong evidence).

The only reasonable use for OTR is in contexts such as in Tibet. A
typical user in a democratic society are probably much more interested
in the type of confidentiality you are used to when you do online
banking - that is, prevention of eaves dropping.

In my case OTR even caused a lot of headache since most of my chat
logs are trivial and I like to store them in my gmail account. Now I
just have a lot of encrypted logs I never will be able to decode =
phone numbers to friend's friends, e-mail addresses etc are lost
forever.

I am interested in deniability for the content on my Freenet node
since my Freenet datastorage might contain information that I don't
want to take responsibility for, possibly because the information is
illegal. However this is due to the fact that I can't control what is
on my Freenet node and control is the keyword: the content in my chat
logs is controllable by me and hence the need for deniability
disappears.

More information about the OTR-users mailing list