[OTR-users] List of OTR-aware software

db db.netres at gmail.com
Wed Jun 25 11:34:48 EDT 2008 

On Wed, Jun 25, 2008 at 5:14 PM, Brian Morrison <bdm at fenrir.org.uk> wrote:

> If you are using OTR, you should not be keeping any logs.

But that does not prevent the other party from keeping clear text logs.

> The point is
> plausible deniability.

Which you OTR does not provide if the other party keep logs.


> Everyone should take all possible steps to protect their private
> conversations, privacy is the root of a civilized society, no one else
> has any rights to know what I am talking about with anyone else. That
> especially includes governments and their agents, just because they can
> monitor electronic communication does not mean that it should be any
> easier for them than recording and transcribing ever voice conversation
> taking place in the entire country.

Yes, and that is what e.g., SSL offers. After using SSL (or PGP or
similar) to secure the communication it is up to you to keep/delete
the logs. SSL+no logs provides basically the same level of deniability
as OTR, that is - the level of deniability depends on the other party
keeping clear text logs or not.

>>
>> In my case OTR even caused a lot of headache since most of my chat
>> logs are trivial and I like to store them in my gmail account. Now I
>> just have a lot of encrypted logs I never will be able to decode =
>> phone numbers to friend's friends, e-mail addresses etc are lost
>> forever.
>
> Then don't store these important pieces of information in these logs
> that you should not be keeping anyway, extract it and save it
> separately. But remember that it might be incriminating in itself.

I find it really funny that you recommend me to not keeps logs. I
guess you immediately delete all e-mailsyou receive, burn all paper
invoices (although the actual payment probably is traceable anyway),
delete all browser cookies regularly etc. I on the other hand like to
keep documentation (agreements, phone bills, personal letters) of some
events for future reference.

> I'm very puzzled as to why you're using OTR, it appears to not do what
> you want at all.

I don't use it any more, but I have subscribed to this mailing list
for some time to find out a reason to start use it but the more I
read, the more useless I consider it. I will probably start blocking
people trying to use OTR with me in the near future since I see no
reason for friends or people I work with to desire "deniability" about
what they have written to me. If my manager would ask me to do
something and then be able to deny that he sent me such a message - I
can only see disadvantages with that situation.

More information about the OTR-users mailing list