[OTR-users] OTR messaging is vulnerable to censorship

Esurnir esurnir at gmail.com
Sat May 17 13:19:12 EDT 2008 

Suppressing ?OTR: bring some problem, namely identify which message is a
plaintext and which is an otr message (example of such case, where a
plaintext could arrive when they are the least expected would be if one of
the client crash and the guy in question log back in).

To evade such possible censorship problem would be to make the traffic
indistinguishable from normal message. Obfuscating it. Now the problem is to
keep the condition the deniability and malleability of OTR while obfuscating
it, sounds difficult. If we reveal an obfuscating encryption key to keep it,
the whole problem would be when to reveal it, cause after being revealed an
automated could then reveal that all the past message have been OTR message
and block further ones.

On Sat, May 17, 2008 at 12:52 PM, Ananda Samaddar <
ananda.kumar.samaddar at googlemail.com> wrote:

> Hi, all
>
> Apologies if this has already been discussed, I've googled this and the
> mailing list archives do not appear to be searchable.
>
> I'm no security or networking expert but consider myself to be a
> reasonably competent Debian user.  Out of curiosity I ran Wireshark to
> do some traffic logging whilst engaged in an OTR chat session.  From
> this I discovered that all OTR messages begin with the string
> '?OTR:' (without quotes).
>
> Surely this means that IM providers could simply block OTR messages by
> blocking all messages that contain the string '?OTR:'.  There is a
> precedent to potential blocking already established.  MSN / Windows
> Live messaging already blocks certain urls on their network
> particularly ones containing php links.  There is also speculation that
> they might be blocking youtube links.
>
> This is of concern to me as I use OTR to talk to friends in the PRC,
> and it's well known that they heavily censor internet use in that
> country.
>
> If anyone can point me to a thread where this has already been
> discussed then please do.
>
> regards,
>
> Ananda Samaddar
>
> _______________________________________________
> OTR-users mailing list
> OTR-users at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-users
>



-- 
Jean-Baptiste Zeller
GPG Keyid 0xF96A37EB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20080517/b4d0ffd1/attachment.html>

More information about the OTR-users mailing list