[OTR-users] OTR usage for Iranians
Ian Goldberg
ian at cypherpunks.ca
Sat Jun 27 13:53:16 EDT 2009
On Sat, Jun 27, 2009 at 02:54:37PM +0100, Ananda Samaddar wrote:
> Hi all,
>
> I don't want to get bogged down in the politics or legalities of the
> situation in Iran right now, but simply want to ask other OTR users and
> the devs if possible the following questions. How secure is OTR when it
> comes to deniability and strength of encryption? Could OTR be analysed
> by the Iranian authorities to produce incriminating evidence?
If someone is watching Internet links, it is clear to them that you're
using OTR, and who you're communicating with, but they should be unable
to learn what you're saying (the crypto is definitely strong enough).
The forward secrecy aspect of OTR is also useful: even if your computer
gets seized, old transmitted messages will not be able to be decrypted.
[Be sure that "Avoid logging OTR conversations" is checked.]
If you also need to hide the metadata (who you're talking to), you
should use Tor along with OTR.
There are a number of deniability aspects of OTR, but they generally
involve showing that a purported transcript of your conversation could
easily be faked. But if your adversary doesn't care so much about
"evidence" or "proof", then "deniability" won't phase them so much.
Now, I don't know what "incriminating evidence" looks like to Iranian
authorities. If "this person uses cryptography" is incriminating to
them, then OTR, or even Tor, won't help. So far, we (or Tor, to my
knowledge) have no reports of this, though.
- Ian
More information about the OTR-users
mailing list