[OTR-users] AIM and shadow accounts
Gregory Maxwell
gmaxwell at gmail.com
Wed Oct 21 17:34:18 EDT 2009
As most OTR users on AIM know: If you log in from multiple places and
talk to another OTR user you'll end up in an "OTR war" with the remote
client that you can't hear.
AOL tells you (sometimes?) about the second user on your account if
its coming from another IP, but doesn't tell you if the clients share
IP.
The war stops if you log the remote client out, which can be done
remotely by sending "1" to aolsystemmsg.
I have recently observed OTR wars happening with my client when no
other client I control could possibly be logged in, yet sending "1" to
aolsystemmsg stops the war so it must have been my client duplicated
rather than the remote party.
I first observed this some months ago but I wasn't entirely sure that
it couldn't have been another regular client of mine logged in but I
changed my password anyways. Since it is still happening occasionally
I can only speculate that something is sniffing my password on some
network I use (since AIM sends it in the clear) or that some
AIM-internal process is interfering with OTR.
The latter possibility is especially concerning because it would be
fairly easy to convince people to de-install OTR by occasionally
subjecting them to this kind of behaviour.
Is this something specific to the networks I use, or are other OTR
users on aim seeing this?
More information about the OTR-users
mailing list