[OTR-users] pidgin OTR leaks presence information to unauthorized people
Daniel Perelman
dap56 at cornell.edu
Fri Dec 16 16:13:28 EST 2011
I am not sure if this is quite what you want, but most (all?)
protocols have an option in the privacy settings to only accept IMs
from users on your buddy list.
- Daniel
On Fri, Dec 16, 2011 at 06:33, <nilclass at riseup.net> wrote:
> Hi,
>
> Assume this situation:
>
> Alice and Bob both have an OTR enabled client.
> Alice has not approved that Bob may see her presence.
> They are both online.
> Bob starts a OTR conversation with Alice, sending some junk or whatever.
> Now if this weren't a OTR message, there would be no feedback from Alice,
> so no way for Bob to figure out whether Alice is currently online.
> With OTR enabled, Alice' client automatically performs the OTR handshake,
> which tells Bob that Alice is:
> 1) using a OTR enabled client
> 2) is currently online
>
> A possible solution would be not to filter messages through
> otrl_message_sending/otrl_message_receiving, unless the peer either has a
> valid presence subscription or Alice has manually requested/approved the
> OTR conversation or Alice has already participated in the conversation.
>
> '()
>
>
> _______________________________________________
> OTR-users mailing list
> OTR-users at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-users
More information about the OTR-users
mailing list