[OTR-users] Pidgin-OTR Logging Behaviour

[Paul Wouters]

On Wed, 1 Feb 2012, Brian Morrison wrote:

>> it would be cool if there is some way (I know not enforceable) for an
>>   OTR peer to assert that it is or isn't logging, and to warn the user
>>   if the remote side is logging and they aren't.   Or perhaps if one
>>   disables logging to have that flow across and disable.  Again, I
>>   realize people can code around this, or cut/paste, etc.  But it would
>>   set social expectations.
>
> An excellent suggestion, maybe explicitly disallow automatic remote
> logging if a particular preference is set and have a default of No while
> allowing

You cannot decide what the other party does. What is next? Not allowing
copy and paste in the window? Direct memory access to the binary? Where
do you end?

Note that for me, AFAIK logging is enabled per default using Fedora and
pidgin-otr, though I never actually verified it, which I will do.

To me OTR is about network security. What you do on your own machine,
and what you log is something generic, and not OTR specific.

I don't see why OTR conversaions should not get logged when non OTR
conversations are logged. I think both should be treated the same.

What would you do with Jabber SSL connections? Log them? not log them?
What if the log disk is an encrypred volume like mine is? Log it or not?

OTR provides encryption, authentication and repudiation. I don't think
it should be in the business of logging auditor, just like I don't
think it should dictate colours for text and background to make it harder
to eavesdrop my screen :)

Paul