[OTR-users] Visible Metadata?
Paul Wouters
paul at cypherpunks.ca
Wed Sep 4 15:19:55 EDT 2013
On Wed, 4 Sep 2013, Robert Pollak wrote:
> I am new to OTR messaging, and I have got a question:
>
> Do I understand correctly that the use of OTR messaging does not hide
> (e.g. from the NSA or other network sniffers :) the fact that some
> encrypted communication has taken place between two visible IP
> adresses?
If you use an IM network that supports TLS, it requires cooperation of
the IM network operator to reveal who is talking to who. When using OTR
the operator will still not be able to read the content.
Of course, you can run your own XMPP server, so there is no IM network
operator that can be coerced. But obviously they will then know one end
of the connection is you - all the others connecting to your XMPP
server, especially when using tor, would have some more protection.
However, with 180+ key tapping points in the world, I think we sadly
have to conclude for now that it is impossible to hide using our own
small XMPP servers, and you're likely better of picking a large trusted
XMPP server - ideally jumping a juristiction if you can. I would
personally recommend the jabber service of either xs4all or the CCC.
Then, ensure TLS is mandatory, and set your IM client to require OTR for
all messages.
Paul
More information about the OTR-users
mailing list