An oft-requested feature in Empathy and Telepathy is support for OTR (Off The Record) encryption of messages, interoperating with the OTR plugin for Pidgin and other popular IM clients. We've been resisting implementing it so far, mainly because we think there are better ways to do end-to-end encryption of messages and audio and video calls over XMPP, which we hope to implement in the not too distant future.
However, a nice aspect of OTR as compared to other encryption solutions is that it allows you to plausibly deny having taken part in a conversation. We believe this to be an example of a wider trend towards deniability on the internet, a position which is backed up by the growing popularity of Tor, and by several modern browsers allowing you to cover your browsing tracks out of the box.
As a result, we've been working hard to help secure your privacy while you're using Empathy. We've had to do this quietly for various legal reasons, but we're proud to announce Empathy's new Private Mode. When enabled, your contact list will be anonymized, as will your entry on your contacts'. Thus, you can conduct conversations with anyone without fear of repercussions from their discovering your identity, or of anyone else knowing the conversation took place:
It's not obvious how to bring these privacy benefits to Jingle video calls. We came up with a technique we refer to as Kitten Secrecy (patents pending in all relevant countries), and managed to integrate it with Empathy with the help of our friends at Collabora Multimedia, who constructed a fantastic GStreamer element using only two leaky queues!
We think the results speak for themselves. The source is not quite ready for release yet, but (lawyers permitting) we hope it'll be public by the end of the month. Hope you can wait until then!
— the Telepathy and Empathy teams
If you're about to leave an angry comment:
At the Boston Gnome summit, Robert McQueen, Sjoerd Simons and I sketched out a plan for the API for end-to-end encryption of communications (implemented using XTLS, OTR or anything else) and how we'd implement this API for OTR. Work's just started on a challenge-response authentication API, which is a prerequisite. Stay tuned; or, jump onto the Telepathy list or #telepathy on Freenode if you're interested in helping out!
Profile
![[info]](http://l-stat.livejournal.com/img/userinfo.gif)
resiak- Will Thompson
- Vanity domain!
Page Summary
- (Anonymous) : kitten secrecy implemented [+2]
- streetmachine : (no subject) [+0]
- omnifarious : The lack of OTR is not a joke [+0]
- (Anonymous) : No OTR? Then no Empathy either thanks! [+0]
- (Anonymous) : Karmic! [+2]
- (Anonymous) : Think practical not ideological [+1]
Comments
git clone http://git.holoscopio.com/cascardo/git/v
cd v4l2capture
git checkout -b kittensecrecy origin/kittensecrecy
make
GST_PLUGIN_PATH=. gst-launch-0.10 v4l2src ! ycbcrenc ! facetracker ! ycbcrdec ! xvimagesink
build dependencies left as an exercise
screenshot:
http://holoscopio.com/kittensecrecy.png
http://holoscopio.com/kittensecrecy2.png
It is bad security plain and simple.
People seem to misconstrue this post as mocking OTR, or shooting their dog, or something, rather than just a caffeine-induced joke...
So we're just here to say "That's the worst idea I've ever heard in my life, Tom."
"Yes, this is horrible, this idea."
OTR is the only solution that currently works and is being used to some extent. Skipping support for OTR in the future default IM client in Linux is a good way to say goodbye IM security.
I really hope Ubuntu decides to keep Pidgin as the default client until this issue is properly solved.