Log in

Previous Entry | Next Entry

Empathy 2.27.0's Private Mode

An oft-requested feature in Empathy and Telepathy is support for OTR (Off The Record) encryption of messages, interoperating with the OTR plugin for Pidgin and other popular IM clients. We've been resisting implementing it so far, mainly because we think there are better ways to do end-to-end encryption of messages and audio and video calls over XMPP, which we hope to implement in the not too distant future.

However, a nice aspect of OTR as compared to other encryption solutions is that it allows you to plausibly deny having taken part in a conversation. We believe this to be an example of a wider trend towards deniability on the internet, a position which is backed up by the growing popularity of Tor, and by several modern browsers allowing you to cover your browsing tracks out of the box.

As a result, we've been working hard to help secure your privacy while you're using Empathy. We've had to do this quietly for various legal reasons, but we're proud to announce Empathy's new Private Mode. When enabled, your contact list will be anonymized, as will your entry on your contacts'. Thus, you can conduct conversations with anyone without fear of repercussions from their discovering your identity, or of anyone else knowing the conversation took place:

It's not obvious how to bring these privacy benefits to Jingle video calls. We came up with a technique we refer to as Kitten Secrecy (patents pending in all relevant countries), and managed to integrate it with Empathy with the help of our friends at Collabora Multimedia, who constructed a fantastic GStreamer element using only two leaky queues!

We think the results speak for themselves. The source is not quite ready for release yet, but (lawyers permitting) we hope it'll be public by the end of the month. Hope you can wait until then!

the Telepathy and Empathy teams

If you're about to leave an angry comment:

At the Boston Gnome summit, Robert McQueen, Sjoerd Simons and I sketched out a plan for the API for end-to-end encryption of communications (implemented using XTLS, OTR or anything else) and how we'd implement this API for OTR. Work's just started on a challenge-response authentication API, which is a prerequisite. Stay tuned; or, jump onto the Telepathy list or #telepathy on Freenode if you're interested in helping out!


( 13 comments — Leave a comment )
Apr. 1st, 2009 04:32 am (UTC)
kitten secrecy implemented
Thank you very much for the idea, two commented sections and one memset call and it is Kitten Secrecy was implemented:

git clone http://git.holoscopio.com/cascardo/git/v4l2capture.git/
cd v4l2capture
git checkout -b kittensecrecy origin/kittensecrecy
GST_PLUGIN_PATH=. gst-launch-0.10 v4l2src ! ycbcrenc ! facetracker ! ycbcrdec ! xvimagesink

build dependencies left as an exercise

Apr. 1st, 2009 09:38 am (UTC)
Re: kitten secrecy implemented
This MUST be an April fools joke.
Apr. 1st, 2009 12:45 pm (UTC)
Re: kitten secrecy implemented
The most funny of it all is that nobody will believe it even when source code is available and you can see for your own. Here is another screenshot with the co-author (Samuel Vale):

Aug. 3rd, 2009 07:35 am (UTC)
The lack of OTR is not a joke

It is bad security plain and simple.

Sep. 10th, 2009 09:52 pm (UTC)
No OTR? Then no Empathy either thanks!
If you are not interested in providing people with well engineered deniable privacy, then please don't mock those that are.
Oct. 1st, 2009 07:18 pm (UTC)
sudo aptitude purge empathy
Oct. 1st, 2009 07:47 pm (UTC)
Re: Karmic!
“Well done”, I suppose?

People seem to misconstrue this post as mocking OTR, or shooting their dog, or something, rather than just a caffeine-induced joke...
Oct. 2nd, 2009 08:07 pm (UTC)
Re: Karmic!
well it's a lame joke, like 'jump to conclusions mat', made more annoying when your actually searching for empathy otr support and find this instead.

So we're just here to say "That's the worst idea I've ever heard in my life, Tom."

"Yes, this is horrible, this idea."
Oct. 21st, 2009 11:02 pm (UTC)
Think practical not ideological
The people using Windows and MSN and Facebook are not suddenly going to jump over to using Linux and Empathy and Jabber.

OTR is the only solution that currently works and is being used to some extent. Skipping support for OTR in the future default IM client in Linux is a good way to say goodbye IM security.

I really hope Ubuntu decides to keep Pidgin as the default client until this issue is properly solved.
Oct. 21st, 2009 11:13 pm (UTC)
Re: Think practical not ideological
See the edit I just made to the end of this post for the practical plan for implementing support for end-to-end encryption, including OTR!
Feb. 12th, 2010 02:38 pm (UTC)
Re: Think practical not ideological
OTR wins because it's multiplatform, multiservice and easy to use. I can talk OTR with folks running paid Trillian or Adium, regardless of IM service. I do this because my employer has installed IM proxying software and has configured firewalls and NATting to funnel all standard IM ports thru it.

Empathy that can't speak a standard encryption method to other clients on other OSes, regardless of implementation, is worthless to me. Anything exclusive to Empathy would be worthless unless plugins for other IM clients were made available. SecureIM and other proprietary encryption methods are absolutely worthless because (at the very least) they don't interoperate.

Is there a link to a comprehensive technical breakdown on why OTR is so horrible and not worth implementing as a critical feature of Empathy? Or do devs just not give a shit about user security?
Jul. 8th, 2010 02:58 pm (UTC)
Re: Think practical not ideological
Is there a roadmap with date milestones for this API? With Fedora and Ubuntu switching to Empathy for their default IM client, this has become even more critical. We need a consistent, cross-platform IM security protocol operational by default, and implemented with a clean UI, on these Linux desktop platforms — and the only protocol that fits that bill is OTR. (The UI is up to the Empathy folks; but Adium is proof that it can be done.)

Does OTR have some warts? Sure. All protocols that evolve as they are developed do. But OTR is the best studied IM encryption overlay protocol available. It is transport-agnostic, meaning it works whether you're using Jabber, AIM, MSN, Yahoo!, OK Cupid, Skype... the list goes on. The protocol itself was designed by two top crypto protocol designers (and cryptanalysts), Prof. Nikita Borisov and Prof. Ian Goldberg, with input from many cypherpunks with experience implementing and supporting user-friendly crypto, including myself. (I formerly worked on PGP and GnuPG interoperability, and PGP usability, while at Network Associates' PGP Security business unit, and I helped the OTR team in its early days.) It's been heavily vetted (uncovering an obscure attack in the first version, though that was fixed five years ago.)

Using this protocol, with its proven track record, is not only a time-saver over rolling your own; it's the smart thing to do unless you've got some really good cryptographers on your team — and even then, why fragment the encrypted-IM userbase unnecessarily?

I'm happy to provide assistance in integration of OTR. You can contact me at rabbi at ieee dot org.


Jul. 16th, 2010 08:09 am (UTC)
Well - I'm speachless... I guess I better stay that way with these "privacy" features!
You are joking right? Where is my freakin carrier pidgin when I need him...
( 13 comments — Leave a comment )