[Telepathy] [Bug 16891] Telepathy should support OTR encryption

Mon Aug 3 06:50:27 PDT 2009

http://bugs.freedesktop.org/show_bug.cgi?id=16891

--- Comment #16 from Eric Hopper <eric-freedesktop at omnifarious.org>  2009-08-03 06:50:26 PST ---
(In reply to comment #15)
> You seem strangely interested in security... provided by (by your own words) a
> broken security layer? Do you really think that providing broken security, and
> lulling people into false sense of security is better than providing no
> "security" at all?

OTR's brokenness is due to the fact that it is a hacky kludge on top of
existing IM protocols, not because it has any security flaws.  It's inelegant
and ugly, but it works.

I'm all for an elegant solution.  But I don't think it should take a backseat
to interoperability.  I know that the various IM protocols are also mostly a
bunch of ugly kludges as well.  But that doesn't stop them from being
implemented.

> And to others. I am not a Telepathy developer... but seriously guys, flaming
> developers while not being ready to get yourselves on the line? If you find it
> useful and especially if you find it critical, do it yourself. Otherwise, feel
> free to keep using Pidgin until you get this critical feature, which Thilo
> considers broken by design.
> 
> I think there's room for other improvements before encryption, because I, and
> many other home users, find it unnecessary. Encryption is not important for
> majority of people on this world.

I am worried because Empathy appears to be getting a huge userbase and being
used as the default IM client for a number of distributions without having a
feature I think is incredibly important and should've been built in at the
start, almost especially because most users don't really care about it.

Most people will not care about encryption.  Most people also do not care about
ACID database semantics.  But anybody who made a database lacking the latter
feature (i.e. Microsoft Access) would be roundly and justly flamed.  Especially
if they managed to somehow get that database into general use.

There are a whole host of features that users do not care about but are
critical pieces of infrastructure.  One of the things that most pleases me
about Adium is that the developers understood and so many of my friends who
have no clue or desire for encryption end up using it anyway because they use
Adium.

> If other clients provide you security, use those. Or use email+GPG for even
> more security. Filing a request is fine. Posting a comment supporting the
> request is fine. Attacking people like some of you did is not fine.

Email encryption is nearly a lost cause.  But with Adium and a couple of other
popular IM clients supporting OTR, widespread IM encryption was beginning to
happen.  I don't think activists in Iran should have to worry about which IM
client their friends are using in order to avoid being snooped on.  I don't
think their choice of IM client should be able to be used to single them out
for special treatment by their government.  All new IM clients should just do
the right thing out of the box.

Widespread support for good encryption is not something I care about because I
am especially paranoid about my own IM conversations.  It's because I care
about the pernicious effects of all IM conversations being potentially public
knowledge.

-- 
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.