As everybody but the worst conspiracy theorist knows, everything sent over
the Internet is recorded and can be used against us (the buzzing noise you're
hearing is an armed drone circling the building).
Encrypting e.g. Internet Relay Chat a la PGP would protect the message on
the wire from eavesdropping. But if the message is recorded (which it is),
then a compromise of the involved secret keys would allow decryption at
a later date. And since thorough inspection of laptops at airports is routine,
we can assume that keys do get compromised now and then. With classical
public key crypto, the potentially incriminating content is also digitally signed,
so it can be used as a strong evidence against the utterer.
Can we make conversations on the Internet more like private conversations,
which are not normally recorded and where utterances are not signed?
This was answered to the affirmative in Borisov, Goldberg and Brewer's
paper Off-the-Record Communication .
And there's an implementation.
A working constellation for OTR conversation on IRC consists of
There're other clients supporting OTR, e.g
- a pure Python implementation of OTR in the module
- weechat IRC client
- Python plugin for
/OTR command to the standard IRC commands, to initiate
OTR conversations etc.
as packaged for various linux distributions.
For private conversations on IRC I would strongly suggest using OTR.
Update (Dec 28 2014)
The Weechat OTR plugin is at github now:
as is the python otr module:
There are serious interoperability problems between various implementations.
What seems to verk is
- version 1.0.1
- python-otr (potr)
- version 1.0.1 (the
VERSION in the
setup.py says '1.0.1')
- version 1.5.0
allow_v2 (allow OTR protocol version 2) : on
html_escape (escape HTML special characters in outbound messages) : off
html_filter (filter HTML in incoming messages) : on
log (enable logging of OTR conversations) : on
require_encryption (refuse to send unencrypted messages) : on
send_tag (advertise your OTR capability using the whitespace tag) : on