Off-the-Record Internet Relay Chat
As everybody but the worst conspiracy theorist knows, everything sent over the Internet is recorded and can be used against us (the buzzing noise you're hearing is an armed drone circling the building).
Encrypting e.g. Internet Relay Chat a la PGP would protect the message on the wire from eavesdropping. But if the message is recorded (which it is), then a compromise of the involved secret keys would allow decryption at a later date. And since thorough inspection of laptops at airports is routine, we can assume that keys do get compromised now and then. With classical public key crypto, the potentially incriminating content is also digitally signed, so it can be used as a strong evidence against the utterer.
Can we make conversations on the Internet more like private conversations, which are not normally recorded and where utterances are not signed? This was answered to the affirmative in Borisov, Goldberg and Brewer's paper Off-the-Record Communication . And there's an implementation.
A working constellation for OTR conversation on IRC consists of
a pure Python implementation of OTR in the module
- weechat IRC client
- Python plugin for
otr.pywhich adds a
/OTRcommand to the standard IRC commands, to initiate OTR conversations etc.
There're other clients supporting OTR, e.g
irssias packaged for various linux distributions.
For private conversations on IRC I would strongly suggest using OTR.
Update (Dec 28 2014)
There are serious interoperability problems between various implementations. What seems to verk is
- version 1.0.1
- python-otr (potr)
version 1.0.1 (the
(1,0,0, 'final')whereas the
- version 1.5.0
allow_v2 (allow OTR protocol version 2) : on html_escape (escape HTML special characters in outbound messages) : off html_filter (filter HTML in incoming messages) : on log (enable logging of OTR conversations) : on require_encryption (refuse to send unencrypted messages) : on send_tag (advertise your OTR capability using the whitespace tag) : on