Hacker News new | comments | show | ask | jobs | submit login

> Or, maybe, IM with OTR without logging, but that . . . might also fall prey to crazy counterparty either not disabling logging or intentionally recording and blackmailing.

I thought this was one of the benefits of OTR over, say, PGP. That is, with PGP if you sign a message the counterparty can wave it around and say "look at what this poerson said", while with OTR, since the encryption is done with a shared key, it could be just as likely that the counterparty made it up.

At least, that's what I gleaned from this wonderful video[1] someone linked to on HN yesterday.

[1] https://www.youtube.com/watch?v=eG0KrT6pBPk

The problem is your client can still log the pre or post crypto plaintext. I believe pidgin or some other shitty IM client does that by default, even with OTR.

So, I mean "use OTR, and ALSO disable client logging".

It's Adium that logs by default, not Pidgin (which correctly disables logging.)


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact