pidgin OUGHT to 'ship' with the pigdin OTR plug-in installed AND activated

  9 years ago

XMPP is ubiquitous. More people use XMPP daily than might realize it. If you are a "social" [ad]networking sheeple you are using- or benefitting from XMPP in your "communication"

Pidgin is a leader in user security/privacy having developed their own respective, albeit not as awesome, conversation encryption plugin.

package, pidgin-otr, is currently available via synaptic but few users are aware of it- or the need to be using it much like sip users being unaware of zRTP/sRTP (or even OSTN).

Off-the-Record (OTR) Messaging allows you to have private conversations over instant messaging by providing:

* Encryption

No one else can read your instant messages.

* Authentication

You are assured the correspondent is who you think it is.

* Deniability

The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.

* Perfect forward secrecy

If you lose control of your private keys, no previous conversation is compromised.

more info about OTR conversation security

for future versions of Mint see also

IETF JOSE (formerly appropriately named WOES)

RFC 5802, sasl scram

Latest comments
j_rueger 9 years ago

Shipping with pidgin-otr installed is a good idea, imho. Enabling it by default on the other hand would, as far as I can tell, require Mint to ship an altered version of the normal pidgin package and that might not be feasible or worth the cost.

blueXrider 9 years ago

Got to agree here. Put your opinions in the forums...

remoulder 9 years ago

Personal opinion