[liberationtech] OTRon: Chrome extension for end-to-end FB chat encryption
Omar Rizwan
omar.rizwan at gmail.com
Tue Jan 28 13:43:53 PST 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
(WARNING: this is an experiment, please don't use for anything
serious. treat OTRon-ed chats as normal FB chats in
security/trustedness for now)
Hey libtech! Today seems like a "self-promotion" day. I'm ready to
share a new open-source side project of mine; it OTR-encrypts
Facebook.com chats with one click (think Mailvelope for FB chat):
https://github.com/osnr/otron
Haven't spread it widely yet or made it easy to install, I'm looking
for feedback both on how well it works (it needs some more testing and
does have some functionality bugs -- you may be blocked from FB chat
for a few minutes if it goes wrong!), how easy it is to use, and on
the general approach.
This is really a stopgap, meant to give the "ordinary person" some
weapons against dragnet surveillance that don't require serious
routine changes (changing IM network, IM client). But I think it has
value. My ideal is to make it automatically transparently encrypt with
other OTRon users.
Problems might include:
- - Bugs and vulnerabilities (as I said, not well-tested)
- - Brittleness (as an extension w/ userscript, we depend on a lot of
properties of Facebook.com which they could change easily -- thinking
about more general DOM-based approaches which could scale to Gmail and
others)
- - the "why encourage people to use FB??" argument, but I don't want
to get into this
Some thoughts about security:
https://github.com/osnr/otron/blob/master/doc/threat-model.md
Please let me know what you think!
Omar
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQEcBAEBCgAGBQJS6CROAAoJEJSwN2DbcGvXSrIH/06zWO+9ZjwxRuAyQosKJoOM
hDeD+EBivJCMPStwWT+ZAvN7jaSil7R1jnfkR3YuiqWNERtMOlqXBCUcNi8eJhud
VeuWkAGuiX9DerJ3ZFADt9FlLikmjTJlkUrs4CKP4y5T/NcSB+ghribSyLVTtAHG
YCzp0kOxla/ahvgiuKUDMuY9W+RNGQb12Ok8NwTDdXSo3/gmaq99YcvCTF+wOsR4
s4K9h+6disXQZ9l+LvDG6lcuWC7Co3BtvDJXfF0WGvZG2uE12JTsgAVEix+XByGT
y6Pr9UAHOeMBriWQPKxISj6C7JaXsUxL993a+uXYG8oXQOnKF8JYqANI1r5OW54=
=5j6b
-----END PGP SIGNATURE-----
More information about the liberationtech
mailing list