[liberationtech] New public XMPP / Jabber server with Forward Secrecy/DNSSEC/Tor Hidden Service/DANE support - jabber.calyxinstitute.org

[Jonathan Wilkes]

On 01/30/2014 05:29 PM, Gregory Maxwell wrote:
> On Thu, Jan 30, 2014 at 2:13 PM, Nicholas Merrill <lists at calyx.com> wrote:
>> Hey all
>>
>> I wanted to let everyone here know that we (The Calyx Institute) opened
>> an experimental public and free Jabber / XMPP server to the public today
>> that has a number of interesting security features / policies
> "We can't force you, but you are strongly encouraged to use Off The
> Record Messaging to further encrypt your private conversations
> end-to-end. "
>
> Why can't you force it? The cleartext is available to the server. The
> OTR traffic is trivially identifiable.
>
> You might want to just rephrase it to say that you don't force it
> rather than can't?

Since many people socialize mainly over the internet nowadays, OTR as an 
option means that most if not all of your users will leak data in the 
form of the plaintext conversations that _lead_ them to use OTR in a 
particular circumstance.  Worse, even if the reason for starting an OTR 
conversation starts out-of-band (off the internet) you're userbase is 
then divided into a small group of people who have "something to hide" 
and everyone else.

So I'd recommend forcing OTR.  Then the people discussing lolcats won't 
feel so bad about wasting their time, because even seemingly frivolous 
privacy helps to protect everyone else's.

-Jonathan