[jitsi-dev] dev Digest, Vol 5, Issue 42


#1

Hi Emil,

Yes, I understand packet logging contains encrypted body. I am unable to check the packet dumps at this time. But I had a look through the supposedly encrypted packets using notepad and found text information (like my ID/username).

I think these packets would have headers and communication details (metadata). Why is this setting on by default. Most end-users wouldn't want their packets (especially OTR comms) to be recorded - encrypted or not!

1. OTR users should be able to deny that a conversation even took place. The storage of files/packets with timestamps may prevent such deniability.

2. This packet logging does not help end-users. If developers/testers need it, they can enable them. An option for logging should not exist for end-users.

Best Regards,
Ahmed Azhad.

--Forwarded Message Attachment--

···

From: emcho@jitsi.org
To: dev@jitsi.org
Date: Wed, 21 Aug 2013 14:39:26 +0200
Subject: Re: [jitsi-dev] Jitsi not a reliable OTR provider

Azhad,
Packet logging does not include message bodies. Even if it did, those would be the encrypted ones ... but again, bodies are not kept.
Hope this helps,

Emil
--sent from my mobile
On 16 Aug 2013 15:21, "Ahmed Azhad" <azhad@hotmail.com> wrote:

Hi,

I would like to note that Jitsi is recording chat messages in unencrypted form in the users data directory. It comes with the chat history option enabled by default. The problem is, on https://jitsi.org/Main/Features , there is a promise of deniability (one of the features of OTR). Considering that even if I disable Chat history on my side of the client, the chat messages get recorded on the other end (unless they know this defecit).

This is not true OTR, proven from your own webpage. A party has to listen to the unencrypted Jabber messages (evidence of which is in the packet logs made by Jitsi) and figure out both parties and go

To correct, this history option needs to be pulled out completely. Also the option to Log packets by default is ticked. There is no use of leaving these on by default for an end-user.

Hope these issues of security will be fixed in the next version.

Please discuss.

Azhad.

_______________________________________________

dev mailing list

dev@jitsi.org

Unsubscribe instructions and other list options:

http://lists.jitsi.org/mailman/listinfo/dev


#2

Hey there,

Hi Emil,

Yes, I understand packet logging contains encrypted body.

No, it does not contain a body at all. It is stripped before being stored.

I am unable to
check the packet dumps at this time. But I had a look through the supposedly
encrypted packets using notepad and found text information (like my
ID/username).

The packet headers are not encrypted in the logs, so yes, such
information is available on your computer.

I think these packets would have headers and communication details
(metadata).

Yes they would.

Why is this setting on by default.

Because they are crucial when debugging problems that users encounter.

Most end-users wouldn't want
their packets (especially OTR comms) to be recorded - encrypted or not!

I am not sure why *most* end users would not want it. This information
isn't leaving their own computer.

1. OTR users should be able to deny that a conversation even took place. The
storage of files/packets with timestamps may prevent such deniability.

This is wrong. OTR aims to provide secure passage of your messages
through the network. What happens with these messages on both
endpoints is completely out of scope for the OTR protocol.

You may have very legitimate reasons to believe that it is risky for
you to have these conversations or even their metadata stored on your
computer. If so: disable logging. Still, this wouldn't have any impact
whatsoever on the way OTR works.

2. This packet logging does not help end-users. If developers/testers need
it, they can enable them. An option for logging should not exist for
end-users.

Users report problems. When looking into these problems, the first
thing that developers ask for are exactly these logs. So, while you
are right that these logs would often be unreadable to users, they
continue being indirectly very useful to them.

Cheers,
Emil

···

On Fri, Aug 23, 2013 at 5:18 PM, Ahmed Azhad <azhad@hotmail.com> wrote:

Best Regards,
Ahmed Azhad.

--Forwarded Message Attachment--
From: emcho@jitsi.org
To: dev@jitsi.org
Date: Wed, 21 Aug 2013 14:39:26 +0200
Subject: Re: [jitsi-dev] Jitsi not a reliable OTR provider

Azhad,

Packet logging does not include message bodies. Even if it did, those would
be the encrypted ones ... but again, bodies are not kept.

Hope this helps,
Emil

--sent from my mobile

On 16 Aug 2013 15:21, "Ahmed Azhad" <azhad@hotmail.com> wrote:

Hi,

I would like to note that Jitsi is recording chat messages in unencrypted
form in the users data directory. It comes with the chat history option
enabled by default. The problem is, on https://jitsi.org/Main/Features ,
there is a promise of deniability (one of the features of OTR). Considering
that even if I disable Chat history on my side of the client, the chat
messages get recorded on the other end (unless they know this defecit).

This is not true OTR, proven from your own webpage. A party has to listen to
the unencrypted Jabber messages (evidence of which is in the packet logs
made by Jitsi) and figure out both parties and go

To correct, this history option needs to be pulled out completely. Also the
option to Log packets by default is ticked. There is no use of leaving these
on by default for an end-user.

Hope these issues of security will be fixed in the next version.

Please discuss.

Azhad.

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
Jitsi
emcho@jitsi.org PHONE: +33.1.77.62.43.30
https://jitsi.org FAX: +33.1.77.62.47.31


#3

Users report problems. When looking into these problems, the first
thing that developers ask for are exactly these logs. So, while you
are right that these logs would often be unreadable to users, they
continue being indirectly very useful to them.

I agree with this, but perhaps the time has come to tell users to enable
logging when reporting problems?

It seems Jitsi is mature enough to be used by people, and the ones in
distress are far more likely to not
be able to investigate the properly way to use the software for their
particular use case.
I can see the reason to change the default to not log at all. It is
actually a proof of jitsi maturing.