Yes, I understand packet logging contains encrypted body. I am unable to check the packet dumps at this time. But I had a look through the supposedly encrypted packets using notepad and found text information (like my ID/username).
I think these packets would have headers and communication details (metadata). Why is this setting on by default. Most end-users wouldn't want their packets (especially OTR comms) to be recorded - encrypted or not!
1. OTR users should be able to deny that a conversation even took place. The storage of files/packets with timestamps may prevent such deniability.
2. This packet logging does not help end-users. If developers/testers need it, they can enable them. An option for logging should not exist for end-users.
--Forwarded Message Attachment--
Packet logging does not include message bodies. Even if it did, those would be the encrypted ones ... but again, bodies are not kept.
Hope this helps,
--sent from my mobile
On 16 Aug 2013 15:21, "Ahmed Azhad" <email@example.com> wrote:
I would like to note that Jitsi is recording chat messages in unencrypted form in the users data directory. It comes with the chat history option enabled by default. The problem is, on https://jitsi.org/Main/Features , there is a promise of deniability (one of the features of OTR). Considering that even if I disable Chat history on my side of the client, the chat messages get recorded on the other end (unless they know this defecit).
This is not true OTR, proven from your own webpage. A party has to listen to the unencrypted Jabber messages (evidence of which is in the packet logs made by Jitsi) and figure out both parties and go
To correct, this history option needs to be pulled out completely. Also the option to Log packets by default is ticked. There is no use of leaving these on by default for an end-user.
Hope these issues of security will be fixed in the next version.
dev mailing list
Unsubscribe instructions and other list options: