[jitsi-users] Deleting history?


#1

I was wondering if there was a way to delete the call history from
Jitsi? Having a trail of every person I've communicated with is starting
to worry me. Please advise.

···

--
John Perry
xmpp://chat.jpunix.net


#2

I was wondering if there was a way to delete the call history from
Jitsi? Having a trail of every person I've communicated with is starting
to worry me. Please advise.

There's no "delete all" button, but you can delete the history from Jitsi's
profile folder (while it isn't running). To prevent further logging, disable
the option "Log chat history" from Tools->Options->General.

Ingo


#3

Thank you for your response but this is not what I was hoping for. I was
hoping that there was a way to completely delete the chat history? After
all isn't this exactly what the PRISM program is doing? The NSA claims
that they don't need the actual contents of the message. But having a
non-deletable log of who I chatted with and exactly when the chat took
place and the duration of the chat is fodder for PRISM analysis. It
would make sense to me to add a feature to delete the history or opt-out
of collecting historical data in the first place. If my computer got
seized by the authorities all they would have to do is start Jitsi and
look at the history to see who I've been chatting with when the chat was
initiated, and for how long the chat lasted. No amount of encryption is
going to mask this information with Jitsi in it's current form.

···

On 7/30/2013 6:16 AM, Ingo Bauersachs wrote:

I was wondering if there was a way to delete the call history from
Jitsi? Having a trail of every person I've communicated with is starting
to worry me. Please advise.

There's no "delete all" button, but you can delete the history from Jitsi's
profile folder (while it isn't running). To prevent further logging, disable
the option "Log chat history" from Tools->Options->General.

Ingo

--
John Perry
xmpp://crypto@chat.jpunix.net
xmpp://chat.jpunix.net


#4

Could you please provide information on exactly what file(s) need to be
deleted from Jitsi when it's not running to get rid of the historical data?

···

On 7/30/2013 7:10 AM, John Perry - jitsi wrote:

On 7/30/2013 6:16 AM, Ingo Bauersachs wrote:

I was wondering if there was a way to delete the call history from
Jitsi? Having a trail of every person I've communicated with is starting
to worry me. Please advise.

There's no "delete all" button, but you can delete the history from Jitsi's
profile folder (while it isn't running). To prevent further logging, disable
the option "Log chat history" from Tools->Options->General.

--
John Perry
xmpp://crypto@chat.jpunix.net
xmpp://chat.jpunix.net


#5

I have to agree that any logging should default to off and then anyone
who actually wants a record of their communications stored on their PC
can enable it. I imagine most people are largely attracted to Jitsi
for it's security features, so it seems likely that most users
wouldn't want to have this log created and therefore makes most sense
to make it default to off (and probably password protect this setting
if it isn't already, so that someone can't enable it behind the user's
back, resulting in their communications being logged whilst they still
think that it's disabled).

In fact, maybe it should just be removed as an option altogether as
even with a password, someone could just re-enable it by editing
sip-communicator.properties manually?

···

On 30 July 2013 13:10, John Perry - jitsi <lists@jpunix.net> wrote:

On 7/30/2013 6:16 AM, Ingo Bauersachs wrote:

I was wondering if there was a way to delete the call history from
Jitsi? Having a trail of every person I've communicated with is starting
to worry me. Please advise.

There's no "delete all" button, but you can delete the history from Jitsi's
profile folder (while it isn't running). To prevent further logging, disable
the option "Log chat history" from Tools->Options->General.

Ingo

Thank you for your response but this is not what I was hoping for. I was
hoping that there was a way to completely delete the chat history? After
all isn't this exactly what the PRISM program is doing? The NSA claims
that they don't need the actual contents of the message. But having a
non-deletable log of who I chatted with and exactly when the chat took
place and the duration of the chat is fodder for PRISM analysis. It
would make sense to me to add a feature to delete the history or opt-out
of collecting historical data in the first place. If my computer got
seized by the authorities all they would have to do is start Jitsi and
look at the history to see who I've been chatting with when the chat was
initiated, and for how long the chat lasted. No amount of encryption is
going to mask this information with Jitsi in it's current form.

--
John Perry
xmpp://crypto@chat.jpunix.net
xmpp://chat.jpunix.net

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#6

I was wondering if there was a way to delete the call history from
Jitsi? Having a trail of every person I've communicated with is

starting

to worry me. Please advise.

There's no "delete all" button, but you can delete the history from
Jitsi's profile folder (while it isn't running). To prevent further
logging, disable the option "Log chat history" from
Tools->Options->General.

Could you please provide information on exactly what file(s) need to be
deleted from Jitsi when it's not running to get rid of the historical

data?

The entire folder history_ver1.0 if you want to delete all history, or one
of the subfolders if you want to delete only parts of it. The subfolder's
name should be self-explaining.

Ingo

···

On 7/30/2013 7:10 AM, John Perry - jitsi wrote:

On 7/30/2013 6:16 AM, Ingo Bauersachs wrote:


#7

I completely agree here -- I was very annoyed and disturbed myself
when I tried to delete the call history and found no way to do it.
(Of course it must be possible when working through the .jitsi folder
or such, but there was no easy way I found right-away.)

In my case this is not so troublesome since I usually chat with Pidgin
and use Jitsi only for voice/video with a particular contact (which
happens to be my fiancee, so it is at least not particularly
surprising information someone could gather from the log), but I
really would love to opt-out of collecting this data in the first
place if I could. This is a very useful feature to add!

Yours,
Daniel

- --
http://www.domob.eu/
OpenPGP: 901C 5216 0537 1D2A F071 5A0E 4D94 6EED 04F7 CF52
- --
Done: Arc-Bar-Cav-Hea-Kni-Ran-Rog-Sam-Tou-Val-Wiz
To go: Mon-Pri

···

On 2013-07-30 14:10, John Perry - jitsi wrote:

On 7/30/2013 6:16 AM, Ingo Bauersachs wrote:

I was wondering if there was a way to delete the call history
from Jitsi? Having a trail of every person I've communicated
with is starting to worry me. Please advise.

There's no "delete all" button, but you can delete the history
from Jitsi's profile folder (while it isn't running). To prevent
further logging, disable the option "Log chat history" from
Tools->Options->General.

Ingo

Thank you for your response but this is not what I was hoping for.
I was hoping that there was a way to completely delete the chat
history? After all isn't this exactly what the PRISM program is
doing? The NSA claims that they don't need the actual contents of
the message. But having a non-deletable log of who I chatted with
and exactly when the chat took place and the duration of the chat
is fodder for PRISM analysis. It would make sense to me to add a
feature to delete the history or opt-out of collecting historical
data in the first place. If my computer got seized by the
authorities all they would have to do is start Jitsi and look at
the history to see who I've been chatting with when the chat was
initiated, and for how long the chat lasted. No amount of
encryption is going to mask this information with Jitsi in it's
current form.


#8

If you're worried about people reading your Jitsi chat history on your
computer, you've already failed--don't let anyone have physical access to
your computer and encrypt the hard drive.

···

On 30 July 2013 06:48, Daniel Kraft <d@domob.eu> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2013-07-30 14:10, John Perry - jitsi wrote:
> On 7/30/2013 6:16 AM, Ingo Bauersachs wrote:
>>> I was wondering if there was a way to delete the call history
>>> from Jitsi? Having a trail of every person I've communicated
>>> with is starting to worry me. Please advise.
>>
>> There's no "delete all" button, but you can delete the history
>> from Jitsi's profile folder (while it isn't running). To prevent
>> further logging, disable the option "Log chat history" from
>> Tools->Options->General.
>>
>> Ingo
>
> Thank you for your response but this is not what I was hoping for.
> I was hoping that there was a way to completely delete the chat
> history? After all isn't this exactly what the PRISM program is
> doing? The NSA claims that they don't need the actual contents of
> the message. But having a non-deletable log of who I chatted with
> and exactly when the chat took place and the duration of the chat
> is fodder for PRISM analysis. It would make sense to me to add a
> feature to delete the history or opt-out of collecting historical
> data in the first place. If my computer got seized by the
> authorities all they would have to do is start Jitsi and look at
> the history to see who I've been chatting with when the chat was
> initiated, and for how long the chat lasted. No amount of
> encryption is going to mask this information with Jitsi in it's
> current form.

I completely agree here -- I was very annoyed and disturbed myself
when I tried to delete the call history and found no way to do it.
(Of course it must be possible when working through the .jitsi folder
or such, but there was no easy way I found right-away.)

In my case this is not so troublesome since I usually chat with Pidgin
and use Jitsi only for voice/video with a particular contact (which
happens to be my fiancee, so it is at least not particularly
surprising information someone could gather from the log), but I
really would love to opt-out of collecting this data in the first
place if I could. This is a very useful feature to add!

Yours,
Daniel

- --
http://www.domob.eu/
OpenPGP: 901C 5216 0537 1D2A F071 5A0E 4D94 6EED 04F7 CF52
- --
Done: Arc-Bar-Cav-Hea-Kni-Ran-Rog-Sam-Tou-Val-Wiz
To go: Mon-Pri
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQJ8BAEBCgBmBQJR98Q1XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5MDFDNTIxNjA1MzcxRDJBRjA3MTVBMEU0
RDk0NkVFRDA0RjdDRjUyAAoJEE2Ubu0E989StdoP/3RFitAjUBh8sG2uZgmYd5Pg
RYGECELkH9wJ49aC0vO33W2eeLI4jw+g86me/VCfC4NqrKENfiero+pW+AYNbSm1
J1EAEWEEBTejyvtq4PDsj50i4VlG38toBF/gzr0XhfsTQ+goM5Ax+2VONH6avi1o
p1HFxi+LxLVh4JbzOi6IIM+ghuh8gIiSUlIQa7f0pBpMDw07MLRvCV5BzNZz/kTY
IuBafbQctL2jrzCbv6zcUvLU3NVIv9Oos5afGH8ygxVOJZgsM1E4IL9wba6KixL4
+HiLpij+7Uh3UkQNAc+xfcfmCpDZeKKr0l3DpdOLIJUSmRtOo43z1ZlF90A+BkcS
bWPIg+ZHLffAhl7mCWDsgqJUaFjEs61S6DfarAeabAIylAjzKgtmXxxCmpqZGlfR
o//3OpaLrGf8rWSvBAFOAgB1/33XoocZCYZc15c7+In3rbdUg6o913VMrTkbD9YW
QZfIPufi0HT77alArXHmSjCjRi/zQm2RJ8VJRzVivqRoTqP0hJyYB86AK1mu4ImO
3B6PPp/PlFh1Dif+6W8qwnrMajS8uxDjbuez649MnK9LZvMZ0zUwz74iFueig8e4
fecVlPY18X8gJ7gc/ZIDr80+349rcRHZNEgiixMPOdEYqy4EEC1lYOR9oG5XDFhZ
Z+AqDUrQ0QNuSzfYDMPw
=Rkob
-----END PGP SIGNATURE-----

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

--
-------
inum: 883510009902611
sip: jungleboogie@sip2sip.info
xmpp: jungle-boogie@jit.si


#9

security is never simple, John. We all know its usability vs security and
there are tradeoffs. Do you have a mobile phone? Is it password protected?
I have a smart phone and the password to unlock it was 13 characters and
after five minutes, it would lock the screen and require me to re-type in
the password to gain access. Needless to say, this was not very usable for
me so I changed it to a 8 character password with a 10 minute lockout time.

1. government has already been monitoring your private conversations. Why
are you all of a sudden concerned? I don't mean to be hasty but Edward
didn't tell me anything new.
2. If you don't want the logs accessible, setup a cron job to delete them
every 5 minutes. I DO like the idea to disable chat history but I would not
be able to submit a patch to accomplish this.
3. Well the conversations may not be on YOUR computer but how would you
prevent ME from logging our conversation? Same with recording--Jitsi allows
phone calls to be recorded and if you don't record the conversation, but I
do, I would you ever know this or be able to prevent it?

I've only been thinking about the broader picture in the hopes that basic

privacy can be offered to the masses.

Sure, i understand that but you need to make sure the masses want it.

best,
jungle

···

On 30 July 2013 13:32, John Perry - jitsi <lists@jpunix.net> wrote:

On 7/30/2013 1:59 PM, Jungle Boogie wrote:
> If you're worried about people reading your Jitsi chat history on your
> computer, you've already failed--don't let anyone have physical access to
> your computer and encrypt the hard drive.

Wow! That's a good standard answer for people with at least medium-grade
computer skills. Which by the way, I have. My drive is already
encrypted. But... Can you please explain to my mother or my niece that
want to talk about her pending operation in private exactly how to
encrypt their hard drives and why they should never let their kids or
grand kids use the family computer? You fail to realize I'm trying to
look at the broader picture. For the masses to use encryption or any
other means to help protect themselves from monitoring things must be
kept simple. Also people will naturally have a certain expectation of
privacy when using a program like Jitsi or GnuPG/PGP. So let's look at
the following scenario...

1. My niece asks me "Can I talk securely to Grandma on the computer
without using Skype or Google Talk? I want to talk about private stuff
with her and I've seen in the news that the government may be monitoring
our conversations."

2. According to what you are recommending I must answer "Yes you can.
----------------
But first you need to encrypt your hard drive so in the event your
computer is stolen or lost or seized the records of your conversation
won't be accessible."

3. "Also you must never ever let your children, neighbors, or anyone
touch your computer ever again."

I promise you that everything past "Yes you can." will go completely
over most casual computer owner's heads.

Do you see my point? Not everyone is a computer geek. I've only been
thinking about the broader picture in the hopes that basic privacy can
be offered to the masses. And if the masses use Jitsi I assure you there
will be expectation of a certain level of privacy by not having their
Jitsi conversations logged without consent.

--
John Perry
xmpp://crypto@chat.jpunix.net
xmpp://chat.jpunix.net

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

--
-------
inum: 883510009902611
sip: jungleboogie@sip2sip.info
xmpp: jungle-boogie@jit.si


#10

Wow! That's a good standard answer for people with at least medium-grade
computer skills. Which by the way, I have. My drive is already
encrypted. But... Can you please explain to my mother or my niece that
want to talk about her pending operation in private exactly how to
encrypt their hard drives and why they should never let their kids or
grand kids use the family computer? You fail to realize I'm trying to
look at the broader picture. For the masses to use encryption or any
other means to help protect themselves from monitoring things must be
kept simple. Also people will naturally have a certain expectation of
privacy when using a program like Jitsi or GnuPG/PGP. So let's look at
the following scenario...

1. My niece asks me "Can I talk securely to Grandma on the computer
without using Skype or Google Talk? I want to talk about private stuff
with her and I've seen in the news that the government may be monitoring
our conversations."

2. According to what you are recommending I must answer "Yes you can.

···

On 7/30/2013 1:59 PM, Jungle Boogie wrote:

If you're worried about people reading your Jitsi chat history on your
computer, you've already failed--don't let anyone have physical access to
your computer and encrypt the hard drive.

----------------
But first you need to encrypt your hard drive so in the event your
computer is stolen or lost or seized the records of your conversation
won't be accessible."

3. "Also you must never ever let your children, neighbors, or anyone
touch your computer ever again."

I promise you that everything past "Yes you can." will go completely
over most casual computer owner's heads.

Do you see my point? Not everyone is a computer geek. I've only been
thinking about the broader picture in the hopes that basic privacy can
be offered to the masses. And if the masses use Jitsi I assure you there
will be expectation of a certain level of privacy by not having their
Jitsi conversations logged without consent.

--
John Perry
xmpp://crypto@chat.jpunix.net
xmpp://chat.jpunix.net


#11

Well, lets not get overboard with this. Me, I am using logging and chat
history quite extensively, and removing it would be a showstopper for me.
I agree that it could be nice to be able to turn this on/off, but that's
about it.
Would it be enough for you if there was some indicator in the chat
window that chat logging is on? This was, you can check if someone was
messing with your settings and clean it up.

Tomas

···

On 30.07.2013 15:34, Derek Moss wrote:

I have to agree that any logging should default to off and then anyone
who actually wants a record of their communications stored on their PC
can enable it. I imagine most people are largely attracted to Jitsi
for it's security features, so it seems likely that most users
wouldn't want to have this log created and therefore makes most sense
to make it default to off (and probably password protect this setting
if it isn't already, so that someone can't enable it behind the user's
back, resulting in their communications being logged whilst they still
think that it's disabled).

In fact, maybe it should just be removed as an option altogether as
even with a password, someone could just re-enable it by editing
sip-communicator.properties manually?

On 30 July 2013 13:10, John Perry - jitsi <lists@jpunix.net> wrote:

On 7/30/2013 6:16 AM, Ingo Bauersachs wrote:

I was wondering if there was a way to delete the call history from
Jitsi? Having a trail of every person I've communicated with is starting
to worry me. Please advise.

There's no "delete all" button, but you can delete the history from Jitsi's
profile folder (while it isn't running). To prevent further logging, disable
the option "Log chat history" from Tools->Options->General.

Ingo

Thank you for your response but this is not what I was hoping for. I was
hoping that there was a way to completely delete the chat history? After
all isn't this exactly what the PRISM program is doing? The NSA claims
that they don't need the actual contents of the message. But having a
non-deletable log of who I chatted with and exactly when the chat took
place and the duration of the chat is fodder for PRISM analysis. It
would make sense to me to add a feature to delete the history or opt-out
of collecting historical data in the first place. If my computer got
seized by the authorities all they would have to do is start Jitsi and
look at the history to see who I've been chatting with when the chat was
initiated, and for how long the chat lasted. No amount of encryption is
going to mask this information with Jitsi in it's current form.

--
John Perry
xmpp://crypto@chat.jpunix.net
xmpp://chat.jpunix.net

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#12

I personally would be very frustrated if I installed an IM client, chatted with people and later discovered that no history was logged whatsoever. I often refer to history to see URLs, addresses, etc. I don't mean that I don't value my privacy, though. By all means, if chat history isn't logged, I'd like to know that upfront. Anyway, that's just my personal opinion.

Pavel Tankov

···

On 30.юли.2013, at 16:34, Derek Moss wrote:

I have to agree that any logging should default to off and then anyone
who actually wants a record of their communications stored on their PC
can enable it. I imagine most people are largely attracted to Jitsi
for it's security features, so it seems likely that most users
wouldn't want to have this log created and therefore makes most sense
to make it default to off (and probably password protect this setting
if it isn't already, so that someone can't enable it behind the user's
back, resulting in their communications being logged whilst they still
think that it's disabled).

In fact, maybe it should just be removed as an option altogether as
even with a password, someone could just re-enable it by editing
sip-communicator.properties manually?

On 30 July 2013 13:10, John Perry - jitsi <lists@jpunix.net> wrote:

On 7/30/2013 6:16 AM, Ingo Bauersachs wrote:

I was wondering if there was a way to delete the call history from
Jitsi? Having a trail of every person I've communicated with is starting
to worry me. Please advise.

There's no "delete all" button, but you can delete the history from Jitsi's
profile folder (while it isn't running). To prevent further logging, disable
the option "Log chat history" from Tools->Options->General.

Ingo

Thank you for your response but this is not what I was hoping for. I was
hoping that there was a way to completely delete the chat history? After
all isn't this exactly what the PRISM program is doing? The NSA claims
that they don't need the actual contents of the message. But having a
non-deletable log of who I chatted with and exactly when the chat took
place and the duration of the chat is fodder for PRISM analysis. It
would make sense to me to add a feature to delete the history or opt-out
of collecting historical data in the first place. If my computer got
seized by the authorities all they would have to do is start Jitsi and
look at the history to see who I've been chatting with when the chat was
initiated, and for how long the chat lasted. No amount of encryption is
going to mask this information with Jitsi in it's current form.

--
John Perry
xmpp://crypto@chat.jpunix.net
xmpp://chat.jpunix.net

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#13

Yes, because the activist can tell the big state security agents to go
away and leave his PC alone and he'll buy them a beer if he doesn't
beat the encryption password out of him!

···

On 30 July 2013 19:59, Jungle Boogie <jungleboogie0@gmail.com> wrote:

If you're worried about people reading your Jitsi chat history on your
computer, you've already failed--don't let anyone have physical access to
your computer and encrypt the hard drive.

On 30 July 2013 06:48, Daniel Kraft <d@domob.eu> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2013-07-30 14:10, John Perry - jitsi wrote:
> On 7/30/2013 6:16 AM, Ingo Bauersachs wrote:
>>> I was wondering if there was a way to delete the call history
>>> from Jitsi? Having a trail of every person I've communicated
>>> with is starting to worry me. Please advise.
>>
>> There's no "delete all" button, but you can delete the history
>> from Jitsi's profile folder (while it isn't running). To prevent
>> further logging, disable the option "Log chat history" from
>> Tools->Options->General.
>>
>> Ingo
>
> Thank you for your response but this is not what I was hoping for.
> I was hoping that there was a way to completely delete the chat
> history? After all isn't this exactly what the PRISM program is
> doing? The NSA claims that they don't need the actual contents of
> the message. But having a non-deletable log of who I chatted with
> and exactly when the chat took place and the duration of the chat
> is fodder for PRISM analysis. It would make sense to me to add a
> feature to delete the history or opt-out of collecting historical
> data in the first place. If my computer got seized by the
> authorities all they would have to do is start Jitsi and look at
> the history to see who I've been chatting with when the chat was
> initiated, and for how long the chat lasted. No amount of
> encryption is going to mask this information with Jitsi in it's
> current form.

I completely agree here -- I was very annoyed and disturbed myself
when I tried to delete the call history and found no way to do it.
(Of course it must be possible when working through the .jitsi folder
or such, but there was no easy way I found right-away.)

In my case this is not so troublesome since I usually chat with Pidgin
and use Jitsi only for voice/video with a particular contact (which
happens to be my fiancee, so it is at least not particularly
surprising information someone could gather from the log), but I
really would love to opt-out of collecting this data in the first
place if I could. This is a very useful feature to add!

Yours,
Daniel

- --
http://www.domob.eu/
OpenPGP: 901C 5216 0537 1D2A F071 5A0E 4D94 6EED 04F7 CF52
- --
Done: Arc-Bar-Cav-Hea-Kni-Ran-Rog-Sam-Tou-Val-Wiz
To go: Mon-Pri
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQJ8BAEBCgBmBQJR98Q1XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5MDFDNTIxNjA1MzcxRDJBRjA3MTVBMEU0
RDk0NkVFRDA0RjdDRjUyAAoJEE2Ubu0E989StdoP/3RFitAjUBh8sG2uZgmYd5Pg
RYGECELkH9wJ49aC0vO33W2eeLI4jw+g86me/VCfC4NqrKENfiero+pW+AYNbSm1
J1EAEWEEBTejyvtq4PDsj50i4VlG38toBF/gzr0XhfsTQ+goM5Ax+2VONH6avi1o
p1HFxi+LxLVh4JbzOi6IIM+ghuh8gIiSUlIQa7f0pBpMDw07MLRvCV5BzNZz/kTY
IuBafbQctL2jrzCbv6zcUvLU3NVIv9Oos5afGH8ygxVOJZgsM1E4IL9wba6KixL4
+HiLpij+7Uh3UkQNAc+xfcfmCpDZeKKr0l3DpdOLIJUSmRtOo43z1ZlF90A+BkcS
bWPIg+ZHLffAhl7mCWDsgqJUaFjEs61S6DfarAeabAIylAjzKgtmXxxCmpqZGlfR
o//3OpaLrGf8rWSvBAFOAgB1/33XoocZCYZc15c7+In3rbdUg6o913VMrTkbD9YW
QZfIPufi0HT77alArXHmSjCjRi/zQm2RJ8VJRzVivqRoTqP0hJyYB86AK1mu4ImO
3B6PPp/PlFh1Dif+6W8qwnrMajS8uxDjbuez649MnK9LZvMZ0zUwz74iFueig8e4
fecVlPY18X8gJ7gc/ZIDr80+349rcRHZNEgiixMPOdEYqy4EEC1lYOR9oG5XDFhZ
Z+AqDUrQ0QNuSzfYDMPw
=Rkob
-----END PGP SIGNATURE-----

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

--
-------
inum: 883510009902611
sip: jungleboogie@sip2sip.info
xmpp: jungle-boogie@jit.si

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#14

Obviously I'm trying my best to prevent that, and believe that I'm
successful (I have full-disk encryption and the computer is mostly
powered down when I'm not around it).

However, I don't think extra paranoia hurts. If I don't need and
don't want the logs (which seems not to be the case for all users, but
is true for me) then I also would like to have a way to turn them off,
just to be extra secure. Note that the call logs may even be a
problem if I just want to show someone something on my computer and
have them "glimpse" at the logs when Jitsi happens to be open -- or
situations like that. Of course that can be prevented, but I still
feel much safer if I can turn the logs off (or at least delete them!).

Cheers,
Daniel

- --
http://www.domob.eu/
OpenPGP: 901C 5216 0537 1D2A F071 5A0E 4D94 6EED 04F7 CF52
- --
Done: Arc-Bar-Cav-Hea-Kni-Ran-Rog-Sam-Tou-Val-Wiz
To go: Mon-Pri

···

On 2013-07-30 20:59, Jungle Boogie wrote:

If you're worried about people reading your Jitsi chat history on
your computer, you've already failed--don't let anyone have
physical access to your computer and encrypt the hard drive.


#15

HI JB,

It does not help to have a partially-encrypted drive if JITSI can not find this drive
or if you can not tell JITSI where this drive is. Full-drive encryption would need 2
passwords and 2 partitions to keep the innocent stuff separated and above the
serious stuff. Otherwise no plausible deniability.

Physically accessing a computer is 1 million times more difficult than letting your
taps copy the Internet into a gigantic new database with rapidly searchable
memory space of Exabytes and Yottabytes. You will not believe how many
cubic kilometers of storage is coming on line.

Booting from a micro SD solves the evil maid problem of computer access,
but this does not function on XP, unless XP is on a Linux VM.
It looks like I am slowly being forced in this direction. An average user
can not be expected to take this road.
I refuse to touch WIN 7 or 8 or Ubuntu Unity. I do drink Mint juice.

Let anyone do whatever they want to your hard disk, but then boot only from
a micro SD that always goes with you. It also contains encrypted programs
and data storage. We can do this, but not normal people.

<off topic>
I do need to print on corporate WIN networks and am not up to speed enough
to know if I could run SAMBA print server on my MINT notebook and print
out on the corporate WIN network from XP running in VirtualBox or other VM.

I also need to run a few WIN pgms and I had the experience that installing
WINE trashed my MINT machine, so I do not want to try WINE again. So
I must learn more about USB2 and printing on XP in a VM.
</off topic>

@Derek, you make some good points about JITSI being secure not only
against an abusive State or private corporations pretending to be States,
but also an abusive partner. A non Geek should not be put into the position
of thinking JITSI offers local security when it does not. The advertising on
jitsi.org and/or elsewhere could easily lead people into a sense of false
security. A normal user has difficulty understanding computers and
telecommunications.

I see 2 problems. One is that I am not a programmer so I can not help.
The other is that although the JITSI developers love programming and
love being creative, they still have to eat and sleep and relax, and also
pay bills at the end of the month. There are more problems to solve
and patches to write than there are developers.

I want to thank the users for their inputs, please continue. I would like
to think this weekend about a proposal that would make most users
happy, improve JITSI, and need the lowest efforts from the developers.
I think some formula can be found.

@ John, thanks for your inputs.

Regards, Earl

···

On 30/07/2013 20:59, Jungle Boogie wrote:

If you're worried about people reading your Jitsi chat history on your computer, you've already failed--don't let anyone have physical access to your computer and encrypt the hard drive.


#16

As Ingo already pointed out in the very first response in this thread, chat history can be disabled by unchecking the 'Log chat history' box in Options->General. It's just on be default.

FWIW, I think logging chat history is a reasonable default. There's a line between being security aware and paranoid, and I think not logging conversations on your own computer is (slightly) on the paranoid side. And if you want to be paranoid that's perfectly fine -- just go through the setting and turn logging off.

Regards,
Boris

···

On 7/31/13 12:14 AM, Jungle Boogie wrote:

security is never simple, John. We all know its usability vs security
and there are tradeoffs. Do you have a mobile phone? Is it password
protected? I have a smart phone and the password to unlock it was 13
characters and after five minutes, it would lock the screen and require
me to re-type in the password to gain access. Needless to say, this was
not very usable for me so I changed it to a 8 character password with a
10 minute lockout time.

1. government has already been monitoring your private conversations.
Why are you all of a sudden concerned? I don't mean to be hasty but
Edward didn't tell me anything new.
2. If you don't want the logs accessible, setup a cron job to delete
them every 5 minutes. I DO like the idea to disable chat history but I
would not be able to submit a patch to accomplish this.


#17

Easily said. Some of us live in the Wild West. When we go through airports they can seize our laptops and demand we login. I'd much rather log in and show them my nice files but not have the chat history accessible (forgot the password for that mate) or even not logged etc than to be locked up and/or tortured. The "secure your laptop physically" argument seems to be posed by people who cannot imagine such situations until it is too late and I'd counter by saying that position is similar to the "i've got nothing to hide I'm doing nothing illegal" argument made by most when told they should encrypt their communications, until, you counter with "Can I have your phone for a minute? Thank you. Your unlock code please? Thank you. What are you doing? I'm just going through all your contacts and SMS messages and copying them down in my note book, you don't mind do you?" They fast drop their "nothing to hide" position almost without exception!

···

If you're worried about people reading your Jitsi chat history on your computer, you've already failed--don't let anyone have physical access to your computer and encrypt the hard drive.

On 30 July 2013 06:48, Daniel Kraft <d@domob.eu <mailto:d@domob.eu>> wrote:

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    On 2013-07-30 14:10, John Perry - jitsi wrote:
     > On 7/30/2013 6:16 AM, Ingo Bauersachs wrote:
     >>> I was wondering if there was a way to delete the call history
     >>> from Jitsi? Having a trail of every person I've communicated
     >>> with is starting to worry me. Please advise.
     >>
     >> There's no "delete all" button, but you can delete the history
     >> from Jitsi's profile folder (while it isn't running). To prevent
     >> further logging, disable the option "Log chat history" from
     >> Tools->Options->General.
     >>
     >> Ingo
     >
     > Thank you for your response but this is not what I was hoping for.
     > I was hoping that there was a way to completely delete the chat
     > history? After all isn't this exactly what the PRISM program is
     > doing? The NSA claims that they don't need the actual contents of
     > the message. But having a non-deletable log of who I chatted with
     > and exactly when the chat took place and the duration of the chat
     > is fodder for PRISM analysis. It would make sense to me to add a
     > feature to delete the history or opt-out of collecting historical
     > data in the first place. If my computer got seized by the
     > authorities all they would have to do is start Jitsi and look at
     > the history to see who I've been chatting with when the chat was
     > initiated, and for how long the chat lasted. No amount of
     > encryption is going to mask this information with Jitsi in it's
     > current form.

    I completely agree here -- I was very annoyed and disturbed myself
    when I tried to delete the call history and found no way to do it.
    (Of course it must be possible when working through the .jitsi folder
    or such, but there was no easy way I found right-away.)

    In my case this is not so troublesome since I usually chat with Pidgin
    and use Jitsi only for voice/video with a particular contact (which
    happens to be my fiancee, so it is at least not particularly
    surprising information someone could gather from the log), but I
    really would love to opt-out of collecting this data in the first
    place if I could. This is a very useful feature to add!

    Yours,
    Daniel

    - --
    http://www.domob.eu/
    OpenPGP: 901C 5216 0537 1D2A F071 5A0E 4D94 6EED 04F7 CF52
    - --
    Done: Arc-Bar-Cav-Hea-Kni-Ran-Rog-Sam-Tou-Val-Wiz
    To go: Mon-Pri
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.19 (GNU/Linux)
    Comment: Using GnuPG with Icedove - http://www.enigmail.net/

    iQJ8BAEBCgBmBQJR98Q1XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
    ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5MDFDNTIxNjA1MzcxRDJBRjA3MTVBMEU0
    RDk0NkVFRDA0RjdDRjUyAAoJEE2Ubu0E989StdoP/3RFitAjUBh8sG2uZgmYd5Pg
    RYGECELkH9wJ49aC0vO33W2eeLI4jw+g86me/VCfC4NqrKENfiero+pW+AYNbSm1
    J1EAEWEEBTejyvtq4PDsj50i4VlG38toBF/gzr0XhfsTQ+goM5Ax+2VONH6avi1o
    p1HFxi+LxLVh4JbzOi6IIM+ghuh8gIiSUlIQa7f0pBpMDw07MLRvCV5BzNZz/kTY
    IuBafbQctL2jrzCbv6zcUvLU3NVIv9Oos5afGH8ygxVOJZgsM1E4IL9wba6KixL4
    +HiLpij+7Uh3UkQNAc+xfcfmCpDZeKKr0l3DpdOLIJUSmRtOo43z1ZlF90A+BkcS
    bWPIg+ZHLffAhl7mCWDsgqJUaFjEs61S6DfarAeabAIylAjzKgtmXxxCmpqZGlfR
    o//3OpaLrGf8rWSvBAFOAgB1/33XoocZCYZc15c7+In3rbdUg6o913VMrTkbD9YW
    QZfIPufi0HT77alArXHmSjCjRi/zQm2RJ8VJRzVivqRoTqP0hJyYB86AK1mu4ImO
    3B6PPp/PlFh1Dif+6W8qwnrMajS8uxDjbuez649MnK9LZvMZ0zUwz74iFueig8e4
    fecVlPY18X8gJ7gc/ZIDr80+349rcRHZNEgiixMPOdEYqy4EEC1lYOR9oG5XDFhZ
    Z+AqDUrQ0QNuSzfYDMPw
    =Rkob
    -----END PGP SIGNATURE-----

    _______________________________________________
    users mailing list
    users@jitsi.org <mailto:users@jitsi.org>
    Unsubscribe instructions and other list options:
    http://lists.jitsi.org/mailman/listinfo/users

--
-------
inum: 883510009902611
sip: jungleboogie@sip2sip.info <mailto:jungleboogie@sip2sip.info>
xmpp: jungle-boogie@jit.si <mailto:jungle-boogie@jit.si>

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#18

Dear Ingo,
where can I find this folder(s) under Mac OSX ?

br, MS

···

On 7/30/13 2:39 PM, Ingo Bauersachs wrote:

On 7/30/2013 7:10 AM, John Perry - jitsi wrote:

On 7/30/2013 6:16 AM, Ingo Bauersachs wrote:

I was wondering if there was a way to delete the call history from
Jitsi? Having a trail of every person I've communicated with is

starting

to worry me. Please advise.

There's no "delete all" button, but you can delete the history from
Jitsi's profile folder (while it isn't running). To prevent further
logging, disable the option "Log chat history" from
Tools->Options->General.

Could you please provide information on exactly what file(s) need to be
deleted from Jitsi when it's not running to get rid of the historical

data?

The entire folder history_ver1.0 if you want to delete all history, or one
of the subfolders if you want to delete only parts of it. The subfolder's
name should be self-explaining.

Ingo

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#19

This is also a good idea. Having the ability to opt-out of logging *AND*
have some sort of notification that logging is enabled/disabled would be
a good solution.

···

On 7/30/2013 8:49 AM, Tomas Kopal wrote:

Well, lets not get overboard with this. Me, I am using logging and chat
history quite extensively, and removing it would be a showstopper for me.
I agree that it could be nice to be able to turn this on/off, but that's
about it.
Would it be enough for you if there was some indicator in the chat
window that chat logging is on? This was, you can check if someone was
messing with your settings and clean it up.

Tomas

--
John Perry
xmpp://crypto@chat.jpunix.net
xmpp://chat.jpunix.net


#20

I'd say it was OK if there was an indicator showing if logging is on
or off but that it should still default to off and hopefully those who
wish to use it will find it sufficient that Jitsi is notifying them
that it's off and can go and enable it.

If anyone's concerned that they might not realise it's off and thus
fail to turn it on and then find later when they want to check the log
that it doesn't exist, I'd counter that if the notification isn't
sufficient for them to realise logging is off, then it isn't
sufficient for someone to realise logging is on and I respectfully
suggest it would be preferable that someone, like yourself, who likes
to use the logs forgets to enable them and gets tripped up by this
once, rather than someone who might be at risk and needs the logs
disabled to help minimise that risk.

Sorry, that's a bit of a mouthful but I think you'll know what I'm
trying to say without me spending the next 30mins trying to re-write
it :wink:

Regards

Derek

···

On 30 July 2013 14:49, Tomas Kopal <Tomas.Kopal@altap.cz> wrote:

Well, lets not get overboard with this. Me, I am using logging and chat
history quite extensively, and removing it would be a showstopper for me.
I agree that it could be nice to be able to turn this on/off, but that's
about it.
Would it be enough for you if there was some indicator in the chat
window that chat logging is on? This was, you can check if someone was
messing with your settings and clean it up.

Tomas

On 30.07.2013 15:34, Derek Moss wrote:

I have to agree that any logging should default to off and then anyone
who actually wants a record of their communications stored on their PC
can enable it. I imagine most people are largely attracted to Jitsi
for it's security features, so it seems likely that most users
wouldn't want to have this log created and therefore makes most sense
to make it default to off (and probably password protect this setting
if it isn't already, so that someone can't enable it behind the user's
back, resulting in their communications being logged whilst they still
think that it's disabled).

In fact, maybe it should just be removed as an option altogether as
even with a password, someone could just re-enable it by editing
sip-communicator.properties manually?

On 30 July 2013 13:10, John Perry - jitsi <lists@jpunix.net> wrote:

On 7/30/2013 6:16 AM, Ingo Bauersachs wrote:

I was wondering if there was a way to delete the call history from
Jitsi? Having a trail of every person I've communicated with is starting
to worry me. Please advise.

There's no "delete all" button, but you can delete the history from Jitsi's
profile folder (while it isn't running). To prevent further logging, disable
the option "Log chat history" from Tools->Options->General.

Ingo

Thank you for your response but this is not what I was hoping for. I was
hoping that there was a way to completely delete the chat history? After
all isn't this exactly what the PRISM program is doing? The NSA claims
that they don't need the actual contents of the message. But having a
non-deletable log of who I chatted with and exactly when the chat took
place and the duration of the chat is fodder for PRISM analysis. It
would make sense to me to add a feature to delete the history or opt-out
of collecting historical data in the first place. If my computer got
seized by the authorities all they would have to do is start Jitsi and
look at the history to see who I've been chatting with when the chat was
initiated, and for how long the chat lasted. No amount of encryption is
going to mask this information with Jitsi in it's current form.

--
John Perry
xmpp://crypto@chat.jpunix.net
xmpp://chat.jpunix.net

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users