How can that be the indented behaviour, if it leads to messages being
Only to those clients that you didn't direct the message to. The message
only becomes completely unreadable once the client you were originally
chatting to disconnects or finishes the OTR session.
See, this behavior is unexpected by users of any other chat software
with multiply devices connected at the same time.
The question is, is this really necessary for OTR to work correctly, or
is it (like in my eyes) a bug, due to incorrect message sending and
If i want to send the message only to one specific device, i can choose
to do this. But if don't do and use the "destionation user" as target,
which implies all it's devices, than expect all his devices to be
displaying this message.
Simple example, 3x devices are online, you don't know on which the
target works atm, and you want to send a message to him.
How shall you know the correct device to choose ?
Do you send an unencrypted message ahead to announce your encrypted ? (No)
Given that we're talking about private conversations using an
encryption protocol, I think we should also consider a (hypothetical)
adversary. Say that you left open a chat client somewhere. If you
immediately start broadcasting your messages to all clients (maybe
even establishing OTR sessions on the fly) then you cannot be sure
that there isn't someone somewhere who read your message. (Also, even
if you do not establish sessions on the fly, someone could establish
an OTR session with an idle chat client and hook into your existing
conversation.) I agree that there might be cases where you would want
to send/receive messages on multiple devices. However, I think just
broadcasting a message over any available session for this client,
without being able to verify its role (if any) sounds somewhat
overkill to me. Even if it is just an idle chat client, then it might
be somewhere where people can read its content.
Get what you mean, valid point from the extrem cautiousness faction, but
i believe those guys to turn on and lock the screensaver before they
move away from the pc
The most common usecase would be a phone and a pc connection. Phones
tend to be in pockets ( or on desks at home ), and pcs should have
screenlocks when they idle. Both devices are theoretically under
physical accessibilty by attackers, but it's unlikely to happen. The
phone gets stolen, because it's there, not because it's specially yours.
A thief takes all he can, which will end his life early sometimes, but
that's a different story . Pcs get hacked, because they can, not
because it's yours.
If you are the target of an agency around the world, an open device is
your least problem.
Logically, if both parties use multiply devices, the rate of successfull
transfered messages gets lower and lower with each new device.
Which also means, the practically use of the system gets lower and lower.
Solution: Give the user a choice.
Jitsi did, as you can select to send to all, or to one device ( resource
). With only one problem, "to all" isn't working
Can someone now add it to the issue list
So, what's your use case exactly? Is it simplicity of communications? Is
it to accomodate users who switch device often? ... something else?
Yes, my usecase has multiply devices for the same account. I own a
phone,a tablet, a laptop and serveral pc workstations.
I want jitsi to be the new communication system i ( and others i will
take with me ) use. Because it has all it should have,
has no american company behind the infrastructure, and offers more
features than skype does.
It's not, that i did not have a beta test running, but those tests show
more users with multiply devices, mostly pc and tablets. I'm not the
only one, and with phones everywhere, this profile will be the normal
one for millions of users. Of course you can solve it by using one
account per device, but that's not the intention.
I'm not against it per se, but I think the implementation should be such
that a user error discloses too little rather than too much.
If you have real secrets to protect, you are free to limit yourself to
one account and extreme safty, because you can do this.
But if you ignore the needs of the masses, your standing in the way of
your own success. (learned that the hard way)
The masses want, from my experience with people in all ages, it to be as
simple as it could be. This includes one account for all devices they
own. We are talking about people who can't find the correct box of
username/password, even if you send them a screenshot of jitsi with a
red mark next to the jabber box. But they wanne be free from company
control in communications too, thats why they need a smoothly working
client. As long as the transmission of the message can't be evesdropped
because is stronly encrypted, everything is fine for them.
Given more "security" to advanced users is fine and recommended, but it
should not limit the mass market to use a product.
Unfortunately, it's exactly those tiny little decisions, that decide
about mass success or failure.
Am 30.04.2015 um 23:08 schrieb Danny van Heumen: