[jitsi-users] security of OTR


#1

Jitsi team,

I am a human rights lawyer and investigator working on sensitive projects.
I would like to use Jitsi as a XMPP client to IM with activists in
repressive states, however, I am told that Jitsi previously had a bug that
allowed hackers to force the connection as unencrypted.

See https://help.riseup.net/en/chat-clients

Has this been fixed? Could you provide details about the fix so that I can
use the software in confidence. It is much easier to set up Jitsi than
Pidgin + OTR, so I would be pleased to know if Jitsi is just as secure.

Kind regards,
Steve

···

--
Steve Kostas
M: +44 782 517 2791
US: +1 202 470 0134
skype: sakostas


#2

Hey Steve,

I am really not sure what problem this page is referring to. The only report that we've received from riseup on the subject seems to be this:

http://lists.jitsi.org/pipermail/dev/2011-September/000893.html

This has been addressed more than two years ago:

http://lists.jitsi.org/pipermail/dev/2011-September/009169.html

We are not currently aware of any issues related to OTR that haven't been addressed (we do recommend that you use the nightly builds though).

Hope this helps,
Emil

···

On 09.12.13, 15:23, Steve Kostas wrote:

Jitsi team,

I am a human rights lawyer and investigator working on sensitive
projects. I would like to use Jitsi as a XMPP client to IM with
activists in repressive states, however, I am told that Jitsi previously
had a bug that allowed hackers to force the connection as unencrypted.

See https://help.riseup.net/en/chat-clients

Has this been fixed? Could you provide details about the fix so that I
can use the software in confidence. It is much easier to set up Jitsi
than Pidgin + OTR, so I would be pleased to know if Jitsi is just as
secure.

Kind regards,
Steve

--
Steve Kostas
M: +44 782 517 2791
//US: +1 202 470 0134
skype: sakostas

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

--
https://jitsi.org


#3

The authors have just fixed this:

See https://help.riseup.net/en/chat-clients

···

On 09.12.13, 15:49, Emil Ivov wrote:

Hey Steve,

I am really not sure what problem this page is referring to. The only
report that we've received from riseup on the subject seems to be this:

http://lists.jitsi.org/pipermail/dev/2011-September/000893.html

This has been addressed more than two years ago:

http://lists.jitsi.org/pipermail/dev/2011-September/009169.html

We are not currently aware of any issues related to OTR that haven't
been addressed (we do recommend that you use the nightly builds though).

Hope this helps,
Emil

On 09.12.13, 15:23, Steve Kostas wrote:

Jitsi team,

I am a human rights lawyer and investigator working on sensitive
projects. I would like to use Jitsi as a XMPP client to IM with
activists in repressive states, however, I am told that Jitsi previously
had a bug that allowed hackers to force the connection as unencrypted.

See https://help.riseup.net/en/chat-clients

Has this been fixed? Could you provide details about the fix so that I
can use the software in confidence. It is much easier to set up Jitsi
than Pidgin + OTR, so I would be pleased to know if Jitsi is just as
secure.

Kind regards,
Steve

--
Steve Kostas
M: +44 782 517 2791
//US: +1 202 470 0134
skype: sakostas

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

--
https://jitsi.org