lets-chat icon indicating copy to clipboard operation
lets-chat copied to clipboard

Published 20 hours ago verified publisher icon sdelements

Encrypted/OTR private chat between users

Open maxkueng opened this issue 10 years ago • 7 comments

Would be cool is 2 users could enter a private conversation that can only be viewed by those users. Ideally, it should also not be accessible by administrators.

maxkueng avatar Apr 01 '14 16:04 maxkueng

Private messaging is coming in the release after next (0.4 or maybe 0.5). I'm not sure sure about encrypting them, for a couple of reasons:

  • It's not a pain point for our team (not sure about other users though)
  • There's nothing stopping an administrator from modifying client code
  • There are some tools that do this better than we could: https://otr.cypherpunks.ca/, https://crypto.cat/, etc..
  • It's an implementation black hole

That said, I do think off the record messaging (not storing them) might be useful. I think it would be nice when you need to talk about something mildly sensitive.

hhaidar avatar Apr 02 '14 03:04 hhaidar

Cool!

The idea for the encryption came because if you are going to use lets-chat in a company, for example as an alternative to HipChat, you don't want your boss to read private conversations between employees.

If employees can't use the same chat tool for open conversations about topics in rooms, and private conversations between employees, they will have to use multiple tools. Chances are then that conversations about topics that should be recorded and searchable will also (partly) happen in a different tool out of convenience.

Off-the-record messaging probably makes offline-messages impossible.

maxkueng avatar Apr 02 '14 12:04 maxkueng

+1

Out of interest - if you're using a client like Adium or Pidgin - does OTR work?

sammcj avatar Feb 26 '15 03:02 sammcj

I imagine the OTR plugin for Pidgin would work with Lets Chat when #282 is implemented ?

geoffwhittington avatar Feb 27 '15 02:02 geoffwhittington

@geoffwhittington I tested the OTR plugin with #319 - it works :smiley: :tada:

sibartlett avatar Feb 27 '15 02:02 sibartlett

Wooo!

Edit: I tested this and works as expected! Very nice

geoffwhittington avatar Feb 27 '15 02:02 geoffwhittington

XMPP wasn't built to use OTR. Using OTR with XMPP is a hack and will always be. Let's Chat should enable the OMEMO encryption protocol in addition to OTR.

Here's OMEMO's main website: https://conversations.im/omemo/

The main developer on the project is @iNPUTmice

Here's the XEP: https://xmpp.org/extensions/inbox/omemo.html

Here's a quick start guide for adding OMEMO to clients: https://gist.github.com/iNPUTmice/e3fe475752e39b40ea87ae5ed73b3e01

Here's a library and OMEMO extention source code: https://github.com/omemo

Here's the results of the 3rd party audit: https://conversations.im/omemo/audit.pdf

Should I have started a new issue for this? OTR is in the title of this issue, so I wasn't quite sure. Do you guys agree that this encryption protocal should be added to Let's Encrypt?

herbsmn avatar Sep 06 '16 22:09 herbsmn