An oft-requested feature in Empathy and Telepathy is support for OTR (Off The Record) encryption of messages, interoperating with the OTR plugin for Pidgin and other popular IM clients. We’ve been resisting implementing it so far, mainly because we think there are better ways to do end-to-end encryption of messages and audio and video calls over XMPP, which we hope to implement in the not too distant future.
However, a nice aspect of OTR as compared to other encryption solutions is that it allows you to plausibly deny having taken part in a conversation. We believe this to be an example of a wider trend towards deniability on the internet, a position which is backed up by the growing popularity of Tor, and by several modern browsers allowing you to cover your browsing tracks out of the box.
As a result, we’ve been working hard to help secure your privacy while you’re using Empathy. We’ve had to do this quietly for various legal reasons, but we’re proud to announce Empathy’s new Private Mode. When enabled, your contact list will be anonymized, as will your entry on your contacts’. Thus, you can conduct conversations with anyone without fear of repercussions from their discovering your identity, or of anyone else knowing the conversation took place:
It’s not obvious how to bring these privacy benefits to Jingle video calls. We came up with a technique we refer to as Kitten Secrecy (patents pending in all relevant countries), and managed to integrate it with Empathy with the help of our friends at Collabora Multimedia, who constructed a fantastic GStreamer element using only two leaky queues!
We think the results speak for themselves. The source is not quite ready for
release yet, but (lawyers permitting) we hope it’ll be public by the end of the
month. Hope you can wait until then!
— the Telepathy and Empathy teams
If you’re about to leave an angry comment:
At the Boston Gnome summit, Robert McQueen, Sjoerd Simons and I sketched out a plan for the API for end-to-end encryption of communications (implemented using XTLS, OTR or anything else) and how we’d implement this API for OTR. Work’s just started on a challenge-response authentication API, which is a prerequisite. Stay tuned; or, jump onto the Telepathy list or #telepathy on Freenode if you’re interested in helping out!