Karl Hans Janke Kollaborativ
Heute die Welt, morgen das Sonnensystem!

oct 2010

BitlBee OTR going mainstream, er, mainline


I had a little celebration this week. After spending some time last weekend bringing bitlbee-otr up to date with upstream libotr, and another few hours this Friday hunting down a stupid bug, Wilmer van der Gaast, main developer of BitlBee, announced that he will be merging OTR support into BitlBee's mainline development branch, ready to go into the next official release. Keeping my fingers crossed!

This will be the first major code contribution I make to an open source project that makes it into the official distribution, so I'm pretty excited about that. But more importantly, it means that starting with the next release, it should become very easy for BitlBee users to get into the benefit of end-to-end encryption for instant messaging.

Privacy by default

This is the issue with crypto, specifically in the context of privacy: All parties involved (two in the case of IM) must have it in order for it to be useful for either of them. Lowering the barrier to entry into end-to-end crypto is thus not only beneficial but crucial to the chance of having a private conversation. This is precisely what OTR aims for. It's protocols are designed to set themselves up automagically whenever they get a chance (cf. opportunistic encryption). The whole experience should be as seamless and transparent to the end user as possible.

The key is to enable a smooth path (in usage) from no crypto at all to fully authenticated privacy where no step must present a large hurdle for the end user. Once the protocols and interfaces are implemented, having the software available at all becomes the limiting factor. That's why I'm really excited about the inclusion in mainline, apart from seeing my name on the web. ;)

Get it before everyone else!

Update: (2010-10-09) And it's been merged.