powered by Jive Software

[Feature request] Force OTR if both use Spark as a client

I stumbled upon this document and think it would be a great feature, if spark would force (or in the first place try to establish) a OTR encrypted chat session, if the opposite is using spark as a client too.

The benefit of “forcing” OTR is, that users who’re using spark do not need to worry about encryption (or their messages beeing logged in a readable format by the server admin) nor they need to think of enabling OTR in the first place if they start a new conversation.

What do you guys think? Possible? Silly request? Breakthrough in the development of Spark? :slight_smile: Let me know!

I see no point in doing this. If you want encryption, you use server with SSL. If you need more protection, then enable OTR. Also OTR can be disabled by admins, by modifying default.properties file inside spark.jar (in corporate environment).

I get your point. According to regular/basic users they do not know and do not want to enable/check an extra option (here otr) to have “really” encrypted messages. For them this should be handled “right out of the box”, because (sometimes) this is the only reason why they’ll tend to use or choose a specific service over some other. This, in short, is what i get most of the time as feedback from my users.

They don’t want to think of enabling “the highest encryption available” and presuppose that by the service to have it as default setup.

But ok, maybe only my users and i think that this would be a great feature :slight_smile:

rene-1 wrote:

According to regular/basic users

You probably mean “paranoid” users i don’t think many basic users think about security/privacy at all…

I can see value in a by-default encrypted chat. maybe not OTR, but at least SSL. Problem would be though, Openfire would have to assume a self-signed cert, which may not play nice with all XMPP clients.

I see your point, Jason. But lets say spark would support these settings by default (or could be set as “always on” by the user in the first place) and you use the default otr encryption for all spark users only on your (internal or external) xmpp service - like only for your own “community”. I think, only this would be a huge benefit.

A more broader view on this topic: people keep telling me, that the service “threema” is more user friendly and by default secure/encrypted due to the keypair that’s beeing generated once you sign up for this service. And, if using spark and for instance my xmpp server, people have to “think of turning otr encryption on”. So it’s a hassle for them.

Maybe it’s only a problem i have as an service operator with my users and in discussions about the xmpp protocol, but it the the default otr enryption of the spark client will help in two ways - spark as an instant messenger would become more “known and respectable” and the “old fashion xmpp server which are offering stone aged instant messaging services” would gain more noticeable to the common user (like the whatsapp generation).

So, all i want to say is, i’d still love to see this “feature” of spark :slight_smile: