Hi, I noticed, that buzzing someone in Pidgin using OTR is not encrypted.
The bug report below is copied from Archimedes ticket under https://developer.pidgin.im/ticket/11928 It was closed, because "This issue is caused by a third party plugin." ---- When using the OTR plugin for secure conversations, the Attention/Buzz/Nudge? is send in plaintext instead of encrypted (at least in jabber, can't tell for other protocols as ICQ doesn't work atm): (23:56:30) The following message received from archimedes@jabber.*.de was not encrypted: [Archimedes has buzzed you!] Though this is just a minor leak of information, it should still be avoided to preserve complete privacy of the conversation. I guess this is a libpurple bug, as both the button and the /buzz command show this behaviour. In a short: Steps to reproduce: Start a chat Enable OTR Send /buzz or click "Attention!" Button What happes: Buddy gets an *unencrypted* buzz message What is expected: Buddy gets an *encrypted* buzz message _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
