Brussels / 1 & 2 February 2014


Interview with David Goulet
USE OTR or how we learned to start worrying and love cryptography

David Goulet will give a talk about USE OTR or how we learned to start worrying and love cryptography at FOSDEM 2014.
Q: Could you briefly introduce yourself?

As a full time job, I maintain the lttng-tools component of the LTTng project. On the side, I do security and privacy open source software such as a Linux kernel rootkit scanner called kjackal, I also co-maintain the Irssi OTR plugin and I’m currently working on the Torsocks rewrite which is by the way almost stable so please help test it!

One thing clear out, I’m a Linux C developer focused on performance and security and not a cryptographer. :)

Q: What will your talk be about, exactly? Why this topic?

This talk will be an overview of what is Off The Record (OTR) messaging, the ecosystem around it and the purpose of the USE OTR project.

Q: What do you hope to accomplish by giving this talk? What do you expect?

Raising awareness on the importance of end-to-end encryption, find help in the open source community to improve OTR accessibility by working on the protocol, improving usability of existing plugins and whatever any hacker can bring to the whole project! :)

Q: What’s the history of the USE OTR organisation? When did it start and what was the trigger to start it?

USE OTR project was created with Jurre Van Burgen (a.k.a DrWhax) about a year ago after some discussions we had on the state of OTR in various IM software being actually either out of date, poorly implemented or both. This organisation was created to address the sustainability of the OTR ecosystem and much more!

Q: The goal of the USE OTR organisation is to improve security, usability and encryption of open source IM software. So what’s currently wrong with security and usability in for instance Pidgin and comparable instant messengers?

In a nutshell, in terms of security, most IM software is in quite a bad shape meaning secure coding is not the main goal of these projects. It’s not a lack of skilled developers but simply a different development focus of the project.

This is actually a complex question and this talk will detail why usability and security is a critical issue that needs to be addressed especially in the Snowden era ;).

Q: Why did you choose the OTR protocol as your focus? What’s so good about it compared to other cryptographic protocols for IM?

OTR provides incredible security properties! This talk will explain (without hardcore math ;) what are they and why OTR is a superb piece of work.

Q: How does your collaboration with the LEAP project look like?

We exchange a lot of information and basically closely follow what LEAP (LEAP Encryption Access Project) developers are working on. Furthermore, LEAP is a close partner also in terms of funding and coding resources.

Q: How will you get funds to maintain OTR software?

We are currently working with different possible sponsors to help support the OTR ecosystem and thus the USE OTR project.

Q: How can interested people help USE OTR?

Use OTR, hack on OTR, help friends/family use OTR and spread end to end encryption!

After this talk, everyone will have a better understanding of the big picture and have a lot of possibilities to collaborate and help USE OTR.

Q: What can we expect from USE OTR in 2014? Can you talk about specific software you’ll be developing?

I can’t answer this question, that would be a big spoiler! Come to the talk! ;).

Q: Have you enjoyed previous FOSDEM editions?

This will be my first one and most certainly not the last one!

Creative Commons License
Creative Commons License

This interview is licensed under a Creative Commons Attribution 2.0 Belgium License.