Using the OTR plugin with Pidgin for verifying GPG public key fingerprints

Robert J. Hansen rjh at
Fri Mar 12 20:31:31 CET 2010

> you live. If you belong to a minority people susceptible to persecution
> by a state agency, then yea sure there are many records of wrongful
> detention and arbitrary human rights abuses based on false pretenses.

Sure.  But the problem here isn't spoofed emails.  The problem here is living in an area where basic human rights aren't respected.  The spoofed emails didn't get them convicted: the spoofed emails were cooked up to provide political cover for a conviction that was preordained.

So I think the statement, "people get convicted ... based on spoofed emails ... all the time" is overreaching.  The basis for their conviction is they're members of a persecuted minority -- not spoofed emails.

> Interesting question. I think OTR is a great theoretical concept. I just
> ignore the PFS/R part when using it.

Which leaves the question unanswered: since OTR exists to provide PFS/R, and you ignore PFS/R, why use OTR?

> Yet juries & courts
> regularly convict people despite their best efforts to claim innocence,

This is kind of trivial.  When an accused criminal is arraigned, they are given the chance to plead guilty or not guilty.  The only way to get a trial is to plead not guilty: if you plead guilty you go straight to the sentencing phase.  So yes, in every criminal trial there's a defendant who is making his or her best effort to claim innocence.  Some are innocent, some are guilty, and it's the jury's job to figure out guilt or innocence.

So yes, I agree with you.  I just don't understand what you're getting at.

> Second, even with PD encryption technologies such as Truecrypt, it's
> easy to look at the problem from a law enforcement officer's
> perspective. Compel the individual to lie to a question. Compel him to
> take a polygraph on his statement. And then convict him based on a
> polygraph. Add in rubber hose attack techniques to the mix and it could
> get worse...

If you live in a place that does things like this, they can already throw you in the gulag under any pretense they want.  What you need is to either (a) move somewhere else, (b) foment a revolution, or (c) keep your head down and pray the government doesn't notice you.

GnuPG won't help you out with (a) or (c).

GnuPG might help you out with (b)... but only by helping you keep information safe between the endpoints.  If you're concerned about the secret police kicking down the door and practicing field expedient dentistry on you, you don't need GnuPG, you need a CNN camera crew and an AK-47.  This does not mean GnuPG is defective.  It means you need to understand your problem, your solution, and what tools you need to enact your solution.

More information about the Gnupg-users mailing list