Adium

Ticket #519 (closed defect: wontfix)

Opened 3 years ago

Last modified 3 years ago

Encrypted IM Logs

Reported by: kenton@fastfirelabs.com Assigned to: anybody
Priority: normal Milestone:
Component: Logging Version: 0.82
Severity: normal Keywords: log, logs, encrypted
Cc: wardisgod@adelphia.net Patch:
Pending:

Description

It would be very useful to be able to encrypt and password protect the IM Logs. Multiple people use the computer where Adium runs, and sometimes IM conversations need to be kept confidential. I envision this working by making the user enter a password, potentially different from the IM account password in the log viewer. There could be a dropdown menu that could toggle between different accounts, each account requiring a password. I use different accounts for different purposes, so information needs to be kept distinct. There would be an option with the global adium preferences to enable/disable encrypted (and password protection) for each account. This option can be made when setting up adium with a new account as well.

Change History

06/08/2005 11:42:08 AM changed by tick

  • status changed from new to closed.
  • resolution set to wontfix.

You need to use multiple os x accounts in order to enforce security in this nature. Adium will not have this implemented when there is a much better facility within the operating system.

06/09/2005 04:14:19 AM changed by catfish_man

  • component changed from Core Adium to Logging.
  • milestone deleted.

12/26/2005 02:27:29 AM changed by anonymous

  • status changed from closed to reopened.
  • resolution deleted.

ur not going to fix it b/c of the OS? or because adium is lazy?

12/26/2005 03:30:43 AM changed by Kiel Gillard

Anonymous, it won't be fixed because you are lazy. Configure your computer to use multiple accounts in Mac OS X, so that everyone's own files are private, not just their logs.

12/26/2005 05:37:21 AM changed by zacw

  • status changed from reopened to closed.
  • resolution set to wontfix.
  • field_haspatch changed.

02/03/2006 05:48:23 PM changed by anonymous

I would like to nominate this to be re-opened. Although the explanation given is a perfectly suitable reason, I think that IM logs can potentially contain very private information. It would not be difficult to bypass the OS's user-management and security features to get at them: All one would have to do is mount the drive containing the logs on another computer. For this reason I think a request for optional log encryption features should be considered a valid request.

02/03/2006 05:54:28 PM changed by tick

If you are encrypting chats, why would you log them?

02/03/2006 06:13:45 PM changed by anonymous

For achieve-al purposes.

02/07/2006 08:27:20 AM changed by Tim

It would be great if it was possible to disable logging for all otr chats only. As an option you can set in the preferences in the Encryption window.

02/16/2006 04:01:08 PM changed by porg

i also agree with the adium developers: the encrypted storage need can be fulfilled on lower level. and even easily (for the "lazy ones"): simply enable: - filevault (mac osx home directory encryption) - fast user switching

then u have exactly the functionality you want

03/09/2006 12:36:17 PM changed by david.reitter@gmail.com

I can see the position of the Adium developers. However, adding an extra layer of security is not a bad thing, in particular if this kind of encryption can be done with on-board methods. Consider an application like iTunes, which comes with Parental Controls (Preferences -> Parental), where you can disable certain functionality. The "click the lock to prevent further changes" shows that there is a system of limited priviledges even in Apple applications. Escalating one's priviledges (to admin) via the same technique is common paradigm on OS X. The existance of encrypted DMGs (rather than turning on FileVault for the whole user dir) is another example.

03/21/2006 02:41:19 AM changed by bryandodson@gmail.com

  • status changed from closed to reopened.
  • resolution deleted.

I would really love to see this.

04/02/2006 04:06:27 PM changed by wardisgod@adelphia.net

This is a pretty big feature in my opinion. To say "just use filevault or multiple accounts" is ridiculous and lazy; you may as well just close all tickets involving file transfer and say "Just use iChat." I like logging conversations for reference purposes. A few friends use my computer every so often just for simple little tasks. It would be a waste of time and space to set up another user account and make them log into their own account every time they wanted to look up something in Safari. But I also don't want anyone looking at my conversations in Adium, which they could easily do by just opening up the Adium log viewer, whether or not FileVault is enabled. Is making a separate account just for them the most secure way to go? Obviously, but it's ridiculous to make my friends use a separate account because I don't trust them with my computer. It would be much simpler just to have an checkbox in the preferences "Encrypt log files" which, when enabled, would encrypt the log files with some simple algorithm and some password, and they could only then be viewed through Adium itself.

04/02/2006 04:32:48 PM changed by tick

  • status changed from reopened to closed.
  • resolution set to wontfix.

If you don't trust them with your computer, don't let them use it at all.

We are not adding this.

04/02/2006 04:33:32 PM changed by tick

  • cc set to wardisgod@adelphia.net.

Adding email to cc so that wardisgod@adelphia.net knows this issue has been closed.

04/02/2006 05:21:38 PM changed by nathan___

wardisgod:

Create a limited account called "Guest." Fast user switching. Problem solved.

Or, if you're really paranoid, make your own encrypted disk image with Disk Utility, and symlink from the Adium logging location to your encrypted folder. It'd be a pain to mount it every time you want to use Adium, but if that's your thing...

04/25/2006 01:17:09 PM changed by anonymous

  • status changed from closed to reopened.
  • resolution deleted.

My computer gets backed up by my department and I do want my chats to be backed up. But the admin of the department can read my logs. My IMs include several comments about people in the dept. The IM logs could be used against me. :-) Wouldn't encryption be nice? :-)

04/25/2006 02:47:09 PM changed by cbarrett

  • status changed from reopened to closed.
  • resolution set to wontfix.

Use PortableAdium and save your chatlogs on an external USB drive.