[barnaby]

>> But still. OTR (and the enhanced/modified version of it TextSecure is using) is probably the easiest to use way to communicate in a reasonably secure fashion, and it'd would be fantastic to see it used by hundreds of millions of users all of a sudden -- even if it's sitting on top of insecure mobile operating systems and untrusted-yet-privileged hardware.

Have you had issues getting OTR to connect sometimes? Myself and about 5 friends have been using OTR with ChatSecure on the phone and pidgin on the desktop. Sometimes the OTR connection just doesn't engage, and we suspect it's because there are multiple instances of the chat client signed in and it like "crosses the streams" or something. CryptoCat has similar issues. Is there a perscribed way of using OTR that won't give us these problems?

TextSecure hasn't given us any problems yet ... though, we never see the encrypted text messages in our SMS, even when we use textsecure over google voice. Does TextSecure just bypass actual SMS channels?

[handsomeransoms]

That's a common problem when using OTR with the same account in a multi-device environment. It is fixed by the introduction of instance tags in libotr 4.x [0]. You should check the versions of libotr used by all your clients - if they are all libotr 4.0+, you shouldn't have these problems.

[0] https://otr.cypherpunks.ca/UPGRADING-libotr-4.1.0.txt

A simple workaround is to use a different account for each device (e.g. me@jabber.com, me+mobile@jabber.com).

TextSecure's developers recognize that a good multi-device experience is essential to provide a comparable experience to other messaging apps. Their approach is different from OTR's, and is described here [0].

[0] https://moderncrypto.org/mail-archive/messaging/2014/001022....

[morsch]

OTR with Pidgin was pretty solid when I used it (I don't, anymore). But OTR doesn't deal well with mobile connections, something that the changes Text Secure introduces to the protocol address. I still have had occasional, non-reproducible hiccups with Text Secure. AFAIK Text Secure only falls back to SMS if there's no data available, and they're considering removing SMS support entirely in an upcoming version ([0], I say good riddance).

I don't know how well, if at all, either of them deal with multiple simultaneous logins. XMPP (Jabber) doesn't have a great answer for it (ie. there may be support in the protocol or a protocol extension, but implementation support is terrible). Which is a shame because it's very desirable from a user perspective; both just being able to receive incoming messages on multiple devices as well as the next level of synchronising message session history across devices. Clearly the latter is way easier if you're willing to store the history on the server.

[0] https://github.com/WhisperSystems/TextSecure/issues/1737 also on HN somewhere