I’ve got the suggestion several times that we should ‘force the use of OTR!’ I don’t like the practice by other servers such as riseup.net (sends you warnings over and over) and calyxinstitute.org (specifies that they force it) for several reasons. Whether you can’t send messages if you don’t use OTR or get notices from the server every time you send a message without OTR, I believe it’s bad practice.
- It forces users into adhering to a specific plugin.
I feel like this is a bad idea. I believe the choice should be left up to the user like most things. If there are better alternatives than OTR already (OMEMO) or ones that come out in the future, it’s silly to force users to use something specific. It’s not built into every client by default like TLS is. And many users may want to use their own plugin that they develop, PGP or OMEMO.
- It’s annoying.
Who wants to get spammed with messages from the server like, “you aren’t using OTR!!!!” or to just get their outgoing messages blocked simply because they don’t fit the OTR format? Being forced to use OTR, and when you don’t, getting punished via spam for it is annoying. Rather, users should be nudged to use end-to-end encryption through announcements or blog posts.
- OTR currently has some annoying downsides.
OTR, unlike OMEMO doesn’t seem to work well when you have multiple devices and doesn’t work with offline messages. Below is a great comparison of different plugins.