I think the biggest problem is client support, and that some people prefer using multiple devices for chat, including web based services (GMail, Facebook Chat etc).
Even with Jabber where you can have separate resources, it's not possible to have some clients use OTR and some not (with good reason, I guess), so you either have to add a separate, non-OTR account, or get used to turning OTR on and off manually. And I'm still looking for an iPhone Jabber app with OTR support.
I have a solution to this problem. For all of my IM'ing I use several IRC clients. I point them all at a single Bitlbee server which gates from IRC to various IM networks. I use the Bitlbee OTR plugin and assign each network its own OTR key. So no matter what IRC client I am using, I always have the same OTR key.
Related to this. Some of you may remember "Kik" being launched last year. There were quite a few discussions about it here. Anyway, I set up an OTR feature request on their GetSatisfaction page a while ago. If you're using Kik and want OTR support, vote it up:
That ones been implemented now though. Kik 5.0 came out a little over a month ago and had SSL support, but didn't do certificate verification. Kik 5.1 came out a few days ago and now finally has working certificate verification.
OTR is only suitable for real time communication. For posting messages on facebook (as for email) you would use PGP. This used to be possible using Firefox with the FireGPG Addon, but the developer stopped working on it and a release wasn't even made for Firefox 4.
FireGPG was brilliant. It would detect blocks of PGP in the page, and add "Decrypt/Verify" links to the appropriate place in the page, and would let you easily encrypt/sign data. I can't believe nobody took over development. I keep meaning to learn how to write Firefox addons specifically so I can take up this project, but I haven't found the time.
I don't like that OTR allows the person your talking with to deny that they said something they said. I'd rather have pgp signed/encrypted chat so I can prove who said what.
I may be misunderstanding but I think OTR sends the encryption keys with the chat (to accomplish deniability), and while this means your text isn't transmitted in plaintext, it may as well be. Im open to being proven wrong though.
You're misunderstanding, OTR isn't equivalent to plain text at all. For a good introduction to the details, see the CodeCon presentation on the website (http://www.cypherpunks.ca/otr/).
The encryption keys are not sent with the chat, they're generated using DH key exchange. After a conversation is finished, others may forge messages to make them look like they came from you, but they cannot read the messages you originally sent. This gives you plausible deniability, which is what you want in most use cases (if you don't, then you're right that PGP is a better option).
The key exchange is susceptible to a man in the middle attack, which can be prevented by comparing fingerprints using a separate communication channel. Once compared, all future conversations should be impossible to intercept. If your private keys are ever found (a TSA official steals your laptop), they'll be unable to decrypt past conversations. Unless you've left conversation logging on in your chat client, of course.
I never thought much about using OTR until i logged into GMail and discovered reams and reams of OTR conversations stored in the chat logs. I never used the GMail Chat client, and this was a real eye-opener for me. Had I not been using OTR, Google would have stored a couple of years worth of conversations between my friends and kept them forever.
By the way, ZFone / ZRTP (http://zfoneproject.com/) is a protocol using similar ideas, but for VoIP calls.
You are misunderstanding, in the latter case. Asymmetric cryptography is used to determine a session shared secret. The deniability aspect is that either participant can generate messages in the same session. Alice receiving X from Bob knows that either Alice or Bob wrote X (assuming the session secret stays secret). Alice cannot prove to Carol that Bob wrote X because Alice's inference of this is dependent on local knowledge that Alice did not write X.
