Textual leverages the technology known as Off-the-Record Messaging (“OTR” for short) to add an extra layer of privacy and security when communicating one-on-one with another person.
In the top right corner of a query (private message), above where the user list of channel would normally reside, is a button (the “status button”) that displays the level of privacy for the active query.
The following table outlines the possible privacy levels:
Status | Description |
---|---|
There is not an active Off-the-Record conversation. Messages transmitted between yourself and your chat partner are sent as-is. | |
There is an active Off-the-Record conversation, but the conversation is still considered unsafe because the identity of your chat partner has not been confirmed. You could be talking to an imposter. | |
There is an active Off-the-Record conversation and the identity of your chat partner has been confirmed using authentication. |
Click the status button in the top right corner of a query to present a menu which contains the action to manually begin an Off-the-Record conversation.
When starting a conversation manually, the following message will be visible to your chat partner if they do not support Off-the-Record Messaging:
Requesting an off-the-record private conversation. However, you do not have a plugin to support that. See http://otr.cypherpunks.ca/ for more information.
Authentication allows you to determine whether your chat partner are who he or she claim to be.
To authenticate your chat partner, first start an Off-the-Record conversation. Once started, click the status button in the top right corner of the query to present a menu which contains the action to perform authentication.
Plain-text messages, actions (me command), and notices (notice command) are encrypted. Other forms of private communication such as Client-to-Client (CTCP) requests and Direct Client-to-Client file transfers are NOT encrypted.
Several options are available under the Advanced section of Preferences
Data sent and received as part of an Off-the-Record conversation are not stored anywhere except memory unless Textual has been configured to write log files.
To disable logging, follow these steps:
While Transport Layer Security (TLS) provides encryption between yourself and the server that you are connected to, it does not protect you if the server itself is compromised. It also does not guarantee your chat partner is using it as well. For these reasons, users that prefer strong encryption should consider the use of TLS alone insecure.
Off-the-Record Messaging (OTR) is end-to-end encryption which means that data is not decrypted until it is received by your chat partner.
Textual advertises that it supports Off-the-Record Messaging (OTR) by appending a sequence of tab characters to the end of outgoing messages. These tab characters can be problematic for certain Internet Relay Chat (IRC) bots as well as certain command line chat clients.
To stop Textual from appending tab characters, follow these steps:
Data maintained by the Off-the-Record Messaging (OTR) library such as user fingerprints, your local key, and instance tags can be found in one of two locations.
~/Library/Group Containers/8482Q6EPL6.com.codeux.irc.textual/Library/Application Support/Textual/Encryption Components/
~/Library/Group Containers/com.codeux.apps.textual/Library/Application Support/Textual/Encryption Components/
To prevent inexperienced users from modifying the contents of this folder, it is invisible in Finder.
To open this folder in Finder, follow these steps:
This knowledge base article provides a high level overview of Off-the-Record Messaging (OTR)
inside Textual.
If you would like to learn more about OTR itself, visit the project's website at: otr.cypherpunks.ca
Related Wikipedia Articles:
See the GitHub page for Codeux Software