Off-the-Record Messaging

Home

Textual leverages the technology known as Off-the-Record Messaging (“OTR” for short) to add an extra layer of privacy and security when communicating one-on-one with another person.

What's the advantage to using OTR?¹

Encryption
No one else can read your private messages.
Authentication
You are assured that your chat partner are who they claim to be.
Deniability
The messages you send do not have a digital signature that can be checked by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your chat partner is assured the messages they see are authentic and unmodified.
Perfect forward secrecy
If you lose control of your private keys, no previous conversation is compromised.
¹ The “What's the advantage to using OTR?” section of this knowledge base article uses an modified excerpt from the otr.cypherpunks.ca website.

Privacy Levels

In the top right corner of a query (private message), above where the user list of channel would normally reside, is a button (the “status button”) that displays the level of privacy for the active query.

The following table outlines the possible privacy levels:

Status Description
Not Private There is not an active Off-the-Record conversation. Messages transmitted between yourself and your chat partner are sent as-is.
Not Private There is an active Off-the-Record conversation, but the conversation is still considered unsafe because the identity of your chat partner has not been confirmed. You could be talking to an imposter.
Not Private There is an active Off-the-Record conversation and the identity of your chat partner has been confirmed using authentication.

How do I use this service?

Click the status button in the top right corner of a query to present a menu which contains the action to manually begin an Off-the-Record conversation.

When starting a conversation manually, the following message will be visible to your chat partner if they do not support Off-the-Record Messaging:

Requesting an off-the-record private conversation. However, you do not have a 
plugin to support that. See http://otr.cypherpunks.ca/ for more information.

How do I authenticate my chat partner?

Authentication allows you to determine whether your chat partner are who he or she claim to be.

To authenticate your chat partner, first start an Off-the-Record conversation. Once started, click the status button in the top right corner of the query to present a menu which contains the action to perform authentication.

What is actually encrypted?

Plain-text messages, actions (me command), and notices (notice command) are encrypted. Other forms of private communication such as Client-to-Client (CTCP) requests and Direct Client-to-Client file transfers are NOT encrypted.

How do I configure the behavior of OTR in Textual?

Several options are available under the Advanced section of Preferences

Are encrypted conversations stored anywhere on disk?

Data sent and received as part of an Off-the-Record conversation are not stored anywhere except memory unless Textual has been configured to write log files.

To disable logging, follow these steps:

  1. Open Preferences using the keyboard combination Command Comma
  2. In the window that appears, move focus to the Advanced section of the navigation bar
  3. Click the item labeled Log Location in the menu that appears
  4. Uncheck the option to perform logging

Why does Textual say my private messages are “Not Encrypted” when I am connected using SSL/TLS?

While Transport Layer Security (TLS) provides encryption between yourself and the server that you are connected to, it does not protect you if the server itself is compromised. It also does not guarantee your chat partner is using it as well. For these reasons, users that prefer strong encryption should consider the use of TLS alone insecure.

Off-the-Record Messaging (OTR) is end-to-end encryption which means that data is not decrypted until it is received by your chat partner.

Why does my chat partner see strange characters (such as boxes) at the end of my messages?

Textual advertises that it supports Off-the-Record Messaging (OTR) by appending a sequence of tab characters to the end of outgoing messages. These tab characters can be problematic for certain Internet Relay Chat (IRC) bots as well as certain command line chat clients.

To stop Textual from appending tab characters, follow these steps:

  1. Open Preferences using the keyboard combination Command Comma
  2. In the window that appears, move focus to the Advanced section of the navigation bar
  3. Click the item labeled Off-the-Record Messaging in the menu that appears
  4. Uncheck all the option labeled Automatically start a private conversation when possible

Where is data related to Off-the-Record Messaging stored on disk?

Data maintained by the Off-the-Record Messaging (OTR) library such as user fingerprints, your local key, and instance tags can be found in one of two locations.

Path for Mac App Store version

~/Library/Group Containers/8482Q6EPL6.com.codeux.irc.textual/Library/Application Support/Textual/Encryption Components/

Path for Standalone version

~/Library/Group Containers/com.codeux.apps.textual/Library/Application Support/Textual/Encryption Components/

To prevent inexperienced users from modifying the contents of this folder, it is invisible in Finder.

To open this folder in Finder, follow these steps:

  1. Select Finder so that it is the frontmost application
  2. Perform the keyboard combination Shift Command G (⇧⌘G)
  3. In the window that appears, enter the path seen above

Where do I learn more?

This knowledge base article provides a high level overview of Off-the-Record Messaging (OTR) inside Textual.
If you would like to learn more about OTR itself, visit the project's website at: otr.cypherpunks.ca

Related Wikipedia Articles:

Can I audit Textual's implementation of OTR?

See the GitHub page for Codeux Software

 
Last modified: August 02, 2017
The contents of this webpage are released into the Public Domain for unlimited distribution.