Off-the-Record Messaging

Home

Textual leverages the technology known as Off-the-Record Messaging (“OTR” for short) in order to add an extra layer of privacy and security when communicating one-on-one with another person.

What's the advantage to using OTR?¹

Encryption
No one else can read your private messages.
Authentication
You are assured that your chat partner is who they claim to be.
Deniability
The messages that you send do not have digital signatures that can be checked by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your chat partner is assured the messages they see are authentic and unmodified.
Perfect forward secrecy
If you lose control of your private keys, no previous conversation is compromised.
¹ The “What's the advantage to using OTR?” section of this knowledge base article uses an modified excerpt from the otr.cypherpunks.ca website.

Privacy Levels

In the top right corner of a query (private message), above where the user list of channel would normally reside, is a button (the “status button”) that displays the level of privacy for the active query.

The following table outlines the possible privacy levels:

Status Description
Not Private There is not an active Off-the-Record conversation. Messages transmitted between yourself and your chat partner are sent as-is.
Not Private There is an active Off-the-Record conversation, but the conversation is still considered unsafe because the identity of your chat partner has not been confirmed. You could be talking to an imposter.
Not Private There is an active Off-the-Record conversation and the identity of your chat partner has been confirmed using authentication.

How do I use this service?

To begin an Off-the-Record conversation, send a message to another user in a query.

By default, when you send a message in a query, Textual modifies the message in such a way that instructs your chat partner to automatically begin an Off-the-Record conversation.

If your chat partner does not begin an Off-the-Record conversation after a message has been sent to them, then there are two possibilities: They have configured their chat client not to enable OTR automatically or they do not support it.

In both cases, clicking the status button in the top right corner of the query will present a menu which contains the option to manually begin an Off-the-Record conversation.

When starting a conversation manually, the following message will be visible to your chat partner if they do not support Off-the-Record Messaging:

Requesting an off-the-record private conversation. However, you do not have a 
plugin to support that. See http://otr.cypherpunks.ca/ for more information.

How do I authenticate my chat partner?

Authentication offers the ability to determine whether your chat partner is who he or she claim to be.

Authentication works by presenting to your chat partner a question that you define. If they are not an imposter (e.g. a “man in the middle”), then they will be able to answer the question without fault. Alternatively, you can instruct them to enter a secret that both of you have predetermined elsewhere.

To authenticate your chat partner, first start an Off-the-Record conversation. Afterwards, click the status button in the top right corner of the query to present a menu which contains the option to perform an authentication.

What is actually encrypted?

Plain-text messages, actions (me command), and notices (notice command) are encrypted. Other forms of private communication such as Client-to-Client (CTCP) requests and Direct Client-to-Client file transfers are not encrypted.

How do I configure the behavior of OTR in Textual?

Several options are available under the Advanced section of Preferences

Are encrypted conversations stored anywhere on disk?

Data sent and received as part of an Off-the-Record conversation are not stored anywhere except memory unless Textual has been configured to write log files.

To disable logging, follow these steps:

  1. Open Preferences using the keyboard combination Command Comma
  2. In the window that appears, move focus to the Advanced section of the navigation bar
  3. Click the item labeled Log Location in the menu that appears
  4. Uncheck the option to perform logging

Why does my chat partner see strange characters (such as boxes) at the end of my messages?

Textual advertises that it supports Off-the-Record Messaging (OTR) by appending a sequence of tab characters at the end of outgoing messages. Unfortunately these tab characters present problems for certain Internet Relay Chat (IRC) bots as well as certain CLI-based chat clients.

To stop Textual from appending tab characters, follow these steps:

  1. Open Preferences using the keyboard combination Command Comma
  2. In the window that appears, move focus to the Advanced section of the navigation bar
  3. Click the item labeled Off-the-Record Messaging in the menu that appears
  4. Uncheck all the option labeled Automatically start a private conversation when possible

Where is data related to Off-the-Record Messaging stored on disk?

Data maintained by the Off-the-Record Messaging (OTR) library such as user fingerprints, your local key, and instance tags can be found at the following path:

~/Library/Group Containers/8482Q6EPL6.com.codeux.irc.textual/Library/Application Support/Textual/Encryption Components/

To prevent inexperienced users from modifying the contents of this folder, it is invisible in Finder.

To open this folder in Finder, follow these steps:

  1. Select Finder so that it is the frontmost application
  2. Perform the keyboard combination Shift Command G (⇧⌘G)
  3. In the dialog that appears, enter the path seen above

Where do I learn more?

This knowledge base article provides a high level overview of Off-the-Record Messaging (OTR) inside Textual. If you would like to learn more about OTR itself, visit the project's website at: otr.cypherpunks.ca

Related Wikipedia Articles:

Can I audit Textual's implementation of OTR?

See the GitHub page for Codeux Software, LLC.


 
Last modified: April 14, 2015


The contents of this webpage are released into the Public Domain for unlimited distribution.