Textual leverages the technology known as Off-the-Record Messaging (“OTR” for short) in order to add an extra layer of privacy and security when communicating one-on-one with another person.
In the top right corner of a query (private message), above where the user list of channel would normally reside, is a button (the “status button”) that displays the level of privacy for the active query.
The following table outlines the possible privacy levels:
|There is not an active Off-the-Record conversation. Messages transmitted between yourself and your chat partner are sent as-is.|
|There is an active Off-the-Record conversation, but the conversation is still considered unsafe because the identity of your chat partner has not been confirmed. You could be talking to an imposter.|
|There is an active Off-the-Record conversation and the identity of your chat partner has been confirmed using authentication.|
Clicking the status button in the top right corner of a query will present a menu which contains the option to manually begin an Off-the-Record conversation.
When starting a conversation manually, the following message will be visible to your chat partner if they do not support Off-the-Record Messaging:
Requesting an off-the-record private conversation. However, you do not have a plugin to support that. See http://otr.cypherpunks.ca/ for more information.
Authentication provides the ability to determine whether your chat partner is who he or she claim to be.
To authenticate your chat partner, first start an Off-the-Record conversation. Once started, click the status button in the top right corner of the query to present a menu which contains the option to perform an authentication.
Plain-text messages, actions (me command), and notices (notice command) are encrypted. Other forms of private communication such as Client-to-Client (CTCP) requests and Direct Client-to-Client file transfers are not encrypted.
Data sent and received as part of an Off-the-Record conversation are not stored anywhere except memory unless Textual has been configured to write log files.
To disable logging, follow these steps:
While Transport Layer Security (TLS) provides encryption between yourself and the server that you are connected to, it does not protect you if the server is compromised. For this reason, users that prefer strong encryption should consider the use of TLS alone insecure.
Off-the-Record Messaging (OTR) is end-to-end encryption which means that data is not decrypted until it is received by your chat partner.
Textual advertises that it supports Off-the-Record Messaging (OTR) by appending a sequence of tab characters at the end of outgoing messages. Unfortunately these tab characters present problems for certain Internet Relay Chat (IRC) bots as well as certain CLI-based chat clients.
To stop Textual from appending tab characters, follow these steps:
Data maintained by the Off-the-Record Messaging (OTR) library such as user fingerprints, your local key, and instance tags can be found at the following path:
~/Library/Group Containers/8482Q6EPL6.com.codeux.irc.textual/Library/Application Support/Textual/Encryption Components/
To prevent inexperienced users from modifying the contents of this folder, it is invisible in Finder.
To open this folder in Finder, follow these steps:
This knowledge base article provides a high level overview of Off-the-Record Messaging (OTR) inside Textual. If you would like to learn more about OTR itself, visit the project's website at: otr.cypherpunks.ca
Related Wikipedia Articles:
See the GitHub page for Codeux Software, LLC.