Textual leverages the technology known as Off-the-Record Messaging (“OTR” for short) in order to add an extra layer of privacy and security when communicating one-on-one with another person.
In the top right corner of a query (private message), above where the user list of channel would normally reside, is a button (the “status button”) that displays the level of privacy for the active query.
The following table outlines the possible privacy levels:
|There is not an active Off-the-Record conversation. Messages transmitted between yourself and your chat partner are sent as-is.|
|There is an active Off-the-Record conversation, but the conversation is still considered unsafe because the identity of your chat partner has not been confirmed. You could be talking to an imposter.|
|There is an active Off-the-Record conversation and the identity of your chat partner has been confirmed using authentication.|
To begin an Off-the-Record conversation, send a message to another user in a query.
By default, when you send a message in a query, Textual modifies the message in such a way that instructs your chat partner to automatically begin an Off-the-Record conversation.
If your chat partner does not begin an Off-the-Record conversation after a message has been sent to them, then there are two possibilities: They have configured their chat client not to enable OTR automatically or they do not support it.
In both cases, clicking the status button in the top right corner of the query will present a menu which contains the option to manually begin an Off-the-Record conversation.
When starting a conversation manually, the following message will be visible to your chat partner if they do not support Off-the-Record Messaging:
Requesting an off-the-record private conversation. However, you do not have a plugin to support that. See http://otr.cypherpunks.ca/ for more information.
Authentication offers the ability to determine whether your chat partner is who he or she claim to be.
Authentication works by presenting to your chat partner a question that you define. If they are not an imposter (e.g. a “man in the middle”), then they will be able to answer the question without fault. Alternatively, you can instruct them to enter a secret that both of you have predetermined elsewhere.
To authenticate your chat partner, first start an Off-the-Record conversation. Afterwards, click the status button in the top right corner of the query to present a menu which contains the option to perform an authentication.
Plain-text messages, actions (me command), and notices (notice command) are encrypted. Other forms of private communication such as Client-to-Client (CTCP) requests and Direct Client-to-Client file transfers are not encrypted.
Data sent and received as part of an Off-the-Record conversation are not stored anywhere except memory unless Textual has been configured to write log files.
To disable logging, follow these steps:
Textual advertises that it supports Off-the-Record Messaging (OTR) by appending a sequence of tab characters at the end of outgoing messages. Unfortunately these tab characters present problems for certain Internet Relay Chat (IRC) bots as well as certain CLI-based chat clients.
To stop Textual from appending tab characters, follow these steps:
Data maintained by the Off-the-Record Messaging (OTR) library such as user fingerprints, your local key, and instance tags can be found at the following path:
~/Library/Group Containers/8482Q6EPL6.com.codeux.irc.textual/Library/Application Support/Textual/Encryption Components/
To prevent inexperienced users from modifying the contents of this folder, it is invisible in Finder.
To open this folder in Finder, follow these steps:
This knowledge base article provides a high level overview of Off-the-Record Messaging (OTR) inside Textual. If you would like to learn more about OTR itself, visit the project's website at: otr.cypherpunks.ca
Related Wikipedia Articles:
See the GitHub page for Codeux Software, LLC.