arlolra / ctypes-otr Goto Github PK

Now that #3 is closed.

What about quote and notice?

• Add the ability generate keys asynchronously in a worker
• Use the async worker to generate keys on account create, or as needed
• If we somehow get to starting an OTR session w/o a key, grey out the conv browser with a message and throbber, and generate the key synchronously, rather than launching a modal

Or if it can't (via whitespace tags or unresponded query message).

Some applications,

• If the extension is disabled (the default in Instantbird) and we want to prod to enable it.
• If a secure session ended, try to automatically restart it before failing with the system message. #51

The tooltip text for the padlock icon says "Not private", "Unverified", and "Private".

These should be changed to something that is more verbose, so that the user knwos that the current conversation is being talked about:

"Conversation is NOT private"
"Conversation is PRIVATE, but contact $FOO is unverified"
"Conversation is PRIVATE and contact is verified"

I agree that tooltips should not be long but simply saying "not private" or "private" doesn't help. Since we display the change of security in the conversation, what do you think about using the same message for the tooltip or is that short on purpose (which is also understandable)?

Are we differentiating between private and private and verified conversations? Once a user has verified a contact, can we indicate that in the UI without the user having to click the padlock icon to check it?

The message for the status of the conversation which is not over OTR is:

The privacy status of the current conversation is: Not private

Can we reword this? How about something like:

The current conversation is NOT private

Or something related. Just a suggestion; feel free to close the ticket if you think the current one is fine.

"refreshed the private conversation" is a strange wording

cc/ @azadi @fqueze

Conversation not bound to the window yet? To be investigated.

https://lists.cypherpunks.ca/pipermail/otr-dev/2013-November/001991.html

We shouldn't be displaying these strings,
https://github.com/arlolra/ctypes-otr/blob/master/chrome/content/otr.js#L710-L715
https://github.com/arlolra/ctypes-otr/blob/master/chrome/locale/en/otr.properties#L13-L14

But this attack might be possible without needing the user to paste the string. The default policy includes OTRL_POLICY_ERROR_START_AKE which seems like it'll get you the opportunity to MITM automatically. Should probably disable that as well, once the usability issues are assessed.

After starting a conversation over OTR, the sequence of messages is:

• The current conversation is not private.
• You attempted to send an unencrypted message to arlolra. Unencrypted messages to this recipient are not allowed. Attempting to start a private conversation. Your message will be retransmitted when the private conversation starts.
• arlolra has not been authenticated yet. You should authenticate this contact.
• Unverified conversation with arlolra started.

The last message is a bit unclear. Can we make it better by saying something like "The conversation is private but the contact is unverified." Something along these lines that tells the user that their conversation is private but the identity of the person they are chatting with has not been verified.

"Private (but unverified) conversation started..."
"Private conversation started with unverified contact."

You get the idea.

When starting a conversation with a contact who is not using OTR, the message is:

2:41:23 pm - The current conversation is not private.
2:41:26 pm - You attempted to send an unencrypted message to sukhe. Unencrypted messages to this recipient are not allowed. Attempting to start a private conversation. Your message will be retransmitted when the private conversation starts.

I think we can word this better. Specifically, saying "Unencrypted messages to this recipient are not allowed" makes it seem like that this specific contact is the issue and not the fact that unencrypted conversations are not allowed as a policy.

A possible suggestion:

You attempted to send an unencrypted message to sukhe. This contact does not support encrypted communication and Tor Messenger does not allow unencrypted messages to be sent.

And then, in a separate message which follows (on a new line):

Attempting to start a private conversation. Your message will be retransmitted when the private conversation starts.

Something along these lines...

A trailing newline consistently produces some OTR scramble on the sending side. An artifact of buffering most likely. Reproduced with shift+enter.

• manual verification
• shared secret
• question and answer

10:28:23 AM - flo-retina: arlolra: so the general idea is that accounts are not tied to identities.
10:28:43 AM - flo-retina: there's an imIUserStatusInfo http://mxr.mozilla.org/comm-central/source/chat/components/public/imIUserStatusInfo.idl#13 instance for each identity
10:29:18 AM - flo-retina: each account is attached to an identity: http://mxr.mozilla.org/comm-central/source/chat/components/public/imIAccount.idl#317
10:29:29 AM - flo-retina: and there's a global identity used as a fallback
10:30:17 AM - flo-retina: the global one is at http://mxr.mozilla.org/comm-central/source/chat/components/public/imICoreService.idl#28
10:31:32 AM - flo-retina: I think having the same fingerprint for several accounts could potentially enable interesting things, like starting an encrypted conversation on one IM network and continuing on another one

After a contact has been authenticated using the fingerprint verification, we display this text:

The current conversation is private.

Which may be slightly confusing for the end user because s/he may think that all this while, the conversation was not private. Can we reword this, perhaps like:

You have verified arlolra's identity.

This sounds weak but you get the idea. I had be happy to discuss this further.

Pidgin says, "Attempting to start a private conversation with contact..."

Sorry if you don't want discussions/questions placed here, some projects are fine with it others hate the idea; I have no idea where your's falls.

But I hope this does get merged back into the Instant Bird master branch when it's finished. I'd love to ditch Pidgin, it's just the lack of an OTR plugin that prevents me.

This can be done by manually copying otr.* files into the profile folder (see https://trac.torproject.org/projects/tor/wiki/doc/TorMessenger/FAQ#WherearemyOTRkeysstoredHowcanIpreservethemacrossupdates), but making it easier would be nice.

Instead of a modal dialogue, let's interrupt the user less by using a notification bar.

Once a new OTR session is established, there is this nice obvious black line
at the top asking you to verify which I think is awesome. However, if auth
fails, this line disappears and it's not very obvious to use the "lock" at
the top to get a button to verify.

I would suggest to keep that annoying black line as long as the contact has
not been verified (even on failure) except if the "X" to close it has been
pressed.

/cc @dgoulet

Meh

I tried to have a conversation w/ someone who doesn't have OTR. I clicked the "Start private conversation", the other user received the text about not supporting OTR...but I kept sending them private stuff until I closed the conversation...and maybe even after that.

#42 was about enabling / disabling the extension.

cc/ @azadi

For private (and not private) conversations, currently, we display the texts "Private" and "Not private". Ideally, we should put a padlock next to them that denotes the state of the conversation, or replace the text altogether.

This'll be more apparent then a system message. See conversation.xml

The UI for manual fingerprint verification looks like:

Perhaps we can redesign this?

"I have verified that this is in fact the correct fingerprint" [Dropdown]

The dropdown options will be "Yes" and "No". Somehow I feel that this is more natural that saying "I have" and "I have not" and the options being in the front of the text.

(Feel free to ignore this.)

After the contacts have been verified, the dialog box says "Cancel". It should say either "Done" or "OK".

Pidgin-otr does this by default.

Have a binding to use "otrl_message_disconnect()"

From @PrezNattyGibbs

When I talk to you on Instantbird, your first few messages usually come
through with an extra space under them. Not sure why or if this is a
big deal.

Maybe we should trim() things before display?

In the absence of any configured accounts, the "My Private Keys" option looks like:

Perhaps we should replace it with a label instead in such a case, which can say "No accounts configured". (We do the same in TorBirdy, FWIW.)

In some places, we say authenticate contact, and in other places we say verify contact.

For example, the notification bar says:

User has not been authenticated yet. You should authenticate this contact.

And then there is a button below it that says Verify.

While the message says "Private, but unverified, conversation with user started." (See #17. Suggested message also says "verified").

We should use one of these words -- either authenticate or verify -- consistently, so as to not confuse the user.

The textboxes for the authentication dialog are narrow and do not allow the user to enter the text. Screenshot attached.

This is on Linux.

Messages are sent out but not displayed. The worst of both worlds.

When opening the preferences window, select the key corresponding to the conversation (account) from which it was called.

The fingerprints in the "Authenticate contact" dialog box should be in text that the user can copy. Currently, they are labels and therefore cannot be copied.

Sometimes seeing select() error: Interrupted system call in VMs.

Google points to https://lists.cypherpunks.ca/pipermail/otr-users/2005-June/000310.html

apt-get install haveged is a workaround for now.

Set a better default than,

?OTRv23? [email protected] has requested an Off-the Record private conversation. However, you do not have a plugin to support that. See http://otr.cypherpunks.ca/; for more information.

• private keys
• known fingerprints

X starts a conversation with Y for the first time and sees the notification bar to authenticate Y. X ignores it, carries on the conversation and closes the window.

X then again starts the conversation with Y. This time though, there is no notification bar that nudges X to verify Y.

Is that intentional and we only show the bar the first time X will talk with Y?

Leaving the text box blank for shared secret/answer works and the authentication is successful. This should probably be not allowed.

Searching around in the add-ons section for this is not obvious.

/cc @dgoulet

Title says it all.

Cleanup isn't so smooth.

Private, but unverified, conversation with $USER started.

I think the distinction is that the conversation is encrypted but the contact is unverified. In this context, I am not sure what a user will think of with an "unverified" conversation. Can we reword this?

Private conversation with unverified $USER started.

Perhaps? Sorry for nitpicking. I know this can't be explained in one line but I discussed this with another user and she was also of the opinion that since we are saying authenticate contact in the notification bar, it's better to say that the user is unverified rather than the conversation.

It should:

• offer all methods, not just manual;
• update the UI state in the conversation window. // this was a bug

What is the "U" in the verify button? Is it the access key for the button? If yes, it doesn't seem to work and also, we should change it to "V" perhaps?

Two users, X and Y. With X, I initiate an authentication request using shared secret.

The message in X's window after a successful authentication is:

You have verified X's identity.

The message in Y's window is:

You have verified Y's identity.

But, X has verified the identity of Y, and Y still has not verified X. The messages should be:

(In X):

You have verified Y's identity.

(In Y):

X has verified your identity. You should do the same with her.

(Sorry if this is not clear.)