[impdev] Adding OTR to Imprudence.
Matthew Nitti
zatzai at zatzai.com
Thu Jan 26 13:13:03 PST 2012
Out of curiosity, what form and level of encryption does this use? My
old friends and I always defaulted to communications outside of SL when
we wanted to be secure, not just from other users but from LL themselves
listening in.
-Matthew Nitti | ZATZAi
On 1/25/2012 4:53 PM, David Seikel wrote:
> OTR - Off The Record (which is end to end IM encryption with
> deniability) was brought up at the meeting today, though mostly in
> private discussion with McCabe. We thought it best to leave that
> discussion to the mailing list. People are asking for OTR to be added
> to other viewers it seems, I'm happy to help with that.
>
> I kinda volunteered to help put out a final release of Imprudence if the
> team decides to go with Kokua an Sunday. Either way, I think this
> would still apply.
>
> Long ago Chris added OTR to meta-impy, which is my fork of Imprudence
> 1.4. I helped out a bit with the UI stuff. We did not quite have it
> ready in time for the 1.4 feature freeze, so it did not make it in. On
> the other hand, in the long time since that feature freeze, other new
> features have been added to Imprudence. I guess the feature freeze is
> over? McCabe thought it would be OK to add OTR into Imprudence.
>
> OTR in meta-impy was based on the Emerald version (which Chris had done
> to start with). It was actually quite easy to slip it into meta-impy,
> almost worked first time. Since then, we polished it, and it has been
> working fine. At least as good as the Emerald version. My users have
> been using it for quite some time. It will be fairly trivial to add it
> to Imprudence.
>
> McCabe did bring up some issues with the UI. We are using the same UI
> that was used in Emerald, with two exceptions. One was I put it's
> prefs into it's own dialog, in the same way as IM auto-response options
> (it's even close to that button). The other was a departure from every
> other OTR implementation, where they all follow the original confusing
> menu. I turned it into a smart button that keeps track of what state
> OTR is in, and switches itself when needed. Note that I stayed with
> the original OTR text in order to not confuse existing OTR users.
>
> McCabe suggested that "OTR" is not very descriptive for those that
> don't know what it is. On the other hand, it's "OTR" that people are
> asking for, they might object if we give them OTR, but call it
> something else. Any other descriptive label might be a bit long to fit
> into the UI.
>
> Here are some screenshots of OTR in meta-impy. These images do not
> show the smart button drop down menus, or the hover tips, seems the
> viewer can't capture those in screenshots.
>
> http://onefang.net/downloads/OTR_Imprudence_001.png
>
> The default, with OTR not being active. This is an unencrypted IM as
> would normally happen if OTR did not exist. McCabe suggested that "Not
> private" was misleading, as it's as private as IMs usually are. "Not
> encrypted" is probably better.
>
> Also shown is the preferences window, with the little OTR prefs window
> open.
>
> http://onefang.net/downloads/OTR_Imprudence_002.png
>
> After clicking on the OTR smart button, it changes to "Unverified".
>
> OTR has a procedure for verifying the person you are talking to really
> IS that person. The smart buttons drop down menu allows you to start
> that process. Also in the picture is the dialog used for that
> verification process. The next three photos show variations of that
> dialog.
>
> http://onefang.net/downloads/OTR_Imprudence_003.png
> http://onefang.net/downloads/OTR_Imprudence_004.png
> http://onefang.net/downloads/OTR_Imprudence_005.png
>
> http://onefang.net/downloads/OTR_Imprudence_006.png
>
> This is what you see while you wait for the other person to answer
> your question.
>
> Oops, I missed taking a photo of what it looks like from the other side
> when the question is asked, it looks similar to picture 2, just with
> the question greyed out.
>
> http://onefang.net/downloads/OTR_Imprudence_007.png
>
> What the other person sees after they have answered the question
> correctly. Note that verification is one way, at this point the second
> person is verified to the first, but not the other way around.
>
> http://onefang.net/downloads/OTR_Imprudence_008.png
>
> What the original person sees after the verification is complete. Note
> that the smart button automatically changed to "Private". This is what
> you see instead of "Unverified" when you are using OTR with someone you
> verified eaorlier. The second person is still seeing "Unverified" at
> this point, since this verification only happened one way.
>
> http://onefang.net/downloads/OTR_Imprudence_009.png
>
> Showing the message you get when the other person logs off.
>
> http://onefang.net/downloads/OTR_Imprudence_010.png
>
> The message you get when you try to send to someone in "Finished"
> mode. Clicking on the smart button returns to "Not private".
>
> This is a deliberate feature of OTR by the OTR authors, and it's the
> one most annoying feature. It interacts badly with the unreliable
> nature of OpenSim and SL presence. You don't always know for sure if
> your friends are online or not, coz the servers don't always tell you.
> If they are online, but your viewer does not know it, then OTR gets
> really confused. For why it's a deliberate feature of OTR, go ask them.
>
> I see that some of this text should be changed, though the changes
> might end up being rather long texts. B-(
>
> "Not private" -> "Not encrypted" That's fine.
>
> "Unverified" -> "Encrypted, but unverified" Too long.
>
> "Private" -> "Encrypted and verified" Also too long.
>
> "Finished", actually this is the one I changed already, since the
> original was a menu item "End private conversation", which you can
> still see in picture 10. Guess I forgot to change that text to match.
> lol
>
> As you can see, with all those long words, it gets a bit too long. I
> could put the longer texts in the hover tips.
>
>
>
>
> _______________________________________________
> ImpDev mailing list
> ImpDev at lists.imprudenceviewer.org
> http://lists.imprudenceviewer.org/listinfo.cgi/impdev-imprudenceviewer.org
More information about the ImpDev
mailing list