[impdev] Adding OTR to Imprudence.

Matthew Nitti zatzai at zatzai.com
Thu Jan 26 13:13:03 PST 2012 

Out of curiosity, what form and level of encryption does this use? My 
old friends and I always defaulted to communications outside of SL when 
we wanted to be secure, not just from other users but from LL themselves 
listening in.

-Matthew Nitti | ZATZAi

On 1/25/2012 4:53 PM, David Seikel wrote:
> OTR - Off The Record (which is end to end IM encryption with
> deniability) was brought up at the meeting today, though mostly in
> private discussion with McCabe.  We thought it best to leave that
> discussion to the mailing list.  People are asking for OTR to be added
> to other viewers it seems, I'm happy to help with that.
>
> I kinda volunteered to help put out a final release of Imprudence if the
> team decides to go with Kokua an Sunday.  Either way, I think this
> would still apply.
>
> Long ago Chris added OTR to meta-impy, which is my fork of Imprudence
> 1.4.  I helped out a bit with the UI stuff.  We did not quite have it
> ready in time for the 1.4 feature freeze, so it did not make it in.  On
> the other hand, in the long time since that feature freeze, other new
> features have been added to Imprudence.  I guess the feature freeze is
> over?  McCabe thought it would be OK to add OTR into Imprudence.
>
> OTR in meta-impy was based on the Emerald version (which Chris had done
> to start with).  It was actually quite easy to slip it into meta-impy,
> almost worked first time.  Since then, we polished it, and it has been
> working fine.  At least as good as the Emerald version.  My users have
> been using it for quite some time.  It will be fairly trivial to add it
> to Imprudence.
>
> McCabe did bring up some issues with the UI.  We are using the same UI
> that was used in Emerald, with two exceptions.  One was I put it's
> prefs into it's own dialog, in the same way as IM auto-response options
> (it's even close to that button).  The other was a departure from every
> other OTR implementation, where they all follow the original confusing
> menu.  I turned it into a smart button that keeps track of what state
> OTR is in, and switches itself when needed.  Note that I stayed with
> the original OTR text in order to not confuse existing OTR users.
>
> McCabe suggested that "OTR" is not very descriptive for those that
> don't know what it is.  On the other hand, it's "OTR" that people are
> asking for, they might object if we give them OTR, but call it
> something else.  Any other descriptive label might be a bit long to fit
> into the UI.
>
> Here are some screenshots of OTR in meta-impy.  These images do not
> show the smart button drop down menus, or the hover tips, seems the
> viewer can't capture those in screenshots.
>
> http://onefang.net/downloads/OTR_Imprudence_001.png
>
> The default, with OTR not being active.  This is an unencrypted IM as
> would normally happen if OTR did not exist.  McCabe suggested that "Not
> private" was misleading, as it's as private as IMs usually are.  "Not
> encrypted" is probably better.
>
> Also shown is the preferences window, with the little OTR prefs window
> open.
>
> http://onefang.net/downloads/OTR_Imprudence_002.png
>
> After clicking on the OTR smart button, it changes to "Unverified".
>
> OTR has a procedure for verifying the person you are talking to really
> IS that person.  The smart buttons drop down menu allows you to start
> that process.  Also in the picture is the dialog used for that
> verification process.  The next three photos show variations of that
> dialog.
>
> http://onefang.net/downloads/OTR_Imprudence_003.png
> http://onefang.net/downloads/OTR_Imprudence_004.png
> http://onefang.net/downloads/OTR_Imprudence_005.png
>
> http://onefang.net/downloads/OTR_Imprudence_006.png
>
> This is what you see while you wait for the other person to answer
> your question.
>
> Oops, I missed taking a photo of what it looks like from the other side
> when the question is asked, it looks similar to picture 2, just with
> the question greyed out.
>
> http://onefang.net/downloads/OTR_Imprudence_007.png
>
> What the other person sees after they have answered the question
> correctly.  Note that verification is one way, at this point the second
> person is verified to the first, but not the other way around.
>
> http://onefang.net/downloads/OTR_Imprudence_008.png
>
> What the original person sees after the verification is complete.  Note
> that the smart button automatically changed to "Private".  This is what
> you see instead of "Unverified" when you are using OTR with someone you
> verified eaorlier.  The second person is still seeing "Unverified" at
> this point, since this verification only happened one way.
>
> http://onefang.net/downloads/OTR_Imprudence_009.png
>
> Showing the message you get when the other person logs off.
>
> http://onefang.net/downloads/OTR_Imprudence_010.png
>
> The message you get when you try to send to someone in "Finished"
> mode.  Clicking on the smart button returns to "Not private".
>
> This is a deliberate feature of OTR by the OTR authors, and it's the
> one most annoying feature.  It interacts badly with the unreliable
> nature of OpenSim and SL presence.  You don't always know for sure if
> your friends are online or not, coz the servers don't always tell you.
> If they are online, but your viewer does not know it, then OTR gets
> really confused.  For why it's a deliberate feature of OTR, go ask them.
>
> I see that some of this text should be changed, though the changes
> might end up being rather long texts.  B-(
>
> "Not private" ->  "Not encrypted"  That's fine.
>
> "Unverified" ->  "Encrypted, but unverified"  Too long.
>
> "Private" ->  "Encrypted and verified"  Also too long.
>
> "Finished", actually this is the one I changed already, since the
> original was a menu item "End private conversation", which you can
> still see in picture 10.  Guess I forgot to change that text to match.
> lol
>
> As you can see, with all those long words, it gets a bit too long.  I
> could put the longer texts in the hover tips.
>
>
>
>
> _______________________________________________
> ImpDev mailing list
> ImpDev at lists.imprudenceviewer.org
> http://lists.imprudenceviewer.org/listinfo.cgi/impdev-imprudenceviewer.org

More information about the ImpDev mailing list