Opened 4 years ago

Closed 4 years ago

Last modified 5 months ago

#13757 closed enhancement (fixed)

Make it clearer which protocols go over Tor (all?) and which use OTR (all? for everything?)

Reported by: karsten Owned by: sukhbir
Priority: Medium Milestone:
Component: Archived/Tor Messenger Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

The Tor Messenger protocol screen lists five protocols, but it leaves it somewhat unclear what security properties one gets when selecting one of them.

For example, they all go over Tor, for everything, right? Maybe add a sentence "All protocols will be routed over the Tor network." to the window. Or say "IRC over Tor", "XMPP over Tor", etc.

And which of these protocols support OTR? Is this enforced in a way that no plain-text messages will be transmitted? How about saying something like: "All protocols will use Off-the-Record messaging if available."? Or if only some protocols support OTR, how about saying "IRC over Tor with OTR support"?

Disclaimer: I'm not a usability person. (As if that wasn't already obvious.)

Child Tickets

Change History (5)

comment:1 Changed 4 years ago by sukhbir

Owner: set to sukhbir
Status: newassigned

comment:2 in reply to:  description Changed 4 years ago by arlolra

For example, they all go over Tor, for everything, right?

Yes.

Maybe add a sentence "All protocols will be routed over the Tor network." to the window. Or say "IRC over Tor", "XMPP over Tor", etc.

Seems reasonable; I weakly prefer the former.

And which of these protocols support OTR?

OTR was designed to be agnostic to the transport protocol so, ideally, all of them. The caveat being that it's a 2-party protocol. Maybe a line to the effect of, "OTR will be enabled in one-on-one conversations."

Is this enforced in a way that no plain-text messages will be transmitted?

Yes. The default will be to enable OTR with the policy that encryption is required.

How about saying something like: "All protocols will use Off-the-Record messaging if available."? Or if only some protocols support OTR, how about saying "IRC over Tor with OTR support"?

We'd need to distinguish between IRC chats rooms and 1-1 conversations. Same for XMPP MUCs.

Disclaimer: I'm not a usability person. (As if that wasn't already obvious.)

Hopefully we can get researchers interested and a proper usability study.

comment:3 in reply to:  description Changed 4 years ago by sukhbir

Replying to karsten:

The Tor Messenger protocol screen lists five protocols, but it leaves it somewhat unclear what security properties one gets when selecting one of them.

For example, they all go over Tor, for everything, right? Maybe add a sentence "All protocols will be routed over the Tor network." to the window. Or say "IRC over Tor", "XMPP over Tor", etc.

We have added this label (the former) on the protocol screen. I have not added anything about OTR; we can decide where that will go.

comment:4 Changed 4 years ago by sukhbir

Resolution: fixed
Status: assignedclosed

Closing this as we have added the label.

comment:5 Changed 5 months ago by traumschule

<+sukhe> hello. yes, I think it's fine to close the tickets. thanks for doing what we should done earlier :)

sad but true:
https://blog.torproject.org/sunsetting-tor-messenger

luckily there are alternatives:
https://blog.torproject.org/tor-heart-onion-messaging

.. and maybe someday

Note: See TracTickets for help on using tickets.