Ask / Submit
316

[feature-request] XMPP OTR support in messages

asked 2013-12-25 22:54:49 +0300

mono gravatar image

updated 2016-05-14 20:04:52 +0300

null gravatar image

It would be nice if the xmpp / jabber chat would support OTR encryption.

Is Sailfish using "Telepathy", the reason why it doesn't yet support encryption?

It is now possible to use OTR with Telepathy, although as I understand this functionality has yet to be merged upstream, so it could take a while until it lands in Sailfish!

@nthn: How about you just stop with the vandalism if you have nothing to add to the request? Thanks.

edit retag flag offensive close delete

Comments

Being that facebook is also xmpp, it would be a very interesting feature to allow OTR usage in FBchat

dsilveira ( 2014-03-14 17:18:42 +0300 )edit

@dsilveira well, lets first get the online visibility working... on my jolla everyone on facebook is offline all the time

mlatu ( 2014-09-02 11:47:55 +0300 )edit

Facebook announced some time ago that they'll be dropping XMPP anyway, so don't get your hopes up too much. Better to start thinking about a read (and federated) XMPP server.

hobarrera ( 2014-10-16 16:19:07 +0300 )edit

Facebook? I knew about gogle. What are they dropping it in favor of?

I don't think that should be a big problem, just as long as the protocol is open, then telepathy can implement it

dsilveira ( 2014-10-16 17:20:08 +0300 )edit

"The Chat/XMPP service and API, located at chat.facebook.com, will not be available once 1.0 is deprecated.": https://developers.facebook.com/docs/apps/changelog

hobarrera ( 2014-10-16 20:41:06 +0300 )edit

7 Answers

Sort by » oldest newest most voted
45

answered 2013-12-26 00:16:29 +0300

Aard gravatar image

Yes, we're using telepathy, and unfortunately OTR support is a longstanding issue there. Once telepathy supports it (and it's unlikely we'll be the ones implementing it, at least not in the near future) it'll just require minimal UI glue from our side to get it supported. If you'd like that feature in please try to support implementing OTR in the telepathy project.

edit flag offensive delete publish link more

Comments

22

Looks like OTR has landed in telepathy-gabble http://blogs.gnome.org/xclaesse/2014/05/04/otr-in-empathy/

Blizzz ( 2014-05-04 13:53:44 +0300 )edit

@Blizzz whoa, great news!

tad ( 2014-05-04 15:10:46 +0300 )edit

finally! These gnome guys, what were they thinking, not prioritizing such an important feature

dsilveira ( 2014-05-12 16:52:17 +0300 )edit
17

So? Where's our UI glue? :)

hobarrera ( 2014-06-07 02:19:26 +0300 )edit
9

indeed, where is it?

mlatu ( 2014-09-02 11:40:14 +0300 )edit
43

answered 2014-05-11 17:46:47 +0300

Nokius gravatar image

So there is now OTR for Telepathy Source: https://freedomsponsors.org/core/issue/333/telepathy-should-support-otr-encryption

edit flag offensive delete publish link more

Comments

4

Great news!

nthn ( 2014-05-11 19:46:38 +0300 )edit
3

I just compiled Xavier Claessens OTR stuff from the otr branch of git://git.collabora.co.uk/git/user/xclaesse/telepathy-gabble.git. It requires updates to quite a lot of basic libraries like telepathy-glib so I didn't dare to install it. But with just a wrapper setting LD_LIBRARY_PATH around the fresh telepathy-gabble, I managed to at least make Jolla answer OTR Requests from Pidgin. There is no way to initate OTR from the phone and after some idle time messages are again sent unencrypted.

Eierkopp ( 2014-10-16 12:31:28 +0300 )edit

@Eierkopp: can you explain what exactly you did to make OTR work? I'd like to give it a try myself (and maybe other people want to try as well).

nthn ( 2014-10-25 20:36:02 +0300 )edit
2

Basically it's already obsolete since OTR is now merged into mainline telepathy. Anyway the autogen.sh/configure script will tell you, which software needs to be upgraded to compile telepathy-gabble. I think I needed a newer automake, telepathy-glib, libotr5-4.0.0 and a couple of development packages. I compiled and installed everything in a chroot environment because I didn't want to break normal phone operation. Then I changed the dbus configuration of telepathy gabble such that it runs the new binary with a proper LD_LIBRARY_PATH so that it finds its dependencies. ldd and strace help you finding the right settings. After killing the old telepathy-gabble dbus will automatically start the newer one, which is able to answer OTR requests.

There is obviously no UI support, i.e. starting an OTR chat is not possible and also authenticating buddies will not work. But if an OTR request comes in, it is properly answered and the conversation will be encrypted. dbus-monitor will display the encrypted messages.

Eierkopp ( 2014-10-26 11:07:08 +0300 )edit
39

answered 2014-10-21 14:03:29 +0300

dsilveira gravatar image

Great news

KDE Telepathy, has already implemented the required GUI glue to reveal Telepathy's OTR 3 support.

Now it's totally up to Jolla to put the interface glue to messages, because the Telepathy implementation just works, and it works really well (tested by me).

edit flag offensive delete publish link more

Comments

1

I'm wondering if, for the time being, there's some way to enable it by editing telepathy's settings via some other interface.

hobarrera ( 2014-10-21 15:37:48 +0300 )edit
3

nice. can you explain how do you do that? Hope jolla will work on it now (otr, (video)call, groupchat) and may be file transfer.

cvp ( 2014-10-21 15:39:18 +0300 )edit
2

I use archlinux, so I just got the recent update with the features shown in the linked blog post. If you use a different distro, you'll probably need to wait for the next version of your distro (*buntus are coming out this week).

dsilveira ( 2014-10-22 13:38:58 +0300 )edit
23

answered 2013-12-30 23:41:45 +0300

jbrooks gravatar image

To add a bit to Aard's answer:

The "right" way to implement OTR would be through Telepathy, but there is no framework to write it at that level. This is a problem preventing OTR support in a lot of Telepathy-using software, including Empathy and parts of KDE. I hope someone from one of those communities will start pushing an architecture for Telepathy that would allow OTR there.

There is another option: OTR can be implemented at the application level, above Telepathy. In our case, that would mean commhistory-daemon (which is opensource) and the messaging UI. There are some architectural complications, but it would be possible.

It's something I'm very interested in and I'd love for us to have, but I don't expect to have any time to work on it in the near future, unless the magic of opensource can provide parts of the implementation to start from.

edit flag offensive delete publish link more

Comments

9

Quick question: How about this as a starting point? https://bugs.launchpad.net/libtelepathy/+bug/296867/comments/132

v2px ( 2014-02-24 16:27:43 +0300 )edit
7

answered 2015-09-05 13:09:11 +0300

nthn gravatar image

OMEMO now exists, by definition it's already a lot better than OTR because you can use it with multiple devices and it doesn't have problems with beginning/ending sessions either. 'Only' needs to be implemented in Telepathy!

http://conversations.im/omemo/

edit flag offensive delete publish link more

Comments

3

it's only in a prototype stage... long way to go

virgi26 ( 2015-09-05 15:20:54 +0300 )edit
1

I think given the fact that OMEMO is already lightyears ahead of OTR in terms of actually working, I can safely say OTR is the one with a long way to go. Or actually, a very short one - death.

nthn ( 2015-09-05 15:48:34 +0300 )edit

Uh, when did OTR stop working?

null ( 2015-09-05 16:27:46 +0300 )edit
2

@null: it never worked properly. Having to start/end sessions every time you want to talk to someone is a royal pain. Your messages are only encrypted to one of your recipient's devices - good luck choosing the right one to start talking to. All their other devices can't read anything you said. You can't read anything you said yourself from another device either, even if you use the same OTR keys for all devices. OTR error messages everywhere, and then some. There's no point at all in offering any support for it anymore (well, until OMEMO is supported in clients other than Conversations, of course).

nthn ( 2015-09-05 17:05:01 +0300 )edit
1

Never had a problem with sessions, a properly configured client starts them automatically.

And why would I want to read the messages on all my devices? It kind of defeats the purpose of end-to-end encryption when I'm messaging securely on my phone while someone sitting at my desktop could read everything.

null ( 2015-09-05 17:16:01 +0300 )edit
3

answered 2014-03-31 23:04:01 +0300

domnk gravatar image

@jbrook: thank you for the honest answer?

@all: how do i know that the connection really uses ssl/tsl, when i communicate via my xmpp-account on my jolla?

edit flag offensive delete publish link more

Comments

3

If your run your own server, you can select to require encryption for client connections. If a client tries to connect using an unencrypted link, the connection will fail. Also, you can require encrypted connections on the device as well, using a terminal command. To give you a pointer: mc-tool update <account name=""> bool:require-encryption=1.</account>

Fuzzillogic ( 2014-03-31 23:45:23 +0300 )edit

thanks i will try your terminal tipp tomorrow

domnk ( 2014-03-31 23:54:14 +0300 )edit
5

require-encryption defaults to true. We also validate SSL certificates by default. There is no option in the UI to disable encryption (it's quite uncommon with modern XMPP), but you can disable SSL validation through the UI if you wish.

jbrooks ( 2014-04-01 16:15:23 +0300 )edit
2

@domnk, @mcantsin is right, please move this answer to a comment, because that's what it is.

dsilveira ( 2014-04-16 14:46:19 +0300 )edit
3

answered 2016-04-23 12:55:58 +0300

Mikaela gravatar image

I opened the separate thread on OMEMO here: https://together.jolla.com/question/133414/feature-request-omemo-support/

I know I probably shouldn't make this an answer, but I cannot make any sense of the comment threads as everyone is just arguing OMEMO vs OTR. I am also now removing my vote for this thread and unfollow it.

edit flag offensive delete publish link more
Login/Signup to Answer

Question tools

Follow
58 followers

Stats

Asked: 2013-12-25 22:54:49 +0300

Seen: 6,517 times

Last updated: May 14 '16