Closed Bug 1187460 Opened 5 years ago Closed 2 years ago

Implement UI for OTR

Categories

(Instantbird :: Conversation, defect)

defect
Not set

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: florian, Unassigned)

References

(Depends on 1 open bug)

Details

We don't want the encryption UI to be in the way for most users. We should unobtrusively help them increase the privacy of their conversations without ever getting in the way.

For some specific users (eg. Tor Messenger users) though, encryption is more than a 'nice to have', and the UI should do more to enforce conversations are actually encrypted.


The preference window should be modified so that we can have some space in the privacy tab.
We should create a security tab in which the password section of the current privacy tab could go.
In the privacy tab, we should add an "Encryption" section ('Off-The-Record' should be mentioned in a label so that people looking for OTR know that this is it).

The Encryption section should have a drop down labeled "Encrypt conversations" with the possible values being 
  * "never" (not completely sure if this state needs to be exposed in the UI, but it at least needs to be possible from about:config to completely turn off OTR), 
  * "upon request" (in this case the encryption would be started when the other person sends an OTR tag, or when the user clicks a button in the conversation UI), 
  * "whenever possible" (in this case we would send the magic whitespace in the first message = opportunistic encryption),
   * "always" (in which case we would prevent users from talking without encryption).

I assume Tor Messenger will set this by default to "always". Instantbird will set this by default to "whenever possible".

Collected fingerprints from previous conversations and the user's own fingerprints should also be viewable from here e.g. via a button opening a separate window (as in the current OTR preferences in the addon).


In the conversation UI, there will be an icon next to the protocol icon. This icon has several possible images depending on the encryption state of the conversation:
1 - open lock (grey, possibly red in "always OTR" mode): the conversation isn't OTR-encrypted. We should never say that the conversation is not encrypted, because this could be misleading (it's not unlikely that the connection is SSL encrypted up to the server). This icon should have a tooltip to explain the what the button will do when clicked. Something like "Start OTR encryption". Clicking the button makes it change to the "open lock with animated throbber" state:
2 - open lock with animated throbber: the tooltips can be more technical, e.g. "Generating fingerprint" (the fingerprint for the account should be lazily generated the first time we attempt to use it), "Exchanging fingerprints", etc...
3 - closed lock (green or blue). The button now opens a doorhanger panel when clicked. The panel shows descriptive text: 
"This conversation is end to end encrypted; eavesdropping is not possible.
The identity of this contact has not been verified. " with a "[Verify identity]" button. Pressing that button opens a dialog to start the verification flow (very similar to what already exists in the ctype-otr add-on).
While the verification process is ongoing,
4 - closed lock with a question mark. The doorhanger now has the last sentence replaced with "The identity of this contact is being verified." The button now says "More Info" and still opens the same dialog, that shows both fingerprints and offers to change the verification flow being used.
5 - Closed lock with a checkmark: Same as before except the last sentence says "The identity of this contact has been verified" The "More Info" button is still available to show the fingerprints, and reverify the identity if so desired by the user.

System messages should show the start and end of an encrypted session. The above icons show that the negotiation is occurring so we don't need any system message until it is done. Once it's done, we show: "Your conversation with <name> is now end-to-end encrypted to prevent eavesdropping." or something.

The end of an encrypted session should be signaled clearly to the user (possibly including a notification bar and/or changing the background color of the input box to indicate the current state).
Alias: arlolra@gmail.com
On the behalf of Florian:
Closing bugs related to the Instantbird UI as WONTFIX, as the development of the standalone chat client Instantbird has stopped. Instantbird users are encouraged to migrate to Thunderbird. The user interface of instant messaging in Thunderbird will feel familiar, as the Thunderbird IM support started as a fork of Instantbird.
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → WONTFIX
On the behalf of Florian:
Closing bugs related to the Instantbird UI as WONTFIX, as the development of the standalone chat client Instantbird has stopped. Instantbird users are encouraged to migrate to Thunderbird. The user interface of instant messaging in Thunderbird will feel familiar, as the Thunderbird IM support started as a fork of Instantbird.
You need to log in before you can comment on or make changes to this bug.