Closed Bug 1552283 Opened 5 years ago Closed 5 years ago

OTR: Use the terms encryption and private more consistently and precisely (will implement in bug 1550487)

Categories

(Chat Core :: Security: OTR, enhancement)

Product:
Chat Core
Component:
Security: OTR
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: KaiE, Unassigned)

References

Details

I have reviewed the OTR wording we're introducing in bug 1518172, and I think we need to improve it, to be more consistent regarding the terms "encryption" and "private".

The label of the status button says "Encryption status", and the values can be "insecure", "unverified" or "private". This means, we're using "encryption" as an umbrella term. In other words, we're either signaling "unverified encryption", or "private encryption".

Consequently, we should be very careful to use the term "private" only if we have verified the identity = "private encryption".

We have many strings, which are dual purpose, they could be used with either unverified or private connections.

I suggest that all wordings, that might be used in an unverified context should avoid the term "private", but rather use our more general umbrella term "encrypted".

I will add my suggestions in the next comment.

Besides the consistency mentioned, I suggest some additional improvements.

For the help text in the verification dialog, which I think is fine to be slightly longer:

Old:
Verifying a contact's identity helps ensure that the person you are talking to is who they claim to be.

New:
Verifying a contact's identity helps ensure that a private chat is with the intended person, and makes it very difficult for an attacker to read or manipulate your conversation.

In one place our text uses the acronym GPG. I think we should rather use the more general term OpenPGP.

New:
To verify the fingerprint, contact your intended chat partner via some other authenticated channel, such as the telephone or OpenPGP-signed email. Each of you should tell your fingerprint to the other. If everything matches up, you should indicate in the dialog below that you have verified the fingerprint.

Here I added a warning sentence in the middle:

Old:
To verify their identity, pick a secret known only to you and your contact. Enter this secret, then wait for your contact to enter it as well. If the secrets do not match, then you may be talking to an imposter.
New:
To verify their identity, pick a secret known only to you and your contact. Don't use the same Internet connection to exchange the secret. Enter this secret, then wait for your contact to enter it as well. If the secrets do not match, then you may be talking to an imposter.

Old:
{ $name } has already closed their private connection to you. Your message was not sent. Either end your private conversation, or restart it.
New:
{ $name } has already closed their encrypted connection to you. To avoid that you accidentally send a message without encryption, your message was not sent. Either confirm that you wish to end your encrypted conversation, or restart it.

Old:
An OTR error occured.
New:
An unexpected error occured while trying to protect your conversation using OTR.

Old:
Private conversation with { $name } started. However, their identity has not been verified.
New:
An encrypted conversation with { $name } started. You should verify the contact's identity to ensure that you are talking to the intended person.

Old:
Successfully refreshed the private conversation with { $name }.
New:
Successfully refreshed the encrypted conversation with { $name }.

Old:
Error occurred encrypting message.
New:
An error occurred while encrypting the message.

Old:
{ $name } has ended their private conversation with you; you should do the same.
New:
{ $name } has ended their encrypted conversation with you; you should do the same.

Old:
{ $name } has requested an Off-the-Record (OTR) private conversation. However, you do not have a plugin to support that. See https://en.wikipedia.org/wiki/Off-the-Record_Messaging for more information.
New:
{ $name } has requested an Off-the-Record (OTR) encrypted conversation. However, you do not have a plugin to support that. See https://en.wikipedia.org/wiki/Off-the-Record_Messaging for more information.

Old:
Start private conversation
New:
Start encrypted conversation

Old:
End private conversation
New:
End encrypted conversation

Old:
Refresh private conversation
New:
Refresh encrypted conversation

Old:
Attempting to start a private conversation with { $name }.
New:
Attempting to start an encrypted conversation with { $name }.

Old:
Attempting to refresh the private conversation with { $name }.
New:
Attempting to refresh the encrypted conversation with { $name }.

Old:
Private conversation with { $name } ended.
New:
Encrypted conversation with { $name } ended.

Old:
The current conversation is private but the identity of { $name } has not been verified.
New:
The current conversation is encrypted but the identity of { $name } has not been verified.

Old:
The current conversation is private and the identity of { $name } has been verified.
New:
The identity of { $name } has been verified. The current conversation is encrypted and private.

Old:
{ $name } has ended their private conversation with you; you should do the same.
New:
{ $name } has ended their encrypted conversation with you; you should do the same.

Type: defect → enhancement
Flags: needinfo?(ryan)

Alex, do you agree with my conclusion and suggestions?

Ryan, thanks a lot for your recent review of the strings. Here are a few updates, might I ask you to please have another look?

Flags: needinfo?(alessandro)

I think this is a great suggestion.
I like the consistency and the general "encryption" umbrella.
Carefully using the word "private" only when the conversation is actually fully encrypted and verified, makes the workflow more clear and removes a lot of potential misunderstanding.
I like it!

Flags: needinfo?(alessandro)
Flags: needinfo?(mkmelin+mozilla)

(In reply to Kai Engert (:kaie:) from comment #1)

Old:
Verifying a contact's identity helps ensure that the person you are
talking to is who they claim to be.

New:
Verifying a contact's identity helps ensure that a private chat is with
the intended person, and makes it very difficult for an attacker to read or
manipulate your conversation.

s/chat/conversation? here and elsewhere?

attacker may be a bit too jargon. how about "a 3rd party"

In one place our text uses the acronym GPG. I think we should rather use the
more general term OpenPGP.

New:
To verify the fingerprint, contact your intended chat partner via some
other authenticated channel, such as the telephone or OpenPGP-signed email.
Each of you should tell your fingerprint to the other. If everything matches
up, you should indicate in the dialog below that you have verified the
fingerprint.

I think I suggested something in the other bug. Re OpenPGP, sure.

Old:
{ $name } has already closed their private connection to you. Your message
was not sent. Either end your private conversation, or restart it.
New:
{ $name } has already closed their encrypted connection to you. To avoid
that you accidentally send a message without encryption, your message was
not sent. Either confirm that you wish to end your encrypted conversation,
or restart it.

s/wish/want

Not sure about context, but maybe the last sentence is not needed but all that's needed is the proper buttons?

Old:
An OTR error occured.
New:
An unexpected error occured while trying to protect your conversation
using OTR.

occurred with two r's

Old:
Private conversation with { $name } started. However, their identity has
not been verified.
New:
An encrypted conversation with { $name } started. You should verify the
contact's identity to ensure that you are talking to the intended person.

Maybe it would be better with:

An encrypted conversation started. You should verify the identity of with { $name } to ensure nobody can eavesdrop on the conversation.

Old:
{ $name } has ended their private conversation with you; you should do the
same.
New:
{ $name } has ended their encrypted conversation with you; you should do
the same.

Agreed. Do we need the "you should do the same"? No other choice, I'd assume.

Old:
{ $name } has requested an Off-the-Record (OTR) private conversation.
However, you do not have a plugin to support that. See
https://en.wikipedia.org/wiki/Off-the-Record_Messaging for more information.
New:
{ $name } has requested an Off-the-Record (OTR) encrypted conversation.
However, you do not have a plugin to support that. See
https://en.wikipedia.org/wiki/Off-the-Record_Messaging for more information.

We shouldn't link to 3rd parties, so can we drop the last sentence.
But, what's this about, what plugin?

Old:
Start private conversation
New:
Start encrypted conversation

an?

Old:
End private conversation
New:
End encrypted conversation

the?

Old:
Refresh private conversation
New:
Refresh encrypted conversation

the?

Old:
Attempting to start a private conversation with { $name }.
New:
Attempting to start an encrypted conversation with { $name }.

Old:
Attempting to refresh the private conversation with { $name }.
New:
Attempting to refresh the encrypted conversation with { $name }.

Old:
Private conversation with { $name } ended.
New:
Encrypted conversation with { $name } ended.

The encrypted .....

Old:
{ $name } has ended their private conversation with you; you should do the
same.
New:
{ $name } has ended their encrypted conversation with you; you should do
the same.

The "you should do the same" - is it needed?

Flags: needinfo?(mkmelin+mozilla)

(In reply to Magnus Melin [:mkmelin] from comment #4)

attacker may be a bit too jargon. how about "a 3rd party"

"a third party" is fine with me.

Or should we say "hacker"?

(In reply to Magnus Melin [:mkmelin] from comment #4)

Old:
{ $name } has already closed their private connection to you. Your message
was not sent. Either end your private conversation, or restart it.
New:
{ $name } has already closed their encrypted connection to you. To avoid
that you accidentally send a message without encryption, your message was
not sent. Either confirm that you wish to end your encrypted conversation,
or restart it.

s/wish/want

Not sure about context, but maybe the last sentence is not needed but all that's needed is the proper buttons?

This text appears as a system message in the middle of a conversation, between other messages exchanged, we don't have buttons there. Not sure if we could add a button there.

Thinking about the last sentence again, a request to confirm might be confusing, because don't show a prompt.
I'll replace the last sentence with "Please end your encrypted conversation, or restart it."

Old:
Private conversation with { $name } started. However, their identity has
not been verified.
New:
An encrypted conversation with { $name } started. You should verify the
contact's identity to ensure that you are talking to the intended person.

Maybe it would be better with:

An encrypted conversation started. You should verify the identity of with { $name } to ensure nobody can eavesdrop on the conversation.

Sounds good, and I'll remove "with".

Agreed. Do we need the "you should do the same"? No other choice, I'd assume.

Yeah, this hint is necessary, to educate and remind the user. Further outgoing messages won't be sent, until the user does that, to protect from accidentally sending unencrypted messages (e.g. hitting enter quickly after the encrypted channel ended).

Old:
{ $name } has requested an Off-the-Record (OTR) private conversation.
However, you do not have a plugin to support that. See
https://en.wikipedia.org/wiki/Off-the-Record_Messaging for more information.
New:
{ $name } has requested an Off-the-Record (OTR) encrypted conversation.
However, you do not have a plugin to support that. See
https://en.wikipedia.org/wiki/Off-the-Record_Messaging for more information.

We shouldn't link to 3rd parties, so can we drop the last sentence.
But, what's this about, what plugin?

We never show this message!

This text is sent to a remote conversation partner, as part of the handshake message. Receiving OTR supporting software will never display it. Only receiving software that doesn't support OTR will show it.

(This also includes old Thunderbird software, which doesn't support OTR or doesn't have OTR enabled. The message won't be shown as part of user interface. It will appear as a message received from the remote conversation partner. I think it makes sense to include that link, it makes it easier for users receiving it to learn what's going on.)

Old:
Start private conversation
New:
Start encrypted conversation

an?

yes, I will change all those places.

I intend to apply these string changes as part of the ongoing work for bug 1550487, to avoid overlap between different patches.

Summary: OTR: Use the terms encryption and private more consistently and precisely → OTR: Use the terms encryption and private more consistently and precisely (will implement in bug 1550487)

I think we had a lot of feedback already, so dropping needinfo for Ryan (but still open to suggestions, if you have any).

Flags: needinfo?(ryan)

improvements landed with bug 1550487.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Component: General → Security: OTR
You need to log in before you can comment on or make changes to this bug.