ChatSecure-iOS
ChatSecure-iOS copied to clipboard
ChatSecure
Chatsecure sends encrypted messages to clients, who are not aware of it
hey there,
As much as I appreciate that chatsecure can do OTR and OMEMO encryption, this might not always be the best choice. I am running my own server and using MAM to store the messages on my server. Furthermore, I am running a console xmpp client on my server to chat with my family members.
The problem with chatsecure is, that it often sends OTR encrypted messages without being asked to do so, and without telling the user it did so unsuccessfully. Furthermore, I can't find and deactivate the "automatically use OTR encryption" setting any more under the account details. Where did it go?
I would appreciate it, if chatsecure would let the user know that the corresponding chat partner doesn't support the OTR encryption and thus the transmission didn't work. At the moment my friends think that they sent me auccessfully a message, but in reality, I didn't receive anything.
Only when I am asked by my friends the next day "didN't you read my messages?", and then I tell them "NO, which message??"... and afterwards I check my server logs, I find something like that:
14:31:27 SEND ID=98E0CDED-6A89-4DFA-85A1-720FEF45DF81 : [email protected]: ?OTRv23? [email protected] has requested an Off-the-Record private conversation. However, you do not have a plugin to support that. See https://otr.cypherpunks.ca/ for more information. 14:31:27 SEND ID=D75E3710-5375-4E34-8E45-47A41E9AC373 : [email protected]: ?OTRv23? [email protected] has requested an Off-the-Record private conversation. However, you do not have a plugin to support that. See https://otr.cypherpunks.ca/ for more information. 14:31:28 RECV ID=prof_6890 : [email protected]: ?OTR:AAICAAAAxHLa1kLcyGVjVx1TuxGgSQ+pyBEIk+iUneNo2pNRHb1z6ouwqAnDvWwFxJI0mX7armp2qZl2oDbUxXbEViyAchXe8REbrLaENnkrR/wVT6700zJ/vySJ1KnJwzPyYrb+iRvFDAaB4nVbll5KI0HRmaXTa4I8RNkUB/jbflkNxSsRWR/aM7/pxFg44O0tRhyvUNvQ7obGJI3FjJwndvwfkap1RqN5Kt6Fqt6+qAlYX8veUjYzgdD52rtVwAonsvgF2GSe0WAAAAAg4caKvFMkLATaJnO+iWo42gztRt64VwA2VGWtudZt/Qg=.
Only by checking the server logs, I can see, that an encrypted message was sent. My xmpp console client showed nothing. and the chatsecure app didn't report any error.
Maybe anyone can tell me, how to tell chatsecure to never use any encryption with one contact. Or how to make sure, that a chatsecure user can find out that actually the message wasn't communicated successfully, such that the other could read it.
greets
You can't control how others send you messages, but you can configure your outgoing encryption options on a per-contact basis by going to the contact's profile view (i) button -> Advanced Encryption Settings.
We also only send delivery receipts (checkmarks) when messages are successfully decrypted so that can be a hint that something is going wrong.
Thanks Chris. I looked under the general settings, but didn't find the "auto encryption" setting, and probably was to unfamiliar with iphone to find the contact settings. I will try to find them next time, I will meet my friend and report back, if that solved the issue.
chris, you were right! This settings under "advanced encryption settings" for each user works. maybe, one little improvement proposal: If the advanced settings are changed, it is maybe better to show tthese settings immediately next time. At the moment you have to tick again to see the advanced settings, even though they have been modified before.
Anyway, thank you for your great work!
cheers
This is unfortunately one of the biggest issues for us right now. ChatSecure tries to initiate OTR sessions even when none of the clients a recipient is online with support OTR.
Does ChatSecure remember OTR support based on the resource name? The receiving user may have been online with an OTR capable client in the past but I also already received OTR encrypted messages on a client that definitely never advertised OTR support.
Can I be of help in debugging this? I don't really know where to start, to be honest. I just had another user who tried to contact me from a fresh ChatSecure installation (on a new device) and I only received OTR-encrypted messages that my desktop client wasn't able to decrypt. On my end, I'm using Gajim (not advertising OTR support) and Conversations. The latter didn't display the messages at all.
The same for me. I am online with gajim and conversations, both with enabled OMEMO. A friend is sending me a message from ChatSecure, sometimes I receive it OMEMO-encrypted on both devices, sometimes, I only receive encrypted and not readable messages on gajim. Using gajim 1.0.0 I don't have the OTR-Plugin enabled. This is really annoying, since it leads to message loss. The strange thing is that sometimes I get these OTR-messages in gajim, although the chat partner didn't send anything. Maybe some status changes? I don't know.
