[jitsi-users] Big problem: sending unencrypted chat messages when it shouldn't


#1

I've got Jitsi running on two PCs on my LAN to test.

If I send from my google account to another google account, that
correctly won't send messages unless I've got a private conversation
started (it tells the other user that I'm writing a message but not
the contents and I get "You sent me an unreadable encrypted message"
back and then it autostarts a private conversation).

However, if I send from my jabberd.eu account to another jabberd.eu
account (or a jabber.ccc.de account), it sends the messages
unencrypted and doesn't warn me at all (it says on the other machine
"This message was sent unencrypted". Now if I send a message back from
the chat window opened on the second machine, it works as expected and
the same thing happens as with the google account. It also works if I
start the chat from the second machine but the first machine can End
Private Conversation and then send unencrypted messages back.

After doing this, with Private Conversation on I now don't receive
messages on either machine, even though it shows in the chat window "x
is typing a message". Only with it off do the messages come through

I'm sure when I first noticed this problem yesterday that it was
sending the messages unencrypted from the second machine, when I
started the chat there but it seems to be the other way round now.

I'm a bit confused as to why it has:

Start Private Conversation

and

Enable Private Messaging
Automatically Initiate Private Messaging
Require Private Messaging

as I'd expect, with Require enabled, it would automatically start all
chats with it enabled but if I End a Private Conversation (which I'm
not sure why that's even an option, especially if Require is enabled)
then when I next open a chat, Private Conversation is not started
.What's the difference between Private Messaging and Private
Conversation anyway?

All accounts have "Allow non-secure connections" disabled.

On another matter, I'm having trouble with jabber.ccc.de and have
created two accounts on there which I can't login to. I might have
forgotten the password for the first one but I made a note of the
second. I've just tried to create a third but if I try and use my
first username, nothing happens (I presume it's rejecting it because
it already exists but it doesn't say anything). When I used a
different username, the Create Account window just shrunk and froze up
and crashed Jitsi and I had to kill it with Task Manager.

Also, I just tried to drag a contact from one group to another (a
jabber.ccc.de contact from a group named jabber.ccc.de into a group
named jabberd.eu) and after confirming, it just disappeared! Actually,
I see what's happened, it's merged the two contacts for some reason.
Why would someone want to merge contacts, doesn't that make it
impossible to select which one for chatting?

I also managed to get duplicates of a contact listed. I think I added
an entry for the contact and named it with the person's name and then
later when I received a message/authorisation request from the user,
it added a second entry showing just the jabberd.eu address.


#2

Hey Derek,

(Comments inline)

I've got Jitsi running on two PCs on my LAN to test.

If I send from my google account to another google account, that
correctly won't send messages unless I've got a private conversation
started (it tells the other user that I'm writing a message but not
the contents and I get "You sent me an unreadable encrypted message"
back and then it autostarts a private conversation).

However, if I send from my jabberd.eu account to another jabberd.eu
account (or a jabber.ccc.de account), it sends the messages
unencrypted and doesn't warn me at all (it says on the other machine
"This message was sent unencrypted". Now if I send a message back from
the chat window opened on the second machine, it works as expected and
the same thing happens as with the google account. It also works if I
start the chat from the second machine but the first machine can End
Private Conversation and then send unencrypted messages back.

After doing this, with Private Conversation on I now don't receive
messages on either machine, even though it shows in the chat window "x
is typing a message". Only with it off do the messages come through

I'm sure when I first noticed this problem yesterday that it was
sending the messages unencrypted from the second machine, when I
started the chat there but it seems to be the other way round now.

I'm a bit confused as to why it has:

Start Private Conversation

and

Enable Private Messaging
Automatically Initiate Private Messaging
Require Private Messaging

Thanks for the comments. We are currently looking at similar issues. We'll
write here when we are ready for additional testing

On another matter, I'm having trouble with jabber.ccc.de and have
created two accounts on there which I can't login to. I might have
forgotten the password for the first one but I made a note of the
second. I've just tried to create a third but if I try and use my
first username, nothing happens (I presume it's rejecting it because
it already exists but it doesn't say anything). When I used a
different username, the Create Account window just shrunk and froze up
and crashed Jitsi and I had to kill it with Task Manager.

Also, I just tried to drag a contact from one group to another (a
jabber.ccc.de contact from a group named jabber.ccc.de into a group
named jabberd.eu) and after confirming, it just disappeared!

You likely dropped it onto another contact which merged it with it. To move
it to a new group you need to drop it on top of the group itself.

Actually,
I see what's happened, it's merged the two contacts for some reason.
Why would someone want to merge contacts,

So that you could merge alice@gmail.com with alice@facebook.com.

doesn't that make it
impossible to select which one for chatting?

No, you can choose from the icon that is on the left side of the send area.

Hope this helps,
Emil

--sent from my mobile

···

On 22 Aug 2013 22:13, "Derek Moss" <dmts@stoptheviolence.co.uk> wrote:

I also managed to get duplicates of a contact listed. I think I added
an entry for the contact and named it with the person's name and then
later when I received a message/authorisation request from the user,
it added a second entry showing just the jabberd.eu address.

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#3

Thanks Emil, I understand about the contacts merging now.

I hope you can fix the problems with sending unencrypted messages
soon, as that's a major problem.

···

On 22 August 2013 22:14, Emil Ivov <emcho@jitsi.org> wrote:

Hey Derek,

(Comments inline)

On 22 Aug 2013 22:13, "Derek Moss" <dmts@stoptheviolence.co.uk> wrote:

I've got Jitsi running on two PCs on my LAN to test.

If I send from my google account to another google account, that
correctly won't send messages unless I've got a private conversation
started (it tells the other user that I'm writing a message but not
the contents and I get "You sent me an unreadable encrypted message"
back and then it autostarts a private conversation).

However, if I send from my jabberd.eu account to another jabberd.eu
account (or a jabber.ccc.de account), it sends the messages
unencrypted and doesn't warn me at all (it says on the other machine
"This message was sent unencrypted". Now if I send a message back from
the chat window opened on the second machine, it works as expected and
the same thing happens as with the google account. It also works if I
start the chat from the second machine but the first machine can End
Private Conversation and then send unencrypted messages back.

After doing this, with Private Conversation on I now don't receive
messages on either machine, even though it shows in the chat window "x
is typing a message". Only with it off do the messages come through

I'm sure when I first noticed this problem yesterday that it was
sending the messages unencrypted from the second machine, when I
started the chat there but it seems to be the other way round now.

I'm a bit confused as to why it has:

Start Private Conversation

and

Enable Private Messaging
Automatically Initiate Private Messaging
Require Private Messaging

Thanks for the comments. We are currently looking at similar issues. We'll
write here when we are ready for additional testing

On another matter, I'm having trouble with jabber.ccc.de and have
created two accounts on there which I can't login to. I might have
forgotten the password for the first one but I made a note of the
second. I've just tried to create a third but if I try and use my
first username, nothing happens (I presume it's rejecting it because
it already exists but it doesn't say anything). When I used a
different username, the Create Account window just shrunk and froze up
and crashed Jitsi and I had to kill it with Task Manager.

Also, I just tried to drag a contact from one group to another (a
jabber.ccc.de contact from a group named jabber.ccc.de into a group
named jabberd.eu) and after confirming, it just disappeared!

You likely dropped it onto another contact which merged it with it. To move
it to a new group you need to drop it on top of the group itself.

Actually,
I see what's happened, it's merged the two contacts for some reason.
Why would someone want to merge contacts,

So that you could merge alice@gmail.com with alice@facebook.com.

doesn't that make it
impossible to select which one for chatting?

No, you can choose from the icon that is on the left side of the send area.

Hope this helps,
Emil

--sent from my mobile

I also managed to get duplicates of a contact listed. I think I added
an entry for the contact and named it with the person's name and then
later when I received a message/authorisation request from the user,
it added a second entry showing just the jabberd.eu address.

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#4

Thinking about it, could you please open an issue and add your
description there?

It would be great if you could be a little bit more specific on the
steps that it takes to reproduce them though. This wasn't immediately
obvious to me from your first mail so it would be very helpful.

Thanks,
Emil

···

On Fri, Aug 23, 2013 at 5:53 PM, Derek Moss <dmts@stoptheviolence.co.uk> wrote:

Thanks Emil, I understand about the contacts merging now.

I hope you can fix the problems with sending unencrypted messages
soon, as that's a major problem.

On 22 August 2013 22:14, Emil Ivov <emcho@jitsi.org> wrote:

Hey Derek,

(Comments inline)

On 22 Aug 2013 22:13, "Derek Moss" <dmts@stoptheviolence.co.uk> wrote:

I've got Jitsi running on two PCs on my LAN to test.

If I send from my google account to another google account, that
correctly won't send messages unless I've got a private conversation
started (it tells the other user that I'm writing a message but not
the contents and I get "You sent me an unreadable encrypted message"
back and then it autostarts a private conversation).

However, if I send from my jabberd.eu account to another jabberd.eu
account (or a jabber.ccc.de account), it sends the messages
unencrypted and doesn't warn me at all (it says on the other machine
"This message was sent unencrypted". Now if I send a message back from
the chat window opened on the second machine, it works as expected and
the same thing happens as with the google account. It also works if I
start the chat from the second machine but the first machine can End
Private Conversation and then send unencrypted messages back.

After doing this, with Private Conversation on I now don't receive
messages on either machine, even though it shows in the chat window "x
is typing a message". Only with it off do the messages come through

I'm sure when I first noticed this problem yesterday that it was
sending the messages unencrypted from the second machine, when I
started the chat there but it seems to be the other way round now.

I'm a bit confused as to why it has:

Start Private Conversation

and

Enable Private Messaging
Automatically Initiate Private Messaging
Require Private Messaging

Thanks for the comments. We are currently looking at similar issues. We'll
write here when we are ready for additional testing

On another matter, I'm having trouble with jabber.ccc.de and have
created two accounts on there which I can't login to. I might have
forgotten the password for the first one but I made a note of the
second. I've just tried to create a third but if I try and use my
first username, nothing happens (I presume it's rejecting it because
it already exists but it doesn't say anything). When I used a
different username, the Create Account window just shrunk and froze up
and crashed Jitsi and I had to kill it with Task Manager.

Also, I just tried to drag a contact from one group to another (a
jabber.ccc.de contact from a group named jabber.ccc.de into a group
named jabberd.eu) and after confirming, it just disappeared!

You likely dropped it onto another contact which merged it with it. To move
it to a new group you need to drop it on top of the group itself.

Actually,
I see what's happened, it's merged the two contacts for some reason.
Why would someone want to merge contacts,

So that you could merge alice@gmail.com with alice@facebook.com.

doesn't that make it
impossible to select which one for chatting?

No, you can choose from the icon that is on the left side of the send area.

Hope this helps,
Emil

--sent from my mobile

I also managed to get duplicates of a contact listed. I think I added
an entry for the contact and named it with the person's name and then
later when I received a message/authorisation request from the user,
it added a second entry showing just the jabberd.eu address.

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
Jitsi
emcho@jitsi.org PHONE: +33.1.77.62.43.30
https://jitsi.org FAX: +33.1.77.62.47.31


#5

Hi Emil

I just got round to doing this and the ticket is here
https://trac.jitsi.org/ticket/1212

Regards

Derek

···

On 24 August 2013 07:00, Emil Ivov <emcho@jitsi.org> wrote:

Thinking about it, could you please open an issue and add your
description there?

It would be great if you could be a little bit more specific on the
steps that it takes to reproduce them though. This wasn't immediately
obvious to me from your first mail so it would be very helpful.

Thanks,
Emil

On Fri, Aug 23, 2013 at 5:53 PM, Derek Moss <dmts@stoptheviolence.co.uk> wrote:

Thanks Emil, I understand about the contacts merging now.

I hope you can fix the problems with sending unencrypted messages
soon, as that's a major problem.

On 22 August 2013 22:14, Emil Ivov <emcho@jitsi.org> wrote:

Hey Derek,

(Comments inline)

On 22 Aug 2013 22:13, "Derek Moss" <dmts@stoptheviolence.co.uk> wrote:

I've got Jitsi running on two PCs on my LAN to test.

If I send from my google account to another google account, that
correctly won't send messages unless I've got a private conversation
started (it tells the other user that I'm writing a message but not
the contents and I get "You sent me an unreadable encrypted message"
back and then it autostarts a private conversation).

However, if I send from my jabberd.eu account to another jabberd.eu
account (or a jabber.ccc.de account), it sends the messages
unencrypted and doesn't warn me at all (it says on the other machine
"This message was sent unencrypted". Now if I send a message back from
the chat window opened on the second machine, it works as expected and
the same thing happens as with the google account. It also works if I
start the chat from the second machine but the first machine can End
Private Conversation and then send unencrypted messages back.

After doing this, with Private Conversation on I now don't receive
messages on either machine, even though it shows in the chat window "x
is typing a message". Only with it off do the messages come through

I'm sure when I first noticed this problem yesterday that it was
sending the messages unencrypted from the second machine, when I
started the chat there but it seems to be the other way round now.

I'm a bit confused as to why it has:

Start Private Conversation

and

Enable Private Messaging
Automatically Initiate Private Messaging
Require Private Messaging

Thanks for the comments. We are currently looking at similar issues. We'll
write here when we are ready for additional testing

On another matter, I'm having trouble with jabber.ccc.de and have
created two accounts on there which I can't login to. I might have
forgotten the password for the first one but I made a note of the
second. I've just tried to create a third but if I try and use my
first username, nothing happens (I presume it's rejecting it because
it already exists but it doesn't say anything). When I used a
different username, the Create Account window just shrunk and froze up
and crashed Jitsi and I had to kill it with Task Manager.

Also, I just tried to drag a contact from one group to another (a
jabber.ccc.de contact from a group named jabber.ccc.de into a group
named jabberd.eu) and after confirming, it just disappeared!

You likely dropped it onto another contact which merged it with it. To move
it to a new group you need to drop it on top of the group itself.

Actually,
I see what's happened, it's merged the two contacts for some reason.
Why would someone want to merge contacts,

So that you could merge alice@gmail.com with alice@facebook.com.

doesn't that make it
impossible to select which one for chatting?

No, you can choose from the icon that is on the left side of the send area.

Hope this helps,
Emil

--sent from my mobile

I also managed to get duplicates of a contact listed. I think I added
an entry for the contact and named it with the person's name and then
later when I received a message/authorisation request from the user,
it added a second entry showing just the jabberd.eu address.

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
Jitsi
emcho@jitsi.org PHONE: +33.1.77.62.43.30
https://jitsi.org FAX: +33.1.77.62.47.31

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users