libraryh3lp logo

LibraryH3lp is software used by libraries, educators, and non-profits for better customer service.

Saturday, May 22, 2021

End to End Encryption (E2EE) for chats

From the beginning, LibraryH3lp has been designed as a privacy-first application. Guests chat anonymously as there is no requirement or option for guests to enter any sort of identifying information such as email address or name to begin a chat. As a customer, you are the main custodian of your subscription data and control your internal users, queues, and transcript retention (which is an opt-in feature). In this vein, we are excited to offer a new optional feature for web-based chats -- end-to-end encryption.

Released as follows:

  • Canada: May 22, 2021
  • Europe: May 29, 2021
  • Singapore: May 29, 2021
  • Main (North America): June 20, 2021

What is end-to-end encryption (E2EE) and off the record messaging (OTR)?

End-to-end encryption (E2EE) means that only the two parties (ends) participating in a chat can read the messages. No one else (including LibraryH3lp support personnel) can read the messages because the messages are encrypted. The specific cryptographic protocol used to encrypt chat messages is Off the Record Messaging (OTR).

As a further proof against man-in-the-middle (MITM) eavesdropping, operators answering chats in the webclient for staffing can optionally provide the private key from a Digital Signature Algorithm (DSA) key pair so that the guest's chat box (which has the matching public key fingerprint) can confirm that the answering operator is authorized to communicate with the guest.

Note: E2EE/OTR is not available nor planned for SMS (texting) chats.

Wait. Aren't chats encrypted by default?

Yes. Even without setting up E2EE, guest chat boxes use HTTPS by default and the operator's webclient for staffing always uses HTTPS. With HTTPS, chat messages are encrypted in transit over the network. However unlike with E2EE chats, these chat transcripts can also be read by authenticated users that have appropriate permissions in Chat History while a chat is active, and also after a chat has ended if transcript storage has been enabled. Chat transcript retention provides the ability for later access and can be useful for things like training, data assessment/analysis, and personnel review.

Even though this OTR chat is active, its transcript cannot be seen in Chat History.

If my chats are already encrypted, why would I want to set up E2EE/OTR?

Actually we anticipate that most customers will not set up E2EE/OTR, since messages are encrypted in transit via HTTPS and the ability for later transcript review is an important part of quality assurance, assessment, and training for many organizations.  

However customers in countries with very strong data privacy regulations or any customer with stringent privacy requirements might be interested in E2EE. For example, if E2EE is configured, then there is no way for LibraryH3lp support staff to access chat transcripts, and that can be an important feature.

Generally how does OTR work?

The guest does not have to do anything special to initiate an OTR chat. Your local administrator sets up OTR ahead of time as part of the chat skin used for the chat box. When the guest sends a message to begin a chat, they'll see a brief "Connecting..." indicator which indicates the start of the OTR negotiation process which happens automatically and behind the scenes between the two ends of the conversation (the guest and the answering chat operator).

When the chat goes out to the operator(s) in the webclient, the operators see a note that the chat is OTR and, instead of plainly seeing the guest's initial message(s), the operator(s) must first claim the chat by clicking a button. Only after an operator claims the chat, will the operator actually see the guest's message(s). The operator can close the chat window if the operator does not want to claim the chat, leaving it open for another receiving operator to claim.

The chat operator cannot see the guest's messages until the operator claims the chat. Alternatively the operator can close the chat window, leaving the chat available for another receiving operator to claim.

How do I enable OTR for my chat box skins?

To get started, the local LibraryH3lp administrator generates a public key fingerprint / private key pairing for all chat box skins within the admin dashboard (US, CA, EU, SG) using the "Manage Off the Record Chat (E2EE)" button. We recommend regenerating the public key fingerprint and private key on a routine schedule as a best practice. Using keys for up to one month is generally considered safe, and the typical recommendation is to regenerate keys weekly.

Refer to our how-to guide that walks you through the process and has lots of extra details and screenshots.

, ,

No comments: