From 77b4865d2b1e8eebbc276653072da14637e160f7 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Sun, 28 Feb 2016 11:00:22 +0000
Subject: [PATCH] Update documentation for profanity

---
 doc/EN/usage.org      | 38 ++++++++++++++++++++++---
 website/EN/usage.html | 64 ++++++++++++++++++++++++++++++++++++++-----
 2 files changed, 91 insertions(+), 11 deletions(-)

diff --git a/doc/EN/usage.org b/doc/EN/usage.org
index 972d402a..1552724d 100644
--- a/doc/EN/usage.org
+++ b/doc/EN/usage.org
@@ -196,9 +196,7 @@ The [[http://profanity.im][Profanity]] shell based user interface and is perhaps
 ssh username@domain -p 2222
 #+END_SRC
 
-Then select XMPP and enter your password (for the admin user this can also be found in the README in your home directory).
-
-Generate an [[https://en.wikipedia.org/wiki/Off-the-Record_Messaging][OTR]] key with:
+Then select XMPP. Generate an [[https://en.wikipedia.org/wiki/Off-the-Record_Messaging][OTR]] key with:
 
 #+BEGIN_SRC bash
 /otr gen
@@ -210,7 +208,39 @@ Then to start a conversation using OTR:
 /otr start otherusername@otheruserdomain
 #+END_SRC
 
-It's automatically routed through Tor and so if you are also using OTR then this provides protection for both message content and metadata.
+or if you're already in an insecure chat with someone just use:
+
+#+BEGIN_SRC bash
+/otr start
+#+END_SRC
+
+Set a security question and answer:
+
+#+BEGIN_SRC bash
+/otr question "What is the name of your best friends rabbit?" fiffi
+#+END_SRC
+
+On the other side the user can enter:
+
+#+BEGIN_SRC bash
+/otr answer fifi
+#+END_SRC
+
+For the most paranoid you can also obtain your fingerprint:
+
+#+BEGIN_SRC bash
+/otr myfp
+#+END_SRC
+
+and quote that.  If they quote their back you can check it with:
+
+#+BEGIN_SRC bash
+/otr theirfp
+#+END_SRC
+
+If the fingerprints match then you can be pretty confident that unless you have been socially engineered via the question and answer you probably are talking to who you think you are, and that it will be difficult for mass surveillance systems to know the content of the conversation. For more details see [[http://www.profanity.im/otr.html][this guide]].
+
+ When accessed via the user control panel the client is automatically routed through Tor and so if you are also using OTR then this provides protection for both message content and metadata.
 *** Using with Jitsi
 Jitsi is the recommended communications client for desktop or laptop systems, since it includes the /off the record/ (OTR) feature which provides some additional security beyond the usual SSL certificates.
 
diff --git a/website/EN/usage.html b/website/EN/usage.html
index 1368bbde..1eecb867 100644
--- a/website/EN/usage.html
+++ b/website/EN/usage.html
@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2016-02-27 Sat 23:14 -->
+<!-- 2016-02-28 Sun 10:59 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title></title>
@@ -600,11 +600,7 @@ The <a href="http://profanity.im/">Profanity</a> shell based user interface and
 </div>
 
 <p>
-Then select XMPP and enter your password (for the admin user this can also be found in the README in your home directory).
-</p>
-
-<p>
-Generate an <a href="https://en.wikipedia.org/wiki/Off-the-Record_Messaging">OTR</a> key with:
+Then select XMPP. Generate an <a href="https://en.wikipedia.org/wiki/Off-the-Record_Messaging">OTR</a> key with:
 </p>
 
 <div class="org-src-container">
@@ -624,7 +620,61 @@ Then to start a conversation using OTR:
 </div>
 
 <p>
-It's automatically routed through Tor and so if you are also using OTR then this provides protection for both message content and metadata.
+or if you're already in an insecure chat with someone just use:
+</p>
+
+<div class="org-src-container">
+
+<pre class="src src-bash">/otr start
+</pre>
+</div>
+
+<p>
+Set a security question and answer:
+</p>
+
+<div class="org-src-container">
+
+<pre class="src src-bash">/otr question <span class="org-string">"What is the name of your best friends rabbit?"</span> fiffi
+</pre>
+</div>
+
+<p>
+On the other side the user can enter:
+</p>
+
+<div class="org-src-container">
+
+<pre class="src src-bash">/otr answer fifi
+</pre>
+</div>
+
+<p>
+For the most paranoid you can also obtain your fingerprint:
+</p>
+
+<div class="org-src-container">
+
+<pre class="src src-bash">/otr myfp
+</pre>
+</div>
+
+<p>
+and quote that.  If they quote their back you can check it with:
+</p>
+
+<div class="org-src-container">
+
+<pre class="src src-bash">/otr theirfp
+</pre>
+</div>
+
+<p>
+If the fingerprints match then you can be pretty confident that unless you have been socially engineered via the question and answer you probably are talking to who you think you are, and that it will be difficult for mass surveillance systems to know the content of the conversation. For more details see <a href="http://www.profanity.im/otr.html">this guide</a>.
+</p>
+
+<p>
+When accessed via the user control panel the client is automatically routed through Tor and so if you are also using OTR then this provides protection for both message content and metadata.
 </p>
 </div>
 </div>