TL; DR
Al momento non ci sono informazioni pubbliche su come sono stati letti esattamente i messaggi, ma tutto indica un'attuazione errata del software e una cattiva progettazione dell'interfaccia utente.
Non c'era un problema con l'OTR, c'era un problema con l'implementazione di esso.
Su nakedsecurity.sophos.com
For one thing, the app warned users about possible message interception in teensy type, worded in such a way that an average user wouldn’t understand, he said, if they read the smaller font at all. The warning:
Encryption is enabled, but conversation partner is not authenticate
E arstechnica.com
An article published by Dutch public broadcaster NOS said a version of the IronChat app it investigated suffered a variety of potentially serious weaknesses. Key among them: warning messages that notified users when their contacts’ encryption keys had changed were easy to overlook because they were provided in a font much smaller than the rest of the conversation. While crypto keys often change for legitimate reasons, such as when someone obtains a new phone, a new key might also be a sign a third party is trying to intercept the communications by encrypting them with a key it controls.
Per segnale nelle stesse notizie
The Signal app, for instance, encrypts messages using the recipient’s public key before it leaves the sender’s device. As a result, messages that pass through Signal’s central servers can be decrypted only by the recipients’ private key, which is stored only on the recipients’ individual devices. In the event law enforcement took control of the server, they would be unable to read the content of messages without substantially updating the Signal app and waiting for targets to install the update. Even then, they would be able to read only messages sent after the update was installed. Earlier messages would remain unreadable.