Feature #11307

Make sure that anonymous XMPP logins work in Tails

Added by sycamoreone 2016-04-03 20:36:51 . Updated 2018-08-17 15:57:57 .

Status:
Confirmed
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
2016-04-03
Due date:
% Done:

0%

Feature Branch:
Type of work:
Research
Blueprint:

Starter:
Affected tool:
Instant Messaging
Deliverable for:

Description

Before trying to find/organize a XMPP server that supports anonymous logins, we should make sure that these actually work in the XMPP client shipped in Tails.

It does not work in Pidgin (Feature #11307#note-5) so this is blocked by Bug #8573.


Subtasks


Related issues

Related to Tails - Bug #8573: Hopefully replace Pidgin some day In Progress 2015-01-07
Has duplicate Tails - Bug #11701: Research the setup of the torproject's xmpp support Resolved 2016-08-23
Blocks Tails - Feature #11317: Pass a call to host an XMPP server for Tails support Confirmed 2016-04-04

History

#1 Updated by intrigeri 2016-04-04 13:21:53

  • Status changed from New to Confirmed

#2 Updated by intrigeri 2016-04-04 13:22:41

  • Subject changed from Make sure that anonymous logins work in Pidgin/Tails to Make sure that anonymous XMPP logins work in Pidgin/Tails
  • Affected tool set to Instant Messaging

#3 Updated by sycamoreone 2016-04-12 00:14:44

The good news: libpurple (at least in Debian uses the Cyrus SASL library, which supports SASL ANONYMOUS.

The not so good news: I can’t find a mention of anonymous logins or SASL ANONYMOUS in the Pidgin documentation and so far I haven’t found a public XMPP server that supports anonymous authentication for testing.. Next steps are to (1) look into the source tree, (2) ask Pidgin/XMPP people, and if necessary (3) set up a local Prosody server to try how Pidgin behaves.

#4 Updated by sycamoreone 2016-04-12 00:59:00

Setting up Prosody with SASL ANONYMOUS is in fact really easy, but this is what I get from Pidgin when I try to configure an account using the usual assistant:

(07:50:43) proxy: Connected to 127.0.0.1:5222.
(07:50:43) jabber: Sending (a@localhost):

(07:50:43) jabber: Sending (a@localhost):
(07:50:43) jabber: Recv (326):

ANONYMOUS
(07:50:43) sasl: Mechs found: ANONYMOUS
(07:50:43) sasl: No worthy mechs found
(07:50:43) connection: Connection error on 0x7fbcfec9b270 (reason: 3 description: Server does not use any supported authentication method)
(07:50:43) account: Disconnecting account a@localhost/ (0x7fbcfe1abb10)

#5 Updated by sycamoreone 2016-04-12 01:11:59

In libpurple/protocols/jabber/auth_cyrus.c:211 one finds

static JabberSaslState
jabber_auth_start_cyrus(JabberStream *js, PurpleXmlNode **reply, char **error)
{
    [...]
    sasl_security_properties_t secprops;
    gboolean again;
    gboolean plaintext = TRUE;

    /* Set up security properties and options */
    secprops.min_ssf = 0;
    secprops.security_flags = SASL_SEC_NOANONYMOUS;

    [...]

SASL_SEC_NOANONYMOUS is documented to mean " don’t permit mechanisms that allow anonymous login".

tl;dr SASL ANONYMOUS won’t work with Pidgin. Anonymous accounts with a standard password are still an option, but I don’t know yet, how this can be configured in standard XMPP servers.

#6 Updated by sycamoreone 2016-04-12 13:01:52

  • Status changed from Confirmed to In Progress

#7 Updated by sycamoreone 2016-04-14 11:45:23

  • blocks Feature #11317: Pass a call to host an XMPP server for Tails support added

#8 Updated by sajolida 2016-04-18 02:00:59

Moving Feature #11306#note-4 here. Tor uses anonymous logins on XMPP for live and one-time user support sessions. We could ask them for tricks or if we can use it for testing
maybe. Lunar set it up I think.

#9 Updated by BitingBird 2016-06-27 02:32:28

Removing parent

#10 Updated by sycamoreone 2016-08-18 01:28:56

sajolida wrote:
> Tor uses anonymous logins on XMPP for live and one-time user support sessions. We could ask them for tricks or if we can use it for testing maybe. Lunar set it up I think.

I asked Lunar about their setup. It is documented here in the Tor Project’s Trac.

The setup is based on Prosody and also features a webchat.

#11 Updated by sycamoreone 2016-08-23 12:26:09

  • related to Bug #11701: Research the setup of the torproject's xmpp support added

#12 Updated by sycamoreone 2016-08-23 12:30:11

  • related to deleted (Bug #11701: Research the setup of the torproject's xmpp support)

#13 Updated by sycamoreone 2016-08-23 12:30:30

  • has duplicate Bug #11701: Research the setup of the torproject's xmpp support added

#14 Updated by anonym 2017-09-28 16:26:50

FWIW, Tor Messenger 0.5.0b1 (released today) supports “temporary XMPP accounts” (via jabber.otr.im) which I guess is what this ticket is about.

#15 Updated by anonym 2017-09-28 16:30:14

anonym wrote:
> FWIW, Tor Messenger 0.5.0b1 (released today) supports “temporary XMPP accounts” (via jabber.otr.im) which I guess is what this ticket is about.

Actually I think it’s something different, just in-band registration with random nick/password. But I believe it solves the same problem as SASL ANONYMOUS would for us.

#16 Updated by intrigeri 2018-03-01 08:14:51

  • Subject changed from Make sure that anonymous XMPP logins work in Pidgin/Tails to Make sure that anonymous XMPP logins work in Tails
  • Description updated

#17 Updated by intrigeri 2018-03-01 08:15:07

  • related to Bug #8573: Hopefully replace Pidgin some day added

#18 Updated by Anonymous 2018-08-17 15:57:57

  • Status changed from In Progress to Confirmed
  • Assignee deleted (sycamoreone)