Feature #11307
Make sure that anonymous XMPP logins work in Tails
0%
Description
Before trying to find/organize a XMPP server that supports anonymous logins, we should make sure that these actually work in the XMPP client shipped in Tails.
It does not work in Pidgin (Feature #11307#note-5) so this is blocked by Bug #8573.
Subtasks
Related issues
Related to Tails - Bug #8573: Hopefully replace Pidgin some day | In Progress | 2015-01-07 | |
Has duplicate Tails - |
Resolved | 2016-08-23 | |
Blocks Tails - Feature #11317: Pass a call to host an XMPP server for Tails support | Confirmed | 2016-04-04 |
History
#1 Updated by intrigeri 2016-04-04 13:21:53
- Status changed from New to Confirmed
#2 Updated by intrigeri 2016-04-04 13:22:41
- Subject changed from Make sure that anonymous logins work in Pidgin/Tails to Make sure that anonymous XMPP logins work in Pidgin/Tails
- Affected tool set to Instant Messaging
#3 Updated by sycamoreone 2016-04-12 00:14:44
The good news: libpurple (at least in Debian uses the Cyrus SASL library, which supports SASL ANONYMOUS.
The not so good news: I can’t find a mention of anonymous logins or SASL ANONYMOUS in the Pidgin documentation and so far I haven’t found a public XMPP server that supports anonymous authentication for testing.. Next steps are to (1) look into the source tree, (2) ask Pidgin/XMPP people, and if necessary (3) set up a local Prosody server to try how Pidgin behaves.
#4 Updated by sycamoreone 2016-04-12 00:59:00
Setting up Prosody with SASL ANONYMOUS is in fact really easy, but this is what I get from Pidgin when I try to configure an account using the usual assistant:
(07:50:43) proxy: Connected to 127.0.0.1:5222.
(07:50:43) jabber: Sending (a@localhost):
(07:50:43) jabber: Sending (a@localhost):
(07:50:43) jabber: Recv (326):
(07:50:43) sasl: Mechs found: ANONYMOUS
(07:50:43) sasl: No worthy mechs found
(07:50:43) connection: Connection error on 0x7fbcfec9b270 (reason: 3 description: Server does not use any supported authentication method)
(07:50:43) account: Disconnecting account a@localhost/ (0x7fbcfe1abb10)
#5 Updated by sycamoreone 2016-04-12 01:11:59
In libpurple/protocols/jabber/auth_cyrus.c:211
one finds
static JabberSaslState
jabber_auth_start_cyrus(JabberStream *js, PurpleXmlNode **reply, char **error)
{
[...]
sasl_security_properties_t secprops;
gboolean again;
gboolean plaintext = TRUE;
/* Set up security properties and options */
secprops.min_ssf = 0;
secprops.security_flags = SASL_SEC_NOANONYMOUS;
[...]
SASL_SEC_NOANONYMOUS is documented to mean " don’t permit mechanisms that allow anonymous login".
tl;dr SASL ANONYMOUS won’t work with Pidgin. Anonymous accounts with a standard password are still an option, but I don’t know yet, how this can be configured in standard XMPP servers.
#6 Updated by sycamoreone 2016-04-12 13:01:52
- Status changed from Confirmed to In Progress
#7 Updated by sycamoreone 2016-04-14 11:45:23
- blocks Feature #11317: Pass a call to host an XMPP server for Tails support added
#8 Updated by sajolida 2016-04-18 02:00:59
Moving Feature #11306#note-4 here. Tor uses anonymous logins on XMPP for live and one-time user support sessions. We could ask them for tricks or if we can use it for testing
maybe. Lunar set it up I think.
#10 Updated by sycamoreone 2016-08-18 01:28:56
sajolida wrote:
> Tor uses anonymous logins on XMPP for live and one-time user support sessions. We could ask them for tricks or if we can use it for testing maybe. Lunar set it up I think.
I asked Lunar about their setup. It is documented here in the Tor Project’s Trac.
The setup is based on Prosody and also features a webchat.
#11 Updated by sycamoreone 2016-08-23 12:26:09
- related to
Bug #11701: Research the setup of the torproject's xmpp support added
#12 Updated by sycamoreone 2016-08-23 12:30:11
- related to deleted (
)Bug #11701: Research the setup of the torproject's xmpp support
#13 Updated by sycamoreone 2016-08-23 12:30:30
- has duplicate
Bug #11701: Research the setup of the torproject's xmpp support added
#14 Updated by anonym 2017-09-28 16:26:50
FWIW, Tor Messenger 0.5.0b1 (released today) supports “temporary XMPP accounts” (via jabber.otr.im
) which I guess is what this ticket is about.
#15 Updated by anonym 2017-09-28 16:30:14
anonym wrote:
> FWIW, Tor Messenger 0.5.0b1 (released today) supports “temporary XMPP accounts” (via jabber.otr.im
) which I guess is what this ticket is about.
Actually I think it’s something different, just in-band registration with random nick/password. But I believe it solves the same problem as SASL ANONYMOUS
would for us.
#16 Updated by intrigeri 2018-03-01 08:14:51
- Subject changed from Make sure that anonymous XMPP logins work in Pidgin/Tails to Make sure that anonymous XMPP logins work in Tails
- Description updated
#17 Updated by intrigeri 2018-03-01 08:15:07
- related to Bug #8573: Hopefully replace Pidgin some day added
#18 Updated by Anonymous 2018-08-17 15:57:57
- Status changed from In Progress to Confirmed
- Assignee deleted (
sycamoreone)