Bug #11541

OMEMO support in Tails

Added by Kurtis 2016-06-21 15:39:45 . Updated 2020-05-13 14:15:28 .

Status:
Confirmed
Priority:
Low
Assignee:
Category:
Target version:
Start date:
2016-06-21
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:

Starter:
Affected tool:
Instant Messaging
Deliverable for:

Description

The OMEMO encryption /oˈmiːmoʊ/ (OMEMO Multi-End Message and Object Encryption) gives you all the advantages you would expect from a modern-day encryption protocol like Future and Forward Secrecy and deniability while allowing you to keep the benefits of message synchronization and offline delivery.

OMEMO not only gives you a better encryption features than OpenPGP and OTR but is also much easier to setup. OMEMO is the encryption you can actually use in your daily life. Turn it on once and forget you ever did.

OMEMO uses the Signal Protocal ratchet to establish secure sessions between every combination of devices for you and your contact. Those sessions are then being used to communicate secure keys to all devices. OMEMO will generate a new key for every message. That key is used to encrypt your message with AES-GCM. The long-lived Signal Protocal sessions in the background deal with the challenges of message reordering, message loss and accidental duplication.

Being built upon PEP (Personal Eventing Protocol) to announce the pre-keys used by Signal Protocal to establish new sessions, OMEMO requires little to no change to the existing XMPP server infrastructure.

https://conversations.im/omemo/

Tails could work upstream to help Pidgin impliment OMEMO by assisting with this ticket: https://developer.pidgin.im/ticket/16801

Alternatively, Tails could include Gajim https://packages.debian.org/jessie/net/gajim and Kalkin’s Gajim OMEMO plugin.

OTR is the current default chat encryption option on Tails. OTR is 10 years old and was never designed for modern day instant messaging.

Subtasks

Related issues

Related to Tails - Feature #7868: Use gajim instead of pidgin (more secure OTR chat) Rejected 2014-09-01
Related to Tails - Bug #8573: Hopefully replace Pidgin some day In Progress 2015-01-07
Related to Tails - Feature #14568: Additional Software Packages Resolved 2013-12-11 2018-06-26
Related to Tails - Feature #14567: Investigate mobile messaging applications Confirmed 2018-01-18
Related to Tails - Feature #17508: test xmpp in tails and its compatibility to mobile apps Confirmed

History

#1 Updated by DrWhax 2016-06-25 04:26:43

This ticket isn’t interesting for us unless we can implement it by simply doing: apt-get install $package-name.

Don’t expect help from us on this unless we can implement it, sorry!

#2 Updated by intrigeri 2016-07-16 06:08:51

  • Status changed from New to Rejected

I say let’s reopen and track this here once there’s an implementation available (in Debian) that doesn’t require us to ship yet another IM client. In the meantime, there’s nothing we can do about it, sorry!

#3 Updated by sajolida 2016-08-24 03:58:22

  • related to Feature #7868: Use gajim instead of pidgin (more secure OTR chat) added

#4 Updated by sajolida 2016-08-24 03:58:33

  • related to Bug #8573: Hopefully replace Pidgin some day added

#5 Updated by Kurtis 2016-09-17 12:14:51

Gajim’s omemo plugin was put into the Debian sid repository a few weeks ago: https://packages.debian.org/sid/gajim-omemo I’m assuming it could be backported.

Pidgin might as well change their name to Ostrich, because their head is in the sand when it comes to adding support for OMEMO. https://developer.pidgin.im/ticket/16801

#6 Updated by intrigeri 2017-01-07 08:30:28

https://current.workingdirectory.net/posts/2017/encrypted-mucs/ suggests that this needs polishing as the current UX is quite poor.

#7 Updated by Kurtis 2017-01-08 02:33:39

Thanks for the link. I hadn’t read that before.

Just got news that people are working to add OMEMO support to Pidgin: https://developer.pidgin.im/ticket/16801#comment:27 I’ll try to dig some more to find more details.

I know that there is a chance that Tails could one day use Tor Messenger based on this: https://labs.riseup.net/code/issues/8577

Here’s a ticket for TorMessenger OMEMO support: https://trac.torproject.org/projects/tor/ticket/17457

Here’s a ticket for TorMessenger’s upstream InstantBird OMEMO support: https://bugzilla.mozilla.org/show_bug.cgi?id=1237416

#8 Updated by Kurtis 2017-01-23 00:18:50

Quick update: Two people that are working to add OMEMO support to Pidgin just posted at https://developer.pidgin.im/ticket/16801

If anyone wants to check out the OMEMO+XMPP+Pidgin alpha git repo that one of the devs posted, you can check it out here: https://git.imp.fu-berlin.de/mancho/libpurple-omemo-plugin

#9 Updated by Kurtis 2017-02-10 23:08:53

Lurch is an alpha release plugin for libpurple that enables OMEMO encryption: https://github.com/gkdr/lurch

#10 Updated by Kurtis 2017-12-11 03:38:55

Can you please un-Reject this issue? OMEMO is the future. The future shouldn’t be rejected, it should be embraced.

#11 Updated by Kurtis 2017-12-11 04:29:04

I know you guys are looking to move away from Pidgin, but I just created this an issue with Lurch asking them to make a debian repo. https://github.com/gkdr/lurch/issues/73

#12 Updated by Kurtis 2017-12-11 04:31:11

I should have said “make a debian package” not “make a debian repo”. my bad.

#13 Updated by intrigeri 2017-12-11 08:14:18

  • Status changed from Rejected to Confirmed
  • Priority changed from Normal to Low
  • Affected tool set to Instant Messaging

This is a valid feature request. I think it’ll be addressed either as part of Bug #8573 or thanks to the upcoming changes to the Additional Software Package feature (which will soon become much more usable, better integrated, and thus an option for everyone who wants their preferred IM protocol/client, because we can’t possibly ship them all).

#14 Updated by intrigeri 2017-12-11 08:14:46

#16 Updated by Anonymous 2018-08-17 15:38:00

And our additional software feature will be in Tails 3.9, allowing anybody to install such things themselves now as long as they are available in Debian :)

#17 Updated by Anonymous 2018-08-17 15:39:03

But I’m unsure if this addresses the problem you are raising entirely?

#18 Updated by intrigeri 2018-10-12 17:43:11

Friends of mine have extensively tested OMEMO and they report that:

  • If different clients are used, with different implementation status of some tech details, one can easily lose messages without knowing they lost it.
  • Encrypted groups don’t work well, especially (or only) when different clients are used.

Sorry I have nothing more specific such as links to bug reports, but I do trust these friends to have tested this extensively, in practical use cases, for a non-trivial duration.

#19 Updated by anonym 2018-11-29 16:46:30

I briefly tested lurch which has a Debian RFP (stating that “[lurch] is the more active of the two OMEMO libpurple plugins”). Some random observations:

  • I had no issues with OMEMO for private messages!
  • [continuing the previous point] … well, except the experience was too automatic and transparent, so it wasn’t clear at all that OMEMO was enabled. The only interface you have is via /lurch ... commands (and messages written to the chat log), and there’s nothing reporting the status of OMEMO. The closest thing I found was that I could see that I have a key fingerprint, which I guess implies encryption at least is possible. IMHO this UX problem is a hard blocker for inclusion in Tails.
  • Obviously lurch to lurch works fine, but I also successfully tested lurch to Conversations (which has a better UI and made it clear lurch managed to speak OMEMO) so at least some different implementations seem able to talk to each other. :)
  • OMEMO for MUCs require that the room is non-anonymous (everyone’s jid is exposed) and that everyone manually enables OMEMO (e.g. /lurch enable) which was pretty limiting and awkward.

#20 Updated by anonym 2018-12-05 11:12:33

One more thing: my Pidgin supported OTR and OMEMO at the same time, and this caused severe issues (impossible to send readable messages) with recipients that also support both.

#21 Updated by Anonymous 2018-12-05 12:29:39

I only tried OMEMO with Gajim. It works very well and depending on the server config, messages are kept on the server until I reconnect, so this is great. In Gajim, OMEMO is supported by default now. (while using it with OTR is not, and their security model stinks: it requires downloading untrusted ZIP files from somewhere in the universe).

I’ve not tried group chats, but Gajim is clever and can send messages to several devices at once (again, this is a server config issue).

I’d say: we could test if it works with Additional Software in Tails (and can persist the settings and keys). And one should probably test what happens if people try to install plugins using the above described disgusting method.

#22 Updated by intrigeri 2020-02-27 08:10:53

  • related to Feature #14567: Investigate mobile messaging applications added

#23 Updated by syster 2020-03-06 12:43:56

  • related to Feature #17508: test xmpp in tails and its compatibility to mobile apps added

#24 Updated by ll 2020-04-15 15:33:32

I’m not sure if OMEMO support is actively worked on right now, however you should be aware that by now Gajim is leaking DNS requests when used with Tor. This is known since a while and the devs are apparently working on a fix:
https://dev.gajim.org/gajim/gajim/issues/8538

Also it may relevant for this issue is that the new XMPP messenger Dino.im was released in january. Its stable release has already been backported to Debian Buster:
https://packages.debian.org/buster-backports/dino-im

Dino aims at a modern and user-friendly (GTK) interface, supports OMEMO and GPG out of the box and its developers claim that it will respect DNS settings of the host system and can easily be routet via Tor:
https://github.com/dino/dino/wiki/Tor

However, connecting to onion services is, as of now, not possible since custom configuration of hostname has yet to be implemented.

#25 Updated by syster 2020-05-13 13:03:21

>I’m not sure if OMEMO support is actively worked on right now

as far as I know, the process is currently here:

“Sent.. grant applications:
To Reset to integrate mobile messaging applications (Signal, Telegram, Wire, Matrix, etc.).”,
as it writes in the Tails report for April, 2020: Tails report for April, 2020
https://tails.boum.org/news/report_2020_04/

>however you should be aware that by now Gajim is leaking DNS requests when used with Tor. This is known since a while and the devs are apparently working on a fix:

thank you. I don’t have the knowledge to be confident about it, but isn’t that issue resolved by Tails forcing traffic through Tor? A comment in the linked issue by a gajim dev also suggests so
“Also you should never depend on the application doing the right thing here.
The right approach if you truly want to solve this is to configure your OS in a way that every connection goes through TOR. And not depend on every single application to do the right thing.”

A whonix dev comments on another issue with the following:

“Gajim leaks DNS depiste Tor proxy configuration, as per #8538. In whonix, tor proxy will route the application over its own tor circuit. A DNS leak will go around that and use the ”common" circuit. This isn’t a huge issue for us since the leaks will still go over Tor, but it’s not as nice."
https://dev.gajim.org/gajim/gajim/issues/8651

My assumption: There is no DNS leak by Gajim in Tails. But I have no idea if that is correct. Anyone can confirm/disproof?

some documentation about the Tor enforcement in Tails:
https://tails.boum.org/contribute/design/Tor_enforcement/

#26 Updated by anonym 2020-05-13 14:15:28

syster wrote:
> My assumption: There is no DNS leak by Gajim in Tails. But I have no idea if that is correct. Anyone can confirm/disproof?

You are correct: DNS leaks are safe in Tails. A DNS leak just means that the DNS resolution isn’t performed over the SOCKS channel but leaked to the system-wide resolver, but in Tails the system-wide resolver is tor (via its DNSPort option) so it makes no difference.