Bug #8573
Hopefully replace Pidgin some day
50%
Description
For now, we’re doing all easy things we can to make Pidgin safer in Tails (AppArmor confinement, shipping support for only a couple protocol), so the current situation is not that scary, but people I trust say it’s riddled with security issues.
It would be good to have a long term plan to replace Pidgin with something safer, without losing the functionality we need.
Subtasks
Bug #8574: Test CoyIM in Tails | Resolved | 100 |
|||
Feature #8577: Evaluate Tor Messenger in the context of Tails | Resolved | 100 |
|||
Bug #11686: Replace Pidgin: refine blueprint | Confirmed | 0 |
|||
Feature #15816: Can we stop including an IRC client by default? | Confirmed | 0 |
Related issues
Related to Tails - Feature #6117: Audit Pidgin | Confirmed | ||
Related to Tails - |
Confirmed | 2016-06-21 | |
Related to Tails - |
Rejected | 2014-09-01 | |
Related to Tails - |
Rejected | 2014-10-25 | |
Related to Tails - Feature #11307: Make sure that anonymous XMPP logins work in Tails | Confirmed | 2016-04-03 | |
Related to Tails - Bug #7453: Pidgin cannot find out the correct XMPP server to connect to, without SRV DNS lookups | Confirmed | 2014-06-23 | |
Related to Tails - Bug #6347: Pidgin IRC Protocol responds to DCC SEND? | Confirmed | 2013-10-08 | |
Related to Tails - Feature #14567: Investigate mobile messaging applications | Confirmed | 2018-01-18 | |
Related to Tails - Feature #17508: test xmpp in tails and its compatibility to mobile apps | Confirmed |
History
#1 Updated by sycamoreone 2015-01-19 19:19:24
I am already following the development around xmpp-client. If you are not keen on doing this yourself, feel free to assign this ticket, Feature #8575, and Feature #8576 to me. (Then somebody would need to brief me about what was discussed at 31c3.)
To be able to decide if a potential replacement is ready, we should also start a blueprint to list Tails’ requirements. For example, is SASL authentication for IRC a requirement?
#2 Updated by intrigeri 2015-01-19 19:57:31
> I am already following the development around xmpp-client. If you are not keen on doing this yourself, feel free to assign this ticket, Feature #8575, and Feature #8576 to me.
I’ll happily do it!
> (Then somebody would need to brief me about what was discussed at 31c3.)
These discussions are mostly captured in these tickets already, but don’t hesitate to ask me and DrWhax for details privately if needed :)
> To be able to decide if a potential replacement is ready, we should also start a blueprint to list Tails’ requirements.
Agreed, and appreciated.
> For example, is SASL authentication for IRC a requirement?
It’s needed for several IRC networks that I find important to support, when connecting over Tor, so I would say yes.
#3 Updated by intrigeri 2015-01-19 19:59:15
Actually, anything related to xmpp-client is on Bug #8574, so let’s move the discussion there. And I’ve assigned that one to you, instead of this very one, assuming that’s expressing your intent better.
#4 Updated by intrigeri 2015-02-10 21:50:21
- Blueprint set to https://tails.boum.org/blueprint/replace_Pidgin/
#5 Updated by intrigeri 2016-02-19 00:45:37
- related to Feature #6117: Audit Pidgin added
#6 Updated by Dr_Whax 2016-08-20 13:52:57
- Description updated
- Assignee set to Dr_Whax
- Target version set to 2018
#7 Updated by Dr_Whax 2016-08-20 13:56:47
- Assignee deleted (
Dr_Whax)
#8 Updated by sajolida 2016-08-24 03:58:33
- related to
Bug #11541: OMEMO support in Tails added
#9 Updated by sajolida 2016-08-24 03:59:39
- related to
Feature #7868: Use gajim instead of pidgin (more secure OTR chat) added
#10 Updated by intrigeri 2016-08-27 10:55:49
- Target version deleted (
2018)
#11 Updated by anonym 2017-09-28 15:56:51
- Status changed from Confirmed to In Progress
Applied in changeset commit:5bc4fd05dd7bd7a51881f5a05c30252825a5ee36.
#12 Updated by Anonymous 2018-01-15 10:53:21
Added some info to the blueprint.
Next steps with the most likely candidates:
- try coyim
- help to find somebody to audit coyim
- get Tor Messenger into Debian
- try dino-im
#13 Updated by Anonymous 2018-01-15 11:40:52
- related to
Feature #8173: Make Ricochet usable in Tails added
#14 Updated by intrigeri 2018-03-01 08:15:07
- related to Feature #11307: Make sure that anonymous XMPP logins work in Tails added
#15 Updated by jvoisin 2018-04-21 14:32:24
I’m currently using Dino to replace Pidgin, and so far so good. The only missing feature are OTR (but there is OMEMO instead) and a systray icon. It’s even translated in several languages :)
CoyIM on the other hand doesn’t support rooms very well for now, and likely won’t in a near future, as I was told by olabini.
#16 Updated by Anonymous 2018-08-18 13:44:05
- related to Bug #7453: Pidgin cannot find out the correct XMPP server to connect to, without SRV DNS lookups added
#17 Updated by Anonymous 2018-08-19 08:41:11
- related to Bug #6347: Pidgin IRC Protocol responds to DCC SEND? added
#18 Updated by intrigeri 2018-08-19 11:14:59
- Description updated
- Type of work changed from Wait to Research
#19 Updated by andrew.mcglashan 2019-02-14 01:19:51
intrigeri wrote:
> For now, we’re doing all easy things we can to make Pidgin safer in Tails (AppArmor confinement, shipping support for only a couple protocol), so the current situation is not that scary, but people I trust say it’s riddled with security issues.
>
> It would be good to have a long term plan to replace Pidgin with something safer, without losing the functionality we need.
>
> team: drwhax, sycamoreone
You can easily add OMEMO support to Pidgin. Here are some links that got my Pidgin setup working perfectly well:
https://github.com/gkdr/lurch
https://github.com/gkdr/carbons
https://app.assembla.com/spaces/pidgin-xmpp-receipts/git/source
Please have a look at those and reconsider keeping Pidgin, I think it is the best client too for a desktop by far.
#20 Updated by intrigeri 2019-02-14 07:04:57
> You can easily add OMEMO support to Pidgin. Here are some links that got my Pidgin setup working perfectly well:
> https://github.com/gkdr/lurch
> https://github.com/gkdr/carbons
> https://app.assembla.com/spaces/pidgin-xmpp-receipts/git/source
AFAICT none of these are in Debian, so for now, I’ll take this “easily” with a grain of salt :)
#21 Updated by Anonymous 2019-03-08 15:50:47
- Description updated
#22 Updated by intrigeri 2020-02-27 08:10:43
- related to Feature #14567: Investigate mobile messaging applications added
#23 Updated by syster 2020-03-06 12:44:21
- related to Feature #17508: test xmpp in tails and its compatibility to mobile apps added