Bug #8573

Hopefully replace Pidgin some day

Added by intrigeri 2015-01-07 12:00:06 . Updated 2019-03-08 15:50:47 .

Status:
In Progress
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
2015-01-07
Due date:
% Done:

50%

Feature Branch:
Type of work:
Research
Starter:
Affected tool:
Instant Messaging
Deliverable for:

Description

For now, we’re doing all easy things we can to make Pidgin safer in Tails (AppArmor confinement, shipping support for only a couple protocol), so the current situation is not that scary, but people I trust say it’s riddled with security issues.

It would be good to have a long term plan to replace Pidgin with something safer, without losing the functionality we need.


Subtasks

Bug #8574: Test CoyIM in Tails Resolved

100

Feature #8577: Evaluate Tor Messenger in the context of Tails Resolved

100

Bug #11686: Replace Pidgin: refine blueprint Confirmed

0

Feature #15816: Can we stop including an IRC client by default? Confirmed

0


Related issues

Related to Tails - Feature #6117: Audit Pidgin Confirmed
Related to Tails - Bug #11541: OMEMO support in Tails Confirmed 2016-06-21
Related to Tails - Feature #7868: Use gajim instead of pidgin (more secure OTR chat) Rejected 2014-09-01
Related to Tails - Feature #8173: Make Ricochet usable in Tails Rejected 2014-10-25
Related to Tails - Feature #11307: Make sure that anonymous XMPP logins work in Tails Confirmed 2016-04-03
Related to Tails - Bug #7453: Pidgin cannot find out the correct XMPP server to connect to, without SRV DNS lookups Confirmed 2014-06-23
Related to Tails - Bug #6347: Pidgin IRC Protocol responds to DCC SEND? Confirmed 2013-10-08
Related to Tails - Feature #14567: Investigate mobile messaging applications Confirmed 2018-01-18
Related to Tails - Feature #17508: test xmpp in tails and its compatibility to mobile apps Confirmed

History

#1 Updated by sycamoreone 2015-01-19 19:19:24

I am already following the development around xmpp-client. If you are not keen on doing this yourself, feel free to assign this ticket, Feature #8575, and Feature #8576 to me. (Then somebody would need to brief me about what was discussed at 31c3.)

To be able to decide if a potential replacement is ready, we should also start a blueprint to list Tails’ requirements. For example, is SASL authentication for IRC a requirement?

#2 Updated by intrigeri 2015-01-19 19:57:31

> I am already following the development around xmpp-client. If you are not keen on doing this yourself, feel free to assign this ticket, Feature #8575, and Feature #8576 to me.

I’ll happily do it!

> (Then somebody would need to brief me about what was discussed at 31c3.)

These discussions are mostly captured in these tickets already, but don’t hesitate to ask me and DrWhax for details privately if needed :)

> To be able to decide if a potential replacement is ready, we should also start a blueprint to list Tails’ requirements.

Agreed, and appreciated.

> For example, is SASL authentication for IRC a requirement?

It’s needed for several IRC networks that I find important to support, when connecting over Tor, so I would say yes.

#3 Updated by intrigeri 2015-01-19 19:59:15

Actually, anything related to xmpp-client is on Bug #8574, so let’s move the discussion there. And I’ve assigned that one to you, instead of this very one, assuming that’s expressing your intent better.

#4 Updated by intrigeri 2015-02-10 21:50:21

  • Blueprint set to https://tails.boum.org/blueprint/replace_Pidgin/

#5 Updated by intrigeri 2016-02-19 00:45:37

#6 Updated by Dr_Whax 2016-08-20 13:52:57

  • Description updated
  • Assignee set to Dr_Whax
  • Target version set to 2018

#7 Updated by Dr_Whax 2016-08-20 13:56:47

  • Assignee deleted (Dr_Whax)

#8 Updated by sajolida 2016-08-24 03:58:33

  • related to Bug #11541: OMEMO support in Tails added

#9 Updated by sajolida 2016-08-24 03:59:39

  • related to Feature #7868: Use gajim instead of pidgin (more secure OTR chat) added

#10 Updated by intrigeri 2016-08-27 10:55:49

  • Target version deleted (2018)

#11 Updated by anonym 2017-09-28 15:56:51

  • Status changed from Confirmed to In Progress

Applied in changeset commit:5bc4fd05dd7bd7a51881f5a05c30252825a5ee36.

#12 Updated by Anonymous 2018-01-15 10:53:21

Added some info to the blueprint.

Next steps with the most likely candidates:

  • try coyim
  • help to find somebody to audit coyim
  • get Tor Messenger into Debian
  • try dino-im

#13 Updated by Anonymous 2018-01-15 11:40:52

#14 Updated by intrigeri 2018-03-01 08:15:07

  • related to Feature #11307: Make sure that anonymous XMPP logins work in Tails added

#15 Updated by jvoisin 2018-04-21 14:32:24

I’m currently using Dino to replace Pidgin, and so far so good. The only missing feature are OTR (but there is OMEMO instead) and a systray icon. It’s even translated in several languages :)

CoyIM on the other hand doesn’t support rooms very well for now, and likely won’t in a near future, as I was told by olabini.

#16 Updated by Anonymous 2018-08-18 13:44:05

  • related to Bug #7453: Pidgin cannot find out the correct XMPP server to connect to, without SRV DNS lookups added

#17 Updated by Anonymous 2018-08-19 08:41:11

  • related to Bug #6347: Pidgin IRC Protocol responds to DCC SEND? added

#18 Updated by intrigeri 2018-08-19 11:14:59

  • Description updated
  • Type of work changed from Wait to Research

#19 Updated by andrew.mcglashan 2019-02-14 01:19:51

intrigeri wrote:
> For now, we’re doing all easy things we can to make Pidgin safer in Tails (AppArmor confinement, shipping support for only a couple protocol), so the current situation is not that scary, but people I trust say it’s riddled with security issues.
>
> It would be good to have a long term plan to replace Pidgin with something safer, without losing the functionality we need.
>
> team: drwhax, sycamoreone

You can easily add OMEMO support to Pidgin. Here are some links that got my Pidgin setup working perfectly well:

https://github.com/gkdr/lurch
https://github.com/gkdr/carbons
https://app.assembla.com/spaces/pidgin-xmpp-receipts/git/source

Please have a look at those and reconsider keeping Pidgin, I think it is the best client too for a desktop by far.

#20 Updated by intrigeri 2019-02-14 07:04:57

> You can easily add OMEMO support to Pidgin. Here are some links that got my Pidgin setup working perfectly well:

> https://github.com/gkdr/lurch
> https://github.com/gkdr/carbons
> https://app.assembla.com/spaces/pidgin-xmpp-receipts/git/source

AFAICT none of these are in Debian, so for now, I’ll take this “easily” with a grain of salt :)

#21 Updated by Anonymous 2019-03-08 15:50:47

  • Description updated

#22 Updated by intrigeri 2020-02-27 08:10:43

  • related to Feature #14567: Investigate mobile messaging applications added

#23 Updated by syster 2020-03-06 12:44:21

  • related to Feature #17508: test xmpp in tails and its compatibility to mobile apps added