Skip to content
GitLab

replace_Pidgin · Changes

Page history
Adjust for ikiwiki → GitLab wiki authored by intrigeri's avatar intrigeri
Hide whitespace changes
Inline Side-by-side
replace_Pidgin.md
View page @ a5d53a93
Corresponding ticket: [[!tails_ticket 8573]]
Corresponding ticket: tails/tails#8573
We want to replace Pidgin with a more secure IM client.
This document lists our requirements and candidate clients, along with their pros and cons.
[[!toc levels=3]]
[[_TOC_]]
# Requirements
......@@ -53,8 +55,8 @@ Ideally, some usability study for the OMEMO user interface has been done.
Resources:
- [clients support](https://omemo.top/)
- [[!tails_gitlab 11541]]
- [[!wikipedia OMEMO]]
- [11541](https://gitlab.tails.boum.org/11541)
- [OMEMO](https://en.wikipedia.org/wiki/OMEMO)
- [XEP-0384](http://xmpp.org/extensions/xep-0384.html)
### Support for OTR
......@@ -92,7 +94,7 @@ The client must support XMPP conference rooms [(XEP-0045)](https://xmpp.org/exte
* supports XMPP, OMEMO and OpenPGP; OTR support is
[not high on the todo list](https://github.com/dino/dino/issues/97)
* Supports Tor, works in Tails. [Wiki page on Dino with Tor](https://github.com/dino/dino/wiki/Tor)
* is [[!debpts dino-im desc="in Debian"]] Buster
* is [in Debian](https://tracker.debian.org/pkg/dino%2Dim) Buster
* the Debian maintainer wants to add an AppArmor profile and got in
touch with intrigeri about it
* Translated into 25+ languages
......@@ -117,11 +119,11 @@ The client must support XMPP conference rooms [(XEP-0045)](https://xmpp.org/exte
- In 2019, [Multiple protocol implementation
errors](https://gultsch.de/dino_multiple.html) were discovered in Dino:
- [[!cve CVE-2019-16237]]: an attacker can send messages in the name of someone else
- [CVE-2019-16237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE%2D2019%2D16237): an attacker can send messages in the name of someone else
(previously found in other XMPP clients: CVE-2017-5589+)
- [[!cve CVE-2019-16236]]: remote attackers can modify the roster (previously
- [CVE-2019-16236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE%2D2019%2D16236): remote attackers can modify the roster (previously
found in Gajim: CVE-2015-8688)
- [[!cve CVE-2019-16235]]: does not properly check the source of a carbons message
- [CVE-2019-16235](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE%2D2019%2D16235): does not properly check the source of a carbons message
As that document says, "When confronted with the fact that the same trivial
vulnerabilities have been discovered in multiple, independent clients one
......@@ -161,12 +163,12 @@ The client must support XMPP conference rooms [(XEP-0045)](https://xmpp.org/exte
- D-Bus capabilities: can be disabled?
- Track record:
- [[!cve CVE-2016-10376]]: allows being controlled by the XMPP server
- [[!cve CVE-2015-8688]]: remote attackers can modify the roster and intercept
- [CVE-2016-10376](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE%2D2016%2D10376): allows being controlled by the XMPP server
- [CVE-2015-8688](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE%2D2015%2D8688): remote attackers can modify the roster and intercept
messages
- [[!cve CVE-2012-5524]]: custom SSL certificate verification callback
- [CVE-2012-5524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE%2D2012%2D5524): custom SSL certificate verification callback
accepted CA-signed certificates for any domain.
- [[!cve CVE-2012-2085]] aka. https://dev.gajim.org/gajim/gajim/-/issues/7031:
- [CVE-2012-2085](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE%2D2012%2D2085) aka. https://dev.gajim.org/gajim/gajim/-/issues/7031:
remote code execution by building command lines out of untrusted input.
- Gajim ships with a plugin called "plugin installer" which allows a user to
......@@ -212,7 +214,7 @@ The client must support XMPP conference rooms [(XEP-0045)](https://xmpp.org/exte
* Supports importing accounts from Pidgin.
* No logging, no clickable links.
* Not audited.
* Test results in Tails: [[!tails_ticket 8574]]
* Test results in Tails: tails/tails#8574
* No OMEMO support.
### Thunderbird
......@@ -221,7 +223,7 @@ The client must support XMPP conference rooms [(XEP-0045)](https://xmpp.org/exte
pref: <https://wiki.mozilla.org/Thunderbird:OTR>
* No OMEMO support: <https://bugzilla.mozilla.org/show_bug.cgi?id=1237416>
### Tor Messenger ([[!tails_ticket 8577]])
### Tor Messenger (tails/tails#8577)
Tor Messenger is no more: https://blog.torproject.org/sunsetting-tor-messenger
......@@ -235,7 +237,7 @@ Tor Messenger is no more: https://blog.torproject.org/sunsetting-tor-messenger
since we are looking for a "Pidgin replacement".
* It has support for "temporary XMPP accounts" that require no
registration (no user input!) which would be useful for our support
channel (see [[!tails_ticket 11307]]).
channel (see tails/tails#11307).
* Tor Messenger provides Linux packages but is not in Debian :(
* FWIW: Tor Messenger got 30K USD funding in 2017!
* FWIW: anonym has been happy using it exclusively for chatting since
......@@ -244,9 +246,10 @@ Tor Messenger is no more: https://blog.torproject.org/sunsetting-tor-messenger
and is meant to be
[replaced by future improvements in _Thunderbird_'s chat features](http://blog.queze.net/post/2017/10/18/Thunderbird-is-the-next-version-of-Instantbird)
(although _Thunderbird_'s future is unclear as well). To follow
along, subscribe to the [[!mozbug 1409891 desc="meta tracking bug"]]
along, subscribe to the [meta tracking bug](https://bugzilla.mozilla.org/show_bug.cgi?id=1409891)
and the ones it depends on. The _Tor Messenger_ developers
intend to
[follow suit](https://lists.torproject.org/pipermail/tor-project/2017-October/001521.html)
and create a _Tor Communicator_ bundle based on _Thunderbird_, that
would handle both email and chat.