@@ -3,7 +3,9 @@ Also tracked by ticket: [[!tails_ticket 10181]]
What's the problem
------------------
some ideas/suggestions:
We want the Tails community to be diverse. In order to achieve this, our documentation should be the most welcoming possible, to all spectra of gender and provide the same openness in all translations. Also see [Debian's diversity statement](https://www.debian.org/intro/diversity).
- [The Citizen Lab: Reckless Exploit Mexican Journalists, Lawyers, and a Child Targeted with NSO Spyware](https://citizenlab.ca/2017/06/reckless-exploit-mexico-nso/)
- [Wikipedia: List of journalists and media workers killed in Mexico](https://en.wikipedia.org/wiki/List_of_journalists_and_media_workers_killed_in_Mexico)
- Interviews
- [[Claudia & Felix|interviews#Claudia]]
- [[Joana & Orlando|interviews#Joana]]
- [Digital Rights Foundation: Digital (In)security of Journalists in Pakistan](https://digitalrightsfoundation.pk/wp-content/uploads/2018/01/Report-Digi-Insecurity-of-Journos.pdf)
- [Javier Garza Ramos, Journalist Security in the Digital World](http://www.cima.ned.org/wp-content/uploads/2016/03/CIMA-Journalist-Digital-Tools-03-01-15.pdf)
@@ -206,6 +206,13 @@ it's not the case. One downside is, that observing the entropy pool costs
randomness, so this may have to be implemented with care or is worth
discussing/researching the costs/benefits.
## Also see
* [Schleuder thread about haveged](https://0xacab.org/schleuder/schleuder/issues/194)
* The
[federal office for IT security in Germany analysed the rng in linux kernel 4.9 and all changes made up to 4.17](https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/LinuxRNG/LinuxRNG_EN.pdf?__blob=publicationFile&v=10).
* [checking for available entropy](https://salsa.debian.org/tookmund-guest/pgpcr/issues/16)
## Related tickets
This is about [[!tails_ticket 7642]], [[!tails_ticket 7675]],
@@ -4,12 +4,13 @@ It would be nice to replace Pidgin with another secure IM client. Unfortunately
The document can also list candidate clients together with some indication where they are lacking (and where they shine).
TODO: Would a pair of two separate client (XMPP and IRC) also be okay, or are we only looking for a single client that can do both? In fact, it is not even clear if Tails needs to contain an IRC client at all, after #tails and #tails-dev have been moved to XMPP.
[[!toc levels=3]]
# Requirements
**Note**: this is a work in progress. See [[!tails_ticket 11686]]
and its blockers for the next steps.
**Note**: the key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
"SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
...
...
@@ -62,6 +63,15 @@ TODO: Pidgin already has an apparmor profile; should we require that a replaceme
The client MUST NOT save logs of conversations.
### Candidates
Suggested by sajolida on <https://mailman.boum.org/pipermail/tails-dev/2016-January/010123.html>:
* private group chat
* search and archive past public communications
* offline-friendliness
* <https://dymaxion.org/essays/pleasestop.html>
## XMPP (Jabber)
*( Here is a [list](https://developer.pidgin.im/wiki/SupportedXEPs) of XMPP extensions supported by Pidgin )*
...
...
@@ -75,16 +85,22 @@ The client must support SASL authentication.
# Candidate alternatives
## CoyIM (based on xmpp-client) ([[!tails_ticket 8574]])
## CoyIM
* [Homepage](https://coy.im/)
* [Github](https://github.com/twstrike/coyim/)
* [Github](https://github.com/coyim/coyim/)
* CoyIM only supports XMPP.
* CoyIM [is in Debian](https://tracker.debian.org/pkg/coyim)
* Support for multi-user chatrooms (MUC) is [in
progress](https://github.com/coyim/coyim/projects/2) and lacks some
important features such as having a persistent list of rooms
persistently saved in the configuration
* Supports Tor, TLS, OTR
* Supports creation of random accounts.
* Supports importing accounts from Pidgin.
* No logging, no clickable links.
* Not audited.
* Test results in Tails: [[!tails_ticket 8574]]
## dino
...
...
@@ -92,7 +108,7 @@ The client must support SASL authentication.
* implemented in GTK+/Vala
* supports XMPP and OMEMO; OTR support is
[not high on the todo list](https://github.com/dino/dino/issues/97)
* is be [[!debpts dino-im desc="in Debian"]] experimental
* is [[!debpts dino-im desc="in Debian"]] Buster
* the Debian maintainer wants to add an AppArmor profile and got in