Re: [Tails-dev] Pidgin Protocols Safe?

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Pidgin Protocols Safe?
Hi,

adrelanos wrote (11 Oct 2012 17:16:44 GMT) :
> I am concerned about the many [1] protocols Pidgin supports.


Thanks for caring about this.

> Did you check, what kind of "innovative" features the other protocols
> have? I didn't check, but could imagine they include something similar
> like CTCP, dishonor proxy settings for file transfer, or send your IP
> somewhere. (STUN)


I don't think we've checked. Help is welcome :)

> Pidgin also contains STUN [4], a nice feature for clearnet use, but is
> it safe in Tails?


I don't think we have researched this.
Is it enabled? Is it easy to disable?

(BTW, link [4] is missing in your email.)

> Many of the protocols are proprietary. I find their so called
> "privacy policy" [2] and aup [3] highly questionable.


I doubt Tails should allow or filter access to remote content or
services depending on the remote side's privacy policies
and practices.

> Is support for AIM/ICQ/MSN/[...] important? It's fine for circumvention,
> if users want to chat with their existing list.


I think it's important to allow users to move part or all of their
computer activities to Tails, while keeping their existing
communication channels, at least to start with.

I think it's important to educate Internet users to use better
(privacy-wise) protocols, but it's not exactly part of the Tails
mission. I'm happy that other projects do the education part of
the work.

> But people looking for privacy, why should they sign up for
> AIM/ICQ/MSN/[...]? It's sad, that AIM is on the top of the
> protocol list.


I'm not sure what you mean here. Do you think people who want to
create their first IM account would choose the first in the Pidgin
protocols list? I believe most of them would choose what their
friends use.

Cheers!
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc