Delivery-Date: Thu, 08 Oct 2015 15:11:12 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id AAC511E0B52;
	Thu,  8 Oct 2015 15:11:10 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 96EDF371C8;
	Thu,  8 Oct 2015 19:11:05 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id E79F536CA0
 for <tor-talk@lists.torproject.org>; Thu,  8 Oct 2015 19:11:01 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id eICLc-i_FCp6 for <tor-talk@lists.torproject.org>;
 Thu,  8 Oct 2015 19:11:01 +0000 (UTC)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id A6C8A36705
 for <tor-talk@lists.torproject.org>; Thu,  8 Oct 2015 19:11:01 +0000 (UTC)
Received: from localhost ([195.189.227.70]) by mail.gmx.com (mrgmx102) with
 ESMTPSA (Nemesis) id 0LtlG5-1aivdF44f7-011EZs for
 <tor-talk@lists.torproject.org>; Thu, 08 Oct 2015 21:10:57 +0200
Date: Thu, 8 Oct 2015 21:10:15 +0200
From: "sh-expires-12-2015@quantentunnel.de"
 <sh-expires-12-2015@quantentunnel.de>
To: tor-talk@lists.torproject.org
Message-ID: <20151008191015.GC30048@localhost.localdomain>
References: <5609B662.8010702@cryptolab.net> <560A62FD.7070308@pimienta.org>
 <829658081.4249.1443539214512.JavaMail.open-xchange@ox1app>
 <560B1BEF.20203@bitmessage.ch>
 <CAJVRA1T_7RJEHQv9wcbTwSnv+05cKxE2TmRUYa08oTRYPDddeA@mail.gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <CAJVRA1T_7RJEHQv9wcbTwSnv+05cKxE2TmRUYa08oTRYPDddeA@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Provags-ID: V03:K0:TAsrMG4k61dsGaySxs8H+FHGG6l/bZ+wf5DiIOTDdTTaYAnXFXj
 48pCS8yqHHPBJ68i+KP8Y1XQzVCrYrEEHU72TxzAcCzicUxzsxJAuA0nG7hFzy4sKwoPDYo
 jM8NqM5l6OwkuTNBw7fZcrLb5mTagXJDMIIBmj4rXk0i2+70qUcYpWvFGROMnD0HXxg8D5w
 YVijDaRs6q6B84cnLW1sw==
X-UI-Out-Filterresults: notjunk:1;V01:K0:ELc7/50OVZo=:zyO5PqvSu4hz3rKELVoFW1
 3UuHfdFtYV2ITubUd/HDEm4MqOG55Ko+EIN77t/XvMalGHZHnnJV6Bl2G4AV67ry71h0uUmD0
 EQtL4Rf/YQjFQMFVbxPolFLskajSKvWrvZxWL9ZS/r/LYPoZ1dUjS4mA9hupnmwtkUp3Dd+6f
 NdkndTNSzYbBzQUt8k5MJAEH/rbmrSOPlbTO7hb9F9kq4Pgan4ddrEC703CCcgV2vSmde4Hl0
 5cNv4HjL7DLtJ9THC1Mu+eVkYsNlULUTD5xdfzUAwaVqF5lb8ecT0xr193k7vpS8SW3dn5cyV
 3T7EOKKSkiPJWj+RTk+ObeoHchWkdCQGpnIt8yMkitbHocpDJea6+q78zXfMD1CLfkxQgczNV
 wwX22NFyII62bTfvu0BhVxDgChs9oFX9Tx7BKAk6D4TS4Cs4DIRVtTBycw3r9MZzCXomYuXcR
 NHX4REYB/1OsnME28oG440pdisYdwm3ekGY1QbIv5Tpiwvp3Pey3IrN2pss4gB56v9Ma6zyPT
 gPhmzY7jtfmwnn+GBvpPSLiXVHduGl2O87gZlPSsRVhe9imwejNn0ZNBQedklSDxf86uJedtv
 +EiEjz7FtoNohmNoyTLrT9m3scUH6qzw7XOy5tLFl2w0z/XslXhzCaxAucA5REwA/4vXGvDwJ
 FJLSj5p4qkGpOVOtUTozSrb9Fy7Igxl7+KiGgtCgZJ027lgThetGifeJkwtYo/hu+1pqS5b2Y
 tukt/Mqfsj64IWwvhYYxWxAZOQSNPG+08XjBLSCwYbEKHslt487I5SOqbppgzKVjMXcsh0/An
 jespjM2
Subject: Re: [tor-talk] pidgin and tor
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Mon, Oct 05, 2015 at 04:00:36PM -0700, coderman wrote:
> the primary problem with Pidgin is libpurple [
> https://pidgin.im/news/security/ ] and a more appropriate mitigation
> would be Qubes isolation, perhaps Whonix-Qubes on new 3.0. :)

One of the major problems is the design of Pidign, which tries
to build a convenient IM client before it takes security into
consideration - or that is my observation since its inception:

ldd /usr/bin/pidgin | wc -l result 78
ldd /usr/bin/irssi | wc -l result 16

Many supported protocols lack this consideration too, all
Pidgin does is to inherit a lot of broken stuff, and I mean A LOT.

Still, it is possible to a achieve a high degree of privacy.
The amount of "security" will vary and depend on many factors.

A vm is none of them:
Confining it, doesn't make it more secure, and it mitigates nothing in 
pidgin or libpurple. A broken IM client is still broken, even when 
confined (I am tempted to say buried) in a VM.

If OP has to rely on an IM, like pidgin or a protocol, there is no more 
or added "security" by putting it into a vm or container.
All he gains is isolation in a best case scenario. A vm doesn't
add privacy, anonymity, security or authenticity, it is the contrary;
it adds complexity, which we should avoid.

Honestly, let's recommend a more secure implemenation 
of the protocol OP wishes to use and educate OP how to use it in
a manner, that neither privacy and anonymity of the involved parties
are compromised and the authenticity of the exchanged messages is given.

Using Tor with Pidgin, we are at a disadvantage:
All supported protocols, require a 3rd party to operate, most
of them are proprietary iirc. If you want to use one of them with Tor, 
you are clearly at a disadvantage since you have to rely on another party
to manage your communications. 

A accetable workaround could be to establish communication 
(since we already use Tor) using a hidden service.

I know of one approach, to write a plugin that uses hiddenservices.

> as indicated in the thread, there are not any good alternatives.
> xmpp-client and irssi-xmpp-otr, others quite weird usability wise.
>    [old schoolers may disagree *grin*]

You can add an arbitrary amount of protocols (and vms, UX and whatnot) 
to pidgin and chances are pretty high, you become more and more vulnerable.
Best case is a lot of overhead and nothing else.

Anyway, aren't the new school's approaches or paradigms like XML or SOAP some 
of the major sources of problems in Pidgin, along with smiley-themes and
buddy-icons? That is the impression I get.

If security is a result of good design, good design is when there
is nothing left to remove and the design is still secure.

Contrary to the popular misconception, that security is some kind of
fairydust, product or duct-tape that we can apply to protocols or software
afterwarts.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

