Delivery-Date: Tue, 29 Sep 2015 14:58:52 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 954521E02C0;
	Tue, 29 Sep 2015 14:58:50 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 85FD0375E6;
	Tue, 29 Sep 2015 18:58:44 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 62AC3375BB
 for <tor-talk@lists.torproject.org>; Tue, 29 Sep 2015 18:58:41 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id cAx53wop8bFw for <tor-talk@lists.torproject.org>;
 Tue, 29 Sep 2015 18:58:41 +0000 (UTC)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 29A41373BF
 for <tor-talk@lists.torproject.org>; Tue, 29 Sep 2015 18:58:37 +0000 (UTC)
Received: from localhost ([96.44.189.100]) by mail.gmx.com (mrgmx001) with
 ESMTPSA (Nemesis) id 0M6ilI-1ad4N32OQu-00wWi3 for
 <tor-talk@lists.torproject.org>; Tue, 29 Sep 2015 20:58:34 +0200
Date: Tue, 29 Sep 2015 20:57:55 +0200
From: "sh-expires-12-2015@quantentunnel.de"
 <sh-expires-12-2015@quantentunnel.de>
To: tor-talk@lists.torproject.org
Message-ID: <20150929183850.GA4462@localhost.localdomain>
References: <5609B662.8010702@cryptolab.net>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <5609B662.8010702@cryptolab.net>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Provags-ID: V03:K0:AQxQfzsO02/j+/t+Hf/mZUNgapYQ14n7RinnqSZFnYRKDIbNw1G
 JWwMTSmo17wyL/AbmKEYZ3tQEUXDJP88GC4sAXTmEk0OyCGf4O5wUKnjwdNv1Js8MMEWi3i
 aqip52HsD/m/0aW3hBbHBhjOCEQ86+nu3MKvBOMph4EfSoWMQTNFj1NQT6LB1WI6tMSb3TR
 2qi2du/dWmuTmwDr6qcNg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:OC6ndt2M7vg=:J/BW7sjDSc3JtSk3c9rU9O
 ynoRBOglzyh5ZB1WgKefLB2UVE7ehBNH9n4ZDEGlt4xEve6E+dKrf2dVX6NKprJYeExS65HET
 9by4weELxbj8EknZspHDkgyJ842fiRqsZvwT+705Q4t1Bj9wX/KxeQdshKERjYLAJVeRURN8K
 gpf15aBfVtKRbcP4RjxBRL1ZkwdrTUNlzzlO6J8E9q7ypRJWLdFC0r4+M48Lu27TulIEr1shP
 FJFHls4HssyyDM9EiSFn86/S/cYGNLidcx7TUogOn9oLBTLEADBm3BlovHLIn5Q+0lGe+r41z
 9+nlPlcAhymBfRNiHiKY2GYdavo543BDIrbZfhgAiaC246okSrBcTVBcvDdtKTzRHWf/lW1/x
 MyRXzGxdvDs9xGrg35oqG3cWwPd1ieBVcC223AJnouvBOR2WUV0/hydTEA0SrnVSGpC9U/ABA
 rNycCzt8LV5D8DC18lNCs/xThQX079bDUln42iREULPMoCKP/s3q/BrWIOAlg0nHP+hFYtOKM
 VMmu6beM+ZSVEf79rj3y1TTjGaHJgaEeyPAp32OlbYOkyKvpbzf501MGgTFgxfwFbWE1ksYr6
 G8yDXSKik8fZtRjPKWAC8EHQSNNLcglRJ9Ne+erTDH0Tez4CfVAAKKdmAOKodeDbOhh4E96Cp
 EYYli8UAUbY7L44NqGotGT5V/LSIsDcIsrzcMORFPrOEK5K8um72OA+DZ6zwcaXBs1gPh5r7O
 fiORQr9kIElQUq76FqniJX5XHutpaZPRFTLuHQ==
Subject: Re: [tor-talk] pidgin and tor
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Mon, Sep 28, 2015 at 09:51:30PM +0000, mtsio wrote:
> Is it safe to use pidgin over tor?

It depends on which protocols you use, since pidgin
is a mulitprotocol instant messaging client and behaves
quite different depending on protocols used/involved.

With Tor, TLS[1], XMPP[2] and OTR[3] it gets pretty private.

A common problem is not all XMPP, IRC, SILC or IM-provider
accept connections from or to Tor-exit nodes nowadays.

And even if Alice uses TLS, it may be not enough, so we need OTR
too, to establish a private end to end communication over XMPP 
between Alice and Bob (you are Alice, I am Bob):

Maybe this helps a little, protocolwise it may look like this:
   [Alice]<-OTR-XMPP-TLS->Tor<->Tor-exit<->Alice's XMPP provider \
   <->Bob's XMPP provider<-[Maybe Bob is using TLS]-XMPP-OTR->[Bob]

Usually, XMPP and most instant messaging involves some form of identity
or account that is authorized. I can't say much about other protocols that
pidgin offers, ymmv. One always wants TLS for a more or less secured
connection between client and an involved server and OTR for the resulting 
end-to-end communication over the instant messaging protocol for the
involved parties.

No matter if you use XMPP or another instant messaging or chat protocol,
OTR solves that problem pretty well, independet of the instant messaging
protocol.

If you are looking for an alternative to pidgin, try profanity.im
for XMPP, if you are looking for a more decentralized approach to
instant messages take a look at tox.im (DHT-like approach).

Historically, you should doubt any promises of security, that you can't
verify.

Another alternative could be talk[4] over an SSH-tunnel using Tor's
hiddenservice.

For more information about the involved protocols refer to:
1) https://en.wikipedia.org/wiki/Transport_Layer_Security
2) https://en.wikipedia.org/wiki/XMPP
3) https://en.wikipedia.org/wiki/Off-the-Record_Messaging
4) http://linux.die.net/man/1/talk

Enjoy.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

