I am afraid that I do not know much about this type of thing. That is why I
ask questions. It is very important to me however that I ensure my own
security and the security of those I communicate with. It is a matter of
freedom of speech. I sense some hostility in your reply. I'm not sure why. I
assume it is contempt for anyone who does not understand code. At least I am
capable of understanding the complexities of common courtesy.
Ryan
> Date: Wed, 8 Feb 2012 08:05:43 +0000
> From: for...@david-woolley.me.uk
> To: travellintr...@hotmail.com
> CC: support@pidgin.im
> Subject: Re: Using Pidgin with TOR
>
> Ryan K wrote:
> >
> > TOR reports that Pidgin has a bug that results in DNS leaks when using
>
> What is TOR?
>
> I've never heard of a DNS leak before. Apparently it means that DNS is
> handled by the normal servers, rather than by those provided by some
> sort of anonymising proxy service. The presumption is, presumably, that
> the ISP, possibly at the behest of the government, is doing traffic flow
> analysis on you by analyzing your DNS requests, to your disadvantage.
>
> I'd be surprised if Pidgin uses anything other than standard OS services
> for DNS, so I'd suggest that this level of distrust of ISPs (and trust
> of the anonymising service) requires a deeper understanding of the
> complete system than the OP seems to have. I would suggest you would
> need to be using a completely open source system, and have a good
> understanding of how it all works.
>
> Maybe all it really means is that Pidgin uses DNS, presumably to
> validate addresses, or canonicalise them.
>
> > XMPP. If I use Pidgin with only other Pidgin users, do I require XMPP.
> > Can XMPP be disabled?
>
> XMPP can be disabled by removing the relevant plugin. You will lose the
> ability to access Facebook and Google instant messaging services, as
> well as most corporate ones. Of course, simply not using XMPP based
> services will mean that the XMPP code is never run, which will also
> avoid any DNS related code that it contains being run.
>
> You should, of course, verify this by inspection of the source code, as
> you can't trust us!
>
> On the other hand, maybe the "troll" in the username is not far from the
> truth.
>
>
> --
> David Woolley
> Emails are not formal business letters, whatever businesses may want.
> RFC1855 says there should be an address here, but, in a world of spam,
> that is no longer good advice, as archive address hiding may not work.
_______________________________________________
Support@pidgin.im mailing list
Want to unsubscribe? Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support
