On Tue, Apr 2, 2013 at 9:11 PM, Ileana <[email protected]> wrote: > From my basic understanding, a tor/privacy setting should ensure:
All of my answers below apply to stock Pidgin when you select Tor/Privacy in the proxy settings- any third party plugins could change the behavior. Some effort has been put into making XMPP "safe" from a privacy perspective; other protocols have issues - good patches are always welcome. > *no local dns lookups (perhaps as an options checkbox) > socks4 automatically does lookup at end...there is no option. > socks5 you have option for local or remote dns in the spec. Most tor > users want remote, except in the case of TAILS a user might handle the > dns queeries locally(and then resolving them through for instance tor's > dns port). I think the same side is to do them remotely. The libpurple DNS functionality will be blocked - anything that can be done through the proxy will be done, otherwise the functionality will fail (for things using the libpurple DNS API). It's possible that protocols like gadu-gadu or sametime, which use external libraries to implement the protoco,l would make DNS requests without using the libpurple API. It looks like Bonjour/Link-Local accounts will send stuff out on your local network, because that's how the protocol works. > *real ip address never gets sent out This should be the case for XMPP. If libpurple/Pidgin is configured appropriately, it won't know what your external IP address is. > > *no other system information gets sent out(kernel version, uname, > os, etc) Your IRC account default settings contain some information from your OS user account, but you're free to change them. See https://developer.pidgin.im/ticket/15295 There may be other issues for other protocols > > *nothing that seems to be a unique identifier gets sent out upon > connect/reconnect. (i.e. ssl session ids, user agents/version, etc). Of course "unique" things will be sent out - you're connecting to a IM account and your account name will be sent out (and possibly your password too depending on what you're connecting to). > > *timestamps all converted to utc I'm not sure if there are places where your timezone or information that can be used to deduce your timezone are sent out, but I don't consider this sensitive. > *any functionality such as dcc where there is a direct connection to > the other client should either be disabled or also insure real ip is > not leaked. This wouldn't be a reasonable assumption to make for protocols other than XMPP. > I can't think of anything else off the top of my head, but I may have > missed something. > > If you are a developer and can point me to a link to the code that > handles the proxy settings, I would take a further look. libpurple/proxy.c _______________________________________________ [email protected] mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
