On Tue, 2 Apr 2013 22:36:51 -0400 Daniel Atallah <datal...@pidgin.im> wrote:
> On Tue, Apr 2, 2013 at 9:11 PM, Ileana > <ile...@fairieunderground.info> wrote: > > From my basic understanding, a tor/privacy setting should ensure: > > All of my answers below apply to stock Pidgin when you select > Tor/Privacy in the proxy settings- any third party plugins could > change the behavior. > > Some effort has been put into making XMPP "safe" from a privacy > perspective; other protocols have issues - good patches are always > welcome. Well thanks for the effort. > > > *no local dns lookups (perhaps as an options checkbox) > > socks4 automatically does lookup at end...there is no option. > > socks5 you have option for local or remote dns in the spec. Most > > tor users want remote, except in the case of TAILS a user might > > handle the dns queeries locally(and then resolving them through for > > instance tor's dns port). I think the same side is to do them > > remotely. > > The libpurple DNS functionality will be blocked - anything that can be > done through the proxy will be done, otherwise the functionality will > fail (for things using the libpurple DNS API). > > It's possible that protocols like gadu-gadu or sametime, which use > external libraries to implement the protoco,l would make DNS requests > without using the libpurple API. > > It looks like Bonjour/Link-Local accounts will send stuff out on your > local network, because that's how the protocol works. > > > *real ip address never gets sent out > > This should be the case for XMPP. > > If libpurple/Pidgin is configured appropriately, it won't know what > your external IP address is. > > > > > *no other system information gets sent out(kernel version, uname, > > os, etc) > > Your IRC account default settings contain some information from your > OS user account, but you're free to change them. > > See https://developer.pidgin.im/ticket/15295 > > There may be other issues for other protocols > > > > > *nothing that seems to be a unique identifier gets sent out upon > > connect/reconnect. (i.e. ssl session ids, user agents/version, etc). > > Of course "unique" things will be sent out - you're connecting to a IM > account and your account name will be sent out (and possibly your > password too depending on what you're connecting to). Everyone disagrees about the "User Agent" issue and this has been a big pain in the butt across applications from browsers to torrent to chat. It seems XMPP/Pidgin does send out the timezone and pidgin version/libpurple version. Seems like minor non-senstive stuff but it does allow partitioning of the userspace. > > > > > *timestamps all converted to utc > > I'm not sure if there are places where your timezone or information > that can be used to deduce your timezone are sent out, but I don't > consider this sensitive. > > > *any functionality such as dcc where there is a direct connection to > > the other client should either be disabled or also insure real ip is > > not leaked. > > This wouldn't be a reasonable assumption to make for protocols other > than XMPP. > > > I can't think of anything else off the top of my head, but I may > > have missed something. > > > > If you are a developer and can point me to a link to the code that > > handles the proxy settings, I would take a further look. > > libpurple/proxy.c Thanks for the info. I will take a look at it. _______________________________________________ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support