[tor-talk] pidgin and tor

[sh-expires-12-2015 at quantentunnel.de]

On Mon, Sep 28, 2015 at 09:51:30PM +0000, mtsio wrote:
> Is it safe to use pidgin over tor?

It depends on which protocols you use, since pidgin
is a mulitprotocol instant messaging client and behaves
quite different depending on protocols used/involved.

With Tor, TLS[1], XMPP[2] and OTR[3] it gets pretty private.

A common problem is not all XMPP, IRC, SILC or IM-provider
accept connections from or to Tor-exit nodes nowadays.

And even if Alice uses TLS, it may be not enough, so we need OTR
too, to establish a private end to end communication over XMPP 
between Alice and Bob (you are Alice, I am Bob):

Maybe this helps a little, protocolwise it may look like this:
   [Alice]<-OTR-XMPP-TLS->Tor<->Tor-exit<->Alice's XMPP provider \
   <->Bob's XMPP provider<-[Maybe Bob is using TLS]-XMPP-OTR->[Bob]

Usually, XMPP and most instant messaging involves some form of identity
or account that is authorized. I can't say much about other protocols that
pidgin offers, ymmv. One always wants TLS for a more or less secured
connection between client and an involved server and OTR for the resulting 
end-to-end communication over the instant messaging protocol for the
involved parties.

No matter if you use XMPP or another instant messaging or chat protocol,
OTR solves that problem pretty well, independet of the instant messaging
protocol.

If you are looking for an alternative to pidgin, try profanity.im
for XMPP, if you are looking for a more decentralized approach to
instant messages take a look at tox.im (DHT-like approach).

Historically, you should doubt any promises of security, that you can't
verify.

Another alternative could be talk[4] over an SSH-tunnel using Tor's
hiddenservice.

For more information about the involved protocols refer to:
1) https://en.wikipedia.org/wiki/Transport_Layer_Security
2) https://en.wikipedia.org/wiki/XMPP
3) https://en.wikipedia.org/wiki/Off-the-Record_Messaging
4) http://linux.die.net/man/1/talk

Enjoy.