If I want to use XMPP in tails which app should I use? Built in pidgin, considering by them Dino, Gaijim, Conversations, Monal or any other?
Also if I would choose built in pidgin, is it worthy to install OMEMO plugin? If it isn’t already in
Pidgin is one of the worst XMPP clients you could use.
Pidgin supports most protocols and OTR end-to-end encrypted chat. However, it is not recommended because it has a very poor security record with many remotely exploitable bugs. Security researcher and developer Micah Lee notes this is the result of reliance on legacy protocols and the libpurple, libotr and libxml libraries which are: “… massive, written in C/C++, and are littered with memory corruption bugs. …”
Pidgin also leaks your system information and timezone with no way to disable this. Most other clients do have an option to hide this.
OMEMO is strongly preferred over OTR (some clients don’t support this anymore and the ones that do I guess only do so for compatibility). I don’t think Pidgin fully supports it.
2 Likes
Most of the apps you list aren’t even for Linux.
You want either Dino or Gajim. The former is more simple, the latter has more configuration/features.
1 Like
Ideally avoid XMPP entirely if you can. If you’re just looking for a decentralized and anonymous messenger, SimpleX Chat should be suitable. Even Element (Matrix) would be better.
Privium pointed out that Pidgin (comes with Tails preconfigured to use OTR) probably isn’t the best option. To expand on what AstraKitten said, Gajim and Dino seem to be better options. Tails has considered replacing Pidgin with Dino and even had documentation on how to install it, but it’s now outdated and it seems the community has preferred Gajim since 2022, but Tails has yet to catch up for whatever reason.
So the TL;DR is that Gajim is probably best, but it’s XMPP so you’ll still suffer from some major privacy and security issues no matter what you choose.
Yes, it seems OTR is largely being deprecated in favour of the more modern OMEMO. If my memory serves correctly, it doesn’t encrypt everything and hasn’t been formally verified, so you’re still much better off picking one of the alternative messengers I suggested in the beginning.
1 Like
Matrix isn’t decentralized if most users use Element and the official Matrix.org server. XMPP doesn’t have that issue.
Due to the nature of this forum and this question, I was speaking in terms of privacy/security. It is due to privacy and security issues that both XMPP and other Matrix clients were never recommended by Privacy Guides. Degrees of decentralization is off-topic here (unless OP clarifies that they’re specifically looking for that) and we’ve already discussed the issues with federation separately in the past. If I recall correctly, my primary recommendation (SimpleX Chat) is decentralized (perhaps even more so than XMPP?) without being federated.
It has many other issues, such as centralizing power to servers (like all federated platforms) and suffering from abysmal privacy/security flaws, which is what is most relevant here.
1 Like
As if centralized platforms didn’t do the same? Centralized platforms are worse in this regard.
Like what? Not being Signal? Signal requiring a phone number is an abysmal privacy flaw.