Using Pidgin with TOR

David Woolley forums at david-woolley.me.uk
Wed Feb 8 03:05:43 EST 2012


Ryan K wrote:
> 
> TOR reports that Pidgin has a bug that results in DNS leaks when using

What is TOR?

I've never heard of a DNS leak before.  Apparently it means that DNS is 
handled by the normal servers, rather than by those provided by some 
sort of anonymising proxy service.  The presumption is, presumably, that 
the ISP, possibly at the behest of the government, is doing traffic flow 
analysis on you by analyzing your DNS requests, to your disadvantage.

I'd be surprised if Pidgin uses anything other than standard OS services 
for DNS, so I'd suggest that this level of distrust of ISPs (and trust 
of the anonymising service) requires a deeper understanding of the 
complete system than the OP seems to have.  I would suggest you would 
need to be using a completely open source system, and have a good 
understanding of how it all works.

Maybe all it really means is that Pidgin uses DNS, presumably to 
validate addresses, or canonicalise them.

> XMPP.  If I use Pidgin with only other Pidgin users, do I require XMPP.  
> Can XMPP be disabled? 

XMPP can be disabled by removing the relevant plugin.  You will lose the 
ability to access Facebook and Google instant messaging services, as 
well as most corporate ones.  Of course, simply not using XMPP based 
services will mean that the XMPP code is never run, which will also 
avoid any DNS related code that it contains being run.

You should, of course, verify this by inspection of the source code, as 
you can't trust us!

On the other hand, maybe the "troll" in the username is not far from the 
truth.


-- 
David Woolley
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.



More information about the Support mailing list