What's with all the hostility?

Ryan K travellintroll at hotmail.com
Wed Feb 8 08:21:45 EST 2012


I am afraid that I do not know much about this type of thing.  That is why I ask questions.  It is very important to me however that I ensure my own security and the security of those I communicate with.  It is a matter of freedom of speech.  I sense some hostility in your reply.  I'm not sure why.  I assume it is contempt for anyone who does not understand code.  At least I am capable of understanding the complexities of common courtesy.  

Ryan

> Date: Wed, 8 Feb 2012 08:05:43 +0000
> From: forums at david-woolley.me.uk
> To: travellintroll at hotmail.com
> CC: support at pidgin.im
> Subject: Re: Using Pidgin with TOR
> 
> Ryan K wrote:
> > 
> > TOR reports that Pidgin has a bug that results in DNS leaks when using
> 
> What is TOR?
> 
> I've never heard of a DNS leak before.  Apparently it means that DNS is 
> handled by the normal servers, rather than by those provided by some 
> sort of anonymising proxy service.  The presumption is, presumably, that 
> the ISP, possibly at the behest of the government, is doing traffic flow 
> analysis on you by analyzing your DNS requests, to your disadvantage.
> 
> I'd be surprised if Pidgin uses anything other than standard OS services 
> for DNS, so I'd suggest that this level of distrust of ISPs (and trust 
> of the anonymising service) requires a deeper understanding of the 
> complete system than the OP seems to have.  I would suggest you would 
> need to be using a completely open source system, and have a good 
> understanding of how it all works.
> 
> Maybe all it really means is that Pidgin uses DNS, presumably to 
> validate addresses, or canonicalise them.
> 
> > XMPP.  If I use Pidgin with only other Pidgin users, do I require XMPP.  
> > Can XMPP be disabled? 
> 
> XMPP can be disabled by removing the relevant plugin.  You will lose the 
> ability to access Facebook and Google instant messaging services, as 
> well as most corporate ones.  Of course, simply not using XMPP based 
> services will mean that the XMPP code is never run, which will also 
> avoid any DNS related code that it contains being run.
> 
> You should, of course, verify this by inspection of the source code, as 
> you can't trust us!
> 
> On the other hand, maybe the "troll" in the username is not far from the 
> truth.
> 
> 
> -- 
> David Woolley
> Emails are not formal business letters, whatever businesses may want.
> RFC1855 says there should be an address here, but, in a world of spam,
> that is no longer good advice, as archive address hiding may not work.
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/pipermail/support/attachments/20120208/43fc9742/attachment.html>


More information about the Support mailing list