Pidgin 3.0 Experimental 1 Has been released

7 points by rw_grim 6 months ago | 9 comments
  • LinuxBender 6 months ago
    Will it still support OTR (E2EE not dependent on the protocol in use) for all the protocols it implements? Meaning whether or not a platform has pseudo E2EE, will Pidgin 3.0+ eventually support using it's own E2EE especially if cranky old farts like me do not and will never trust server managed pseudo E2EE? Bonus if pre-shared secrets and keys can be shared out of band.

    Hypothetical Use Case: A bunch of agents and I want to use a XMPP platform hosted by the cartel to raid the cartel and even if they suspect we are agents and even if they backdoor eJabber's own E2EE it would be literally impossible for them to decode the messages as we shared our OTR keys ahead of time on a private LAN or a USB or a stack of QR codes or some punch cards or ribbon tape strapped to carrier pidgins and have our own E2EE on top of their pseudo E2EE.

    Dictionary: I created the term pseudo E2EE for any of the big centralized platforms that claim to use E2EE and use some client encryption magical incantations from code maintained by said platform. This is not real E2EE regardless of what magical explanation anyone gives.

    • MattJ100 6 months ago
      I agree with you that "server-managed" E2EE wouldn't really be E2EE, and I agree about most proprietary platforms lacking the necessary transparency around this.

      From the XMPP perspective though, I want to clarify that ejabberd does not have "its own E2EE" and the E2EE that is used in modern XMPP apps (OMEMO) is client-managed and allows you to verify keys using e.g. a QR code.

      OTR's limitations are quite significant (lack of file sharing, group chats, offline messages, to name a few). I don't think that helps E2EE adoption. Unless someone picks up the OTRv4 work, but even that had excluded some of those items from its scope IIRC.

      • LinuxBender 6 months ago
        OTR's limitations are quite significant (lack of file sharing, group chats, offline messages, to name a few). I don't think that helps E2EE adoption.

        Absolutely fair points. I suppose a part of me was hoping that if it were adopted then work would continue on it with a new set of eyes looking into the limitations.

      • rw_grim 6 months ago
        We haven't started tackling ee2e yet, but we'll have extension points to add custom stuff because of xmpp has 3 e2ee methods, gpg, otr, and, omemeo with a new one on the way as well.
      • gnabgib 6 months ago
        Super recent discussion Pidgin 3.0.0 Experimental 1 Announcement (93 points, 39 days ago, 48 comments) https://news.ycombinator.com/item?id=42211320
        • rw_grim 6 months ago
          We’re live on Flathub Beta now!! Flathub Beta means it won’t show up on the site, but it’ll show up in GNOME Software and other app stores after you add the Flathub Beta remote. You can find instructions on how to do so here https://discourse.imfreedom.org/t/pidgin-3-on-flathub-beta/2...
          • rw_grim 6 months ago
            Just an update that we missed some bugs that were affecting new users so we've released 2.90.1 which fixes them. The linked posted has been updated with this information as well.
            • anthk 6 months ago
              >Started using SQLite for storing complex data like conversation history.

              Faster, for sure, but grep on logs it's easier.

              • rw_grim 6 months ago
                This is about complex data and accessing it later for display and search in the application. There is a command line tool we're putting together to make searching from the command line possible though.