To put this in perspective, only video chat is more popular at 57%.
Pidgin already has plugin support for encrypted messages. However, it helps if all your buddies have it installed too.
Thus, I asked the developers what they thought of installing encryption by default. Here's what we agreed on:
- OTR (Off The Record): OTR is the most secure encryption protocol available for Pidgin, and is already a default for Adium users. While promising, it has some usability bugs that need work. Ian Goldberg, the professor who created OTR, told me he would love to have people contribute patches.
- Pidgin Encryption: Pidgin Encryption has no private method of key exchange and verification, which can create a false sense of security.
- Pidgin Paranoia: Pidgin Paranoia uses a form of encryption that is strong on paper, but in practice is vulnerable to attacks.
- XMPP/PGP: XMPP/PGP isn't as secure as OTR, but is a published protocol standard. The developers will welcome a well written patch for this.
Long story short, we won't be including encryption in Pidgin despite how popular it is. Sorry. This may be reconsidered when improvements have been to the plugins.
I hope this gives some good insight into decisions that are being made. Feel free to ask if you want more clarification on what I wrote here.
Posts
21 comments:
I don't want to be a troll or anything and really enjoy Pidgin as it is (even the file-transfer, which for long was a problematic feature, has worked in a stable manner for years), but until now you only enumerated you won't do.
But this begs the question: what will you do? From what I understand your main objection to most of the things is that it isn't the "core competency" of Pidgin. But have you considered that maybe the current core of Pidgin has been worked to perfection and now it may be time to reach out and incorporate other things (like encryption)?
Best regards
I think people would like to hear on what you will do instead of what you will not do.
I get the idea you people don't bother anymore to make Pidgin an interesting client. In our orwellian times encryption is a key feature for every instant messenger application. If you continue this way Pidgin will become even more boring. Didn't you already lose the support of the Gnome-Project who chose another client as the standard IM-application for their windowmanager? Please reconsider you decision, I would hate it to switch to a new program.
I wanted to make it clear that the survey results aren't vanishing into a void.
Unlike other issues, I made sure there was an actual debate and code was tested.
Ultimately we prefer OTR, but OTR has problems- problems we don't have the skills to solve.
I was easily able to make it go into an infinite loop and nearly kill Pidgin. It'll take a research project and PhDs to fix the problem. (Sadly, none of the current devs have a PhD in security).
If you want to see encryption included by default, please help the OTR creator. He indicated to me that he wants to see the problems fixed.
I'm working on things to help promote plugins like OTR more, but they simply won't be installed by default.
Ben, the Gnome Project switch was completely different and isn't related at all to a lack of features.
I'm sorry, but I disagree with your logic. If you included OTR by default (but not enabled), it would be available to more people (and more easily) without frustrating/annoying the less experienced users. Plus, there would be that many more people to potentially submit bug-fixes.
Casey:
What specific issues need to be addressed before OTR can be included with Pidgin?
Did you file a bug report with OTR about your complex bug? Hopefully this is reproduceable so the OTR community can attempt to track it down.
Andrew,
I agree with the sentiment that increased exposure will lead to more contributions.
That said, what if I phrased it this way: You want to include a new program in your software package, but it has a flaw that can crash+disable Pidgin. The probability of the flaw occurring goes up significantly if it is installed on more computers. You know people will be very frustrated by it. You do not have the ability to fix that flaw.
The last point is the most important one. Do you still include it?
meppilydoo,
The flaws occur when someone is signed onto more than two computers at once (say on a desktop and laptop).
Assume Alice is sending a message to Bob, but Bob is logged onto two computers at once. Alice's computer doesn't realize it's talking to two computers, and Bob's computers don't realize that there are multiple Bobs. Encryption requires a "handshake" between two computers to confirm who to talk to. Problem is, there are more than two computers.
At this point, Pidgin OTR throws a fit and sometimes crashes.
1) Is there a way to detect if Alice is talking to more than one Bob
2) Is there a way to tell Bob that there are two of them
3) Once Alice knows that there are two Bobs, how does Alice choose which one to talk to? Can this be done automatically? (very hard).
I actually spoke with the OTR creator about this, and it's a known issue. They've been working on it for at least four months now, with no ETA on when it will be completed.
Assuming this can be fixed, OTR stands a very good chance of being included.
(Also, this is the hyper simplified version. Let me know if you want a more technical explanation.)
Casey:
I have an AIM buddy who frequently signs on from two locations, both using OTR. I have seen this endless loop firsthand but have not experienced any crashes. However, I do not doubt it could lead to a crash.
As a quick solution for this OTR scenario, you could code Pidgin to give up on using OTR and tell all of Alice's and Bob's clients that "Multiple clients are authenticated to the network using the same name. For this reason, OTR has been forcefully disabled for this chat session. If you wish to restore OTR, ensure that only one client is connected to the network per username." While this is not ideal because conversations will no longer be encrypted, it would at least provide some fallback measure to alleviate any crashes.
Hopefully this simple solution will facilitate getting OTR into the Pidgin distribution by default.
cdman83,
There are many things we will do with Pidgin still, and we don't consider the core of Pidgin to be done or perfect by any stretch of the imagination. There are a lot of bugs to fix and features we still want to include. There's a collection of bits of unreleased code in various states of development, including the most called for feature, Voice and Video chat, which we hope to bring together as soon as they're working well and ready for general consumption.
We always want to focus on making sure Pidgin can be extended through plugins as easily as possible so that gaps can be filled where people see needs even if we don't consider the particular features appropriate for direct inclusion, or don't have the capacity or expertise to maintain them.
Certainly anything to make plugin distribution and installation more streamlined is a welcome change, but it's not really reasonable for us to ship every plugin that anyone might ever use to avoid inconveniencing someone. It's preferable to lessen the inconvenience and make use of plugins more prominent so people recognize that there are more options beyond what we give them to start off with.
meppilly,
That's something that we'll be happy to consider if OTR doesn't manage to release soon. For now, we're going to see what we can do to help the OTR team.
"Long story short, we won't be including encryption in Pidgin despite how popular it is. Sorry"
CIA and FBI hails you!
Hello, as for me the problem is not to include OTR pluging or not. I successfully installed it with package system. The problem is that OTR plugin works only with other pidgin. And none of my buddies use pidgin. But I want to talk securely with miranda buddy, qip buddy etc despite, what type of encryption they use. Even psi use XMPP encryption standart with PGP. So what is the profit from OTR?
OTR is not only used by Pidgin. Many clients support it, including (but not limited to):
- Adium (OSX)
- Trillian
- Miranda (http://addons.miranda-im.org/details.php?action=viewfile&id=2644)
- psi (http://public.tfh-berlin.de/~s30935/)
- comand-line clients like bitlbee (using irssi-otr)
OTR is the most popular way to have encrypted chat sessions across different clients and it is the most secure. It is for these reasons why it should be the first one considered for inclusion, by default, with Pidgin.
Adium - agree, work from the box
trillian - have no buddies with this IM client. it also have secureim.
miranda - OTR thread is full of bug complains. But may be I should test this plugin to be more certain. It looks like, SecureIM is more popular..
QIP - is very popular today... and uses pgp.
psi - from you link:
"For using the plugin, you need the plugin itself and a patched version of Psi. Basically, Psi has no plugin support."
Should I ask my friends to patch psi?
ok. it seems it works at list with miranda. thanks.
@ Lyoubov :
Also, OTR offers proxies for AOL and ICQ.
So if you have buddies using AOL, and using client that don't feature support for OTR (like AIM - AOL's official client), they can still benefit from OTR's encryption, by installing the proxy and connecting to the proxy, instead of connecting to the official AOL server.
This is old news (August 3 2008), but as of KDE 4.1, Kopete is now including OTR by default without the need to install it as a third party plugin.
http://kopete.kde.org/news.php#itemKopete05080releasedwithKDE410
Post a Comment