Hi. I’ve had success with dino from backports. I can sign in, add contacts and have conversations. OMEMO works with other dino im users, but the people on Gajim cannot exchange keys with dino. Apps have nuances in how they implement OMEMO and it’s causing breakage across the ecosystem.
Can’t post links.
Google the article OMEMO is broken in general across the ecosystem on monal’s blog.
There aren’t any OMEMO clients on MacOS or iOS that are bug free and easy to use. Some servers like jabber de have a web chat feature with OMEMO running in a browser.
at this point, if it’s an instant messenger that works without hassle, even if it is limited to people using the same damn client software, i’m cool with it. instant message client’s have been the bane of my existence when it’s come to having timely complete documentation.
This fits the bill perfectly at last. It’s embarrassing that we have a libre kernel and entire FOSS stacks on top of it and yet a secure IM with offline messaging has taken this long to happen.
we were talking about blocker bugs , bugs which make the app useless over whonix/tor. Unless they fix these bugs the app is just extra space inside whonix.
#115 , #666 , and it wont connect inside whonix as i reported before.
doesnt encrypt messages by default: #884 (the developer so naive to the level he doesnt differentiate between by default enabled encryption and manually enabled encryption)
by this case why are we arguing against gajim if dino has same if not more shitty architecture?
Dino IM has serious privacy issues. I think the first point is fundamental for most Whonix users.
1) It was written that Dino prohibits to disable or purge history. I tried to use another Jabber-client on the same JID for the sensitive chats. And I tried to boot from an old snapshot which made before sensitive messages. But Dino downloads the missed history and tricks it into logs anew. I tested this on PGP chat. And I received most of the history I didn’t want to keep.
All stored history is not encrypted. Physical or remote access allows to get the every chat for all time. You cannot delete no one message. Everything you write is forever in Dino.
2) Open user info. Everyone can see the record “Using Dino” and the name resourse like “dino.535nshGJ”. It identifies that you are not Windows user. It reduces privacy. And it can help to choose an attack vector using Dino vulnerabilities. There are no plugins or settings to hide this data.
3) Modifying hostname and port configuration not fixed since 3 years.
4) I did not find the option to cancel/disable file transfer. For example you and I use Dino. I can send you file even you do not want it.
Dino IM is good project but not for Whonix. Editing of messages, convenient management of PGP/OMEMO, history synchronization between devices, temporary keys. It’s very nice. But it’s provided through the reduced privacy and security.
All issues from my last message are at Github tickets for a long time. Developers are not ready to change something.
Opt-in chat logs and encrypted in case selected - They will add the functionality to make this possible though not a default.
Scrub client user-agent - Even if they randomize it, it will stand out because no one does this and the client can still be enumerated by the announced featureset to a server.
Pretty reasonable explanations to me. I’d prefer you joining the conversation on Github instead of me being postman, but I am still happy to hear feedback from you to follow up with suggestions or better ideas on how to improve these problems.
Aren’t these XMPP features though? These all depend on the server supported functionality IIRC. These are enabled almost by every service out there and you have no control over them unless you’re hosting your own infrastructure.
The final list based on Dino’s answers. There are new issues.
Dino prohibits Onion servers and manual configuration of hostname and port. This issue has been discussed for several years (#115). Users asked to allow these settings. The developers refuse.
Dino does not allow to disable the download / decryption of old history.
GPG. Dino downloads, fully decrypts and saves the entire GPG-history from the server every time when Dino starts. Most public jabber servers stores history from a week to a month.
OMEMO. Dino downloads both OMEMO and GPG chats. Messages, time, senders, recepients are visible in OMEMO logs. But OMEMO texts cannot be read.
Gajim and others provides an option to disable history downloading. The developers of Dino do not want to make this option (#953).
Let’s say you are running Dino from secured and cleared Whonix snapshots with zero history. This makes correct OMEMO encryption impossible. If you use OMEMO chat, you cannot run Dino many times from one Workstation snapshot. You are obliged to save all changes and all received files, even if the file contains a trojan. Or you cannot use OMEMO chat (#977). This is not a Dino bug but a security feature of OMEMO. But this feature creates a very big issue with Dino because of point 4 and point 5.
Dino saves chat logs to disk. There is no log encryption. It’s impossible to disable saving. Returning to a snapshot with a clean history is not decision (point 3). Users have been asking to disable logs during for three years (#67). The developers informed (#953) that they may disable logging in the future. It is not yet clear when and how the log management will be changed.
Dino does not allow you to disable or stop receiving files. Dino receives and saves to disk any file sent to the user. Returning to the previous snapshot causes a crash in the entire OMEMO-chat (point 3). The developers have included canceling file transfers to the wishlist (#955).
The developers refused to make the option to hide or show system time, hide or show or spoof OS and client name. The reasons are described in the discussion (#954).
I suppose points 1, 3, 4, 5 will be critical for most Whonix users. Point 2 is very serious for some. The developers are not ready to change anything in points 1, 2, 3, 6. This should be understood by every Whonix user.
@nurmagoz do you have experience using dino-im with the JMP service?
I would like to know whether the bullseye-backports package (dino-im version 0.2.0) supports voice calls? Alternatively, if not, does gajim currently support these features in Whonix per the Wiki instructions?
I know that I can connect to XMPP with dino-im (non-HS, but over Tor). I do not know this with respect to gajim. If I recall correctly, there were problems with its connecting over Tor.