dino-im messenger

Hi. I’ve had success with dino from backports. I can sign in, add contacts and have conversations. OMEMO works with other dino im users, but the people on Gajim cannot exchange keys with dino. Apps have nuances in how they implement OMEMO and it’s causing breakage across the ecosystem.

Can’t post links.

Google the article OMEMO is broken in general across the ecosystem on monal’s blog.

There aren’t any OMEMO clients on MacOS or iOS that are bug free and easy to use. Some servers like jabber de have a web chat feature with OMEMO running in a browser.

1 Like

Thanks for the report. I will update the docs and see if upstream can get its act together.

Tasks remaining:

A default install won’t happen before Debian Bullseye at the earliest since we don’t carry backports.

  • Consider if worth documenting in the mean time

  • File report about OMEMO incompatibility upstream. EDIT: Already noted and being worked on

  • See what needs to be done to support isolated streams. EDIT: No longer a blocker according to the Default App Support policy

  • Asked where keys are stored for documenting backup/restore purposes: https://github.com/dino/dino/issues/850

1 Like


  • Dino IM is the best option currently. It provides the best UX, a modern and clean look and OMEMO support.


It’s planned for inclusion by default in Whonix 16.

Should be installed in #milestone_whonix_16 by default?

(If it doesn’t have a milestone on phabricator or discourse forums, it will potentially be forgotten by that time.)

1 Like


OK saw that. Adding tags is available when editing the topic title.

1 Like

at this point, if it’s an instant messenger that works without hassle, even if it is limited to people using the same damn client software, i’m cool with it. instant message client’s have been the bane of my existence when it’s come to having timely complete documentation.

1 Like

This fits the bill perfectly at last. It’s embarrassing that we have a libre kernel and entire FOSS stacks on top of it and yet a secure IM with offline messaging has taken this long to happen.

we were talking about blocker bugs , bugs which make the app useless over whonix/tor. Unless they fix these bugs the app is just extra space inside whonix.

#115 , #666 , and it wont connect inside whonix as i reported before.

doesnt encrypt messages by default: #884 (the developer so naive to the level he doesnt differentiate between by default enabled encryption and manually enabled encryption)

by this case why are we arguing against gajim if dino has same if not more shitty architecture?

Fixed in buster-backports?

Can ship a settings file by default in Whonix which enables dino encryption by default?

Fixed in buster-backports?

nope , according to my testing above.

Can ship a settings file by default in Whonix which enables dino
encryption by default?

I dont know

Patrick_mobile via Whonix Forum:

According to recent wiki changes by HulaHoop I assume buster-backports
version can connect now.

1 Like

Dino IM has serious privacy issues. I think the first point is fundamental for most Whonix users.

1) It was written that Dino prohibits to disable or purge history. I tried to use another Jabber-client on the same JID for the sensitive chats. And I tried to boot from an old snapshot which made before sensitive messages. But Dino downloads the missed history and tricks it into logs anew. I tested this on PGP chat. And I received most of the history I didn’t want to keep.

All stored history is not encrypted. Physical or remote access allows to get the every chat for all time. You cannot delete no one message. Everything you write is forever in Dino.

2) Open user info. Everyone can see the record “Using Dino” and the name resourse like “dino.535nshGJ”. It identifies that you are not Windows user. It reduces privacy. And it can help to choose an attack vector using Dino vulnerabilities. There are no plugins or settings to hide this data.

3) Modifying hostname and port configuration not fixed since 3 years.


Thanks for your feedback. I will open tickets with these on their bugtracker and see their response.


1 Like

4) I did not find the option to cancel/disable file transfer. For example you and I use Dino. I can send you file even you do not want it.

Dino IM is good project but not for Whonix. Editing of messages, convenient management of PGP/OMEMO, history synchronization between devices, temporary keys. It’s very nice. But it’s provided through the reduced privacy and security.

All issues from my last message are at Github tickets for a long time. Developers are not ready to change something.

1 Like


Opt-in chat logs and encrypted in case selected - They will add the functionality to make this possible though not a default.

Scrub client user-agent - Even if they randomize it, it will stand out because no one does this and the client can still be enumerated by the announced featureset to a server.

Pretty reasonable explanations to me. I’d prefer you joining the conversation on Github instead of me being postman, but I am still happy to hear feedback from you to follow up with suggestions or better ideas on how to improve these problems.

Aren’t these XMPP features though? These all depend on the server supported functionality IIRC. These are enabled almost by every service out there and you have no control over them unless you’re hosting your own infrastructure.

1 Like
1 Like

I answered on Gihub. Here is the most important point: https://github.com/dino/dino/issues/953#issuecomment-758370508

Edit by Patrick:
fix link

1 Like

The final list based on Dino’s answers. There are new issues.

  1. Dino prohibits Onion servers and manual configuration of hostname and port. This issue has been discussed for several years (#115). Users asked to allow these settings. The developers refuse.

  2. Dino does not allow to disable the download / decryption of old history.

GPG. Dino downloads, fully decrypts and saves the entire GPG-history from the server every time when Dino starts. Most public jabber servers stores history from a week to a month.

OMEMO. Dino downloads both OMEMO and GPG chats. Messages, time, senders, recepients are visible in OMEMO logs. But OMEMO texts cannot be read.

Gajim and others provides an option to disable history downloading. The developers of Dino do not want to make this option (#953).

  1. Let’s say you are running Dino from secured and cleared Whonix snapshots with zero history. This makes correct OMEMO encryption impossible. If you use OMEMO chat, you cannot run Dino many times from one Workstation snapshot. You are obliged to save all changes and all received files, even if the file contains a trojan. Or you cannot use OMEMO chat (#977). This is not a Dino bug but a security feature of OMEMO. But this feature creates a very big issue with Dino because of point 4 and point 5.

  2. Dino saves chat logs to disk. There is no log encryption. It’s impossible to disable saving. Returning to a snapshot with a clean history is not decision (point 3). Users have been asking to disable logs during for three years (#67). The developers informed (#953) that they may disable logging in the future. It is not yet clear when and how the log management will be changed.

  3. Dino does not allow you to disable or stop receiving files. Dino receives and saves to disk any file sent to the user. Returning to the previous snapshot causes a crash in the entire OMEMO-chat (point 3). The developers have included canceling file transfers to the wishlist (#955).

  4. The developers refused to make the option to hide or show system time, hide or show or spoof OS and client name. The reasons are described in the discussion (#954).

I suppose points 1, 3, 4, 5 will be critical for most Whonix users. Point 2 is very serious for some. The developers are not ready to change anything in points 1, 2, 3, 6. This should be understood by every Whonix user.


@TNT_BOM_BOM do you have experience using dino-im with the JMP service?

I would like to know whether the bullseye-backports package (dino-im version 0.2.0) supports voice calls? Alternatively, if not, does gajim currently support these features in Whonix per the Wiki instructions?

I know that I can connect to XMPP with dino-im (non-HS, but over Tor). I do not know this with respect to gajim. If I recall correctly, there were problems with its connecting over Tor.

I dont know the answers to your questions because i havent tried, But you can easily solve your questions by just trying that and see the outcome.

Any VOIP over Tor wont work properly because Tor is TCP only and afaik VOIP need UDP capabilities.

Concerns brought up earlier in this thread aside, I think dino-im is the only viable, realistic and easy to use option users have today.

You mean 0.3? Yes the software supports VoIP via P2P connections. No it cannot work over Tor as it uses UDP.

Gajim VoIP probably does not work over Tor either and lacks encryption AFAICT from a recent blog.

Wahay is your only Tor compatible audio only option.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]