Gajim Messenger

Indeed. I wasn’t trying to argue otherwise. My reasoning is, if we can’t convince/stop people from doing this usecase then we could try and figure the least damaging way possible to enable it while mitigating TransPort leaks caused by unsupported apps.

PS. Second reply to my TPO discussion. Don’t know if it changes anything.

1 Like

Apparently there are per account proxy settings but also an overriding global proxy setting with other subsettings which I shared before. This is confirmed in the config file:

global_proxy=Tor

OK Cool. I didn’t know you could do that. I thought we had to put up with bad consequences for the network if people install torrent clients as a compromise to get Gajim safely isolated.

File sharing (emule style) / torrent doesn’t get better/worse by using
SocksPort vs HttpPort vs TransPort.

Only if we would be using TransPort IsolateDestAddr (which we don’t and
ought not to) then it would make sense to preinstall a torrent client
preconfigured to use a SocksPort without IsolateDestAddr.

Well, there would be a very small harm reduction for torrent users by
installing it by default and configuring it for stream isolation. Then
torrent users would not pollute their TransPort with it. But that would
come at the expense of higher Tor network torrent traffic if we
encourage torrenting by preinstalling one.

Tor is NOT made for torrent. Thats what i always read through the maintainers replies/wikis…etc.

Doesn’t work. I started with that config.

Go to options → advance. Global proxy is still set to none.

OK try adding:

global_proxy = Tor

to the config by itself and see if its enough

1 Like

The global proxy will be set to Tor. But if you go for “add existing account”, then look under connection, it still defaults to Proxy none. Or if you go to new account and then click advanced the Proxy setting will also be set to none.

OK I now see what you describe but is the global setting verified to be overriding this? (during Gajim’s operation)

@Patrick Please tell me how I can verify if that’s the case.

HulaHoop:

@Patrick Please tell me how I can verify if that’s the case.

Glad you’re asking! :slight_smile:

Set the global proxy settings to a dysfunctional proxy.

If connection is still functional, it’s clearly using something else.

Disable transparent proxying.

( As per

If it stops working after disabling transparent proxying, it requires transparent proxying, i.e. is ignoring the socks proxy settings.

1 Like

When creating an account set to proxy none it will not connect if either transparent TCP or DNS are disabled regardless of global proxy setting set to Tor.

1 Like

Which means that the global proxy settings are disregarded, i.e. in our case stream isolation broken.

1 Like

@patrick. gajim’s “tor” setting defaults to “localhost:9050.” shouldn’t this be set to “10.152.152.10:9152?” since tor messenger is discontinued, that already set port is usable.

btw, i’m running into perhaps a weird bug where various global preferences get reset for privacy upon either the creation of a new xmpp account or deletion of one. trying to isolate it further. i was leaning towards coyim for the guide i work on. but, the current inability to block events/messages from users that are not on a user’s contact list by default is making me reconsider. gajim has this functionality and the omemo support is tempting.

Gajim has problems that are being working around such as no stream isolation. Asynchronous messaging is just a basic requirement in this day and age so Gajim’s OMEMO support makes the hassle worth it.

@hulahoop. i believe stream isolation is there. it simply requires a per account setting, rather than a global setting. i pointed the global proxy to tor. i created individual accounts and pointed them to the tor proxy. i configured the tor proxy to use 10.152.152.10:9152. transparent tcp and dns were disabled for the workstation on the gateway. it worked fine. am i missing something?

We don’t ship gajim nor a gajim cofig file by default yet. Help welcome. If we were to ship a gajim config file by default and as long as Use different socks user name per account (Tor) (#9213) · Issues · gajim / gajim · GitLab doesn’t get implemented, using that port would be better indeed.

Per account socks user name (which reuslts in stream isolation due to Tor’s IsolateSOCKSAuth is recommended here: Instant Messenger Chat In that case localhost vs gateway IP is not so important due to anon-ws-disable-stacked-tor.

For manual configuration that should be ok. If you want to test more, disable the separate SocksPorts in Tor config also. If that account no longer works, there is a pretty good chance that things are alright indeed.
Feel free to enhance Instant Messenger Chat.

Btw Dev/Gajim - Whonix

i’m now leaning towards using gajim for the instant messenger chapter in my own guide. so, when i wrap that up, if there’s anything useful to add to the wiki for gajim, i’ll do that. thank you, @patrick.

1 Like

i’ve come up against a rather annoying bug in gajim at the moment. can anyone else give it a test to see if they can reproduce? i’ve disabled all of the logging options. however, when in an omemo encrypted chat, a hover over the shield icon states “your chat session will be logged.” however, from what i can tell, it does not actually appear to be logging the chat.

That was one of the problems IIRC. Instead of inheriting the global setting choice of Tor as proxy, the new accounts are oblivious to this and use the Transport by default. There is no way to configure all new accounts to be Tor aware.

1 Like