Using Pidgin/OTR to transfer data


My first post here. I am enjoying Whonix immensely.

I know that by design it’s made difficult to transfer data in and out of Whonix.

I was just wondering whether there are any problems with a work-around like this (I have read the post on Pidgin and Tor by adrelanos on March 09).

If I download Pidgin + OTR in Whonix, and set up an XMPP address there, making sure to set OTR as mandatory, then I could use Pidgin + OTR outside Whonix (Same domain on both side, probably) to send private messages to and fro. And even perhaps transfer data files.

Would this be secure? Anyone think of any flaws to this? Thanks for the help!

Much slower transfer rates.

Exploitation of XMPP client running on the host by an adversary that controls the Whonix Workstation. The amount of Remote code execution advisories for Pidgin should make you rethink that approach.

Thanks. I’ve tried to understand the ISO-images suggestion at Whonix-File Transfer, but it doesn’t seem very intuitive (or easy!).

I do understand that separation, for the sake of security, comes first. But are there any other ways forward here? Shared clipboard: bad, obviously. Shared USB: not good either. Not being able to transfer data tends to militate against the use of complex passwords, for the few sites I want (anonymously) to log into.

XMPP to the host, I don’t know, connecting to yourself through Tor, no idea if that is such as good idea.

There is indeed no great solution for file transfer.