[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Why is ICQ considered unsafe through tor?

#1

Hi, I have a question.
I have heard from some that using ICQ is “unsafe”. And by default on whonix, pidgin does not list the icq protocol as it’s consider unsafe. Why is it unsafe?

I don’t use regular ICQ of course; I use pidgin to connect on whonix through tor. Why is this considered unsafe? I am not worried so much as in a privacy sense, but as anonymity. People/ governments looking in on my conversations is not a concern of mine, only that they do not know the origin/ my ip address.

To me it doesn’t seem too unsafe for my uses. Anything I may be missing about it?

#2

Good question.

Not just about ICQ, but any non-free protocol…

  • Sometimes no or bad account security. Settings such as ‘default: don’t use encryption’, ‘default: use encryption if available’ or not supporting encryption at all.
  • Encourages use of original, proprietary client by user and/or recipient.
  • Intention to privacy violation with announcement by terms of agreement.
  • Centralized, all trust [not to try to exploit] in one server that is governed by people who are blunt about not being trustworthy.
  • Short maximum message lengths that resulted in OTR developers choosing weaker key lengths than we could otherwise computationally use for better security. These protocols must die.
  • Protocol needed to be reverse engineered.
  • Includes fancy (protocol) features or fancy (protocol or messenger) features may be added.
  • These protocols are of no use. Why bother with them.
  • Too many protocols to research, audit, support. Better to have anonymity/privacy/security focused distributions concentrate on open, useful alternatives.