Hi, I have a question.
I have heard from some that using ICQ is “unsafe”. And by default on whonix, pidgin does not list the icq protocol as it’s consider unsafe. Why is it unsafe?
I don’t use regular ICQ of course; I use pidgin to connect on whonix through tor. Why is this considered unsafe? I am not worried so much as in a privacy sense, but as anonymity. People/ governments looking in on my conversations is not a concern of mine, only that they do not know the origin/ my ip address.
To me it doesn’t seem too unsafe for my uses. Anything I may be missing about it?
Good question.
Not just about ICQ, but any non-free protocol…
- Sometimes no or bad account security. Settings such as ‘default: don’t use encryption’, ‘default: use encryption if available’ or not supporting encryption at all.
- Encourages use of original, proprietary client by user and/or recipient.
- Intention to privacy violation with announcement by terms of agreement.
- Centralized, all trust [not to try to exploit] in one server that is governed by people who are blunt about not being trustworthy.
- Short maximum message lengths that resulted in OTR developers choosing weaker key lengths than we could otherwise computationally use for better security. These protocols must die.
- Protocol needed to be reverse engineered.
- Includes fancy (protocol) features or fancy (protocol or messenger) features may be added.
- These protocols are of no use. Why bother with them.
- Too many protocols to research, audit, support. Better to have anonymity/privacy/security focused distributions concentrate on open, useful alternatives.