[Gajim-devel] Anonymous mode

Yann Leboulanger asterix at lagaule.org
Mon Sep 19 15:50:25 CEST 2016 

Please anwer to the ML.


Le 19/09/2016 à 15:37, growl at airmail.cc a écrit :
> On 2016-09-19 12:45, Yann Leboulanger wrote:
>> You are considered as SPAM because your IP is blacklisted:
>>
>> IP XX.XX.XX.XX blacklisted by list.blogspambl.com [2], all.s5h.net
>> [2], dnsbl.tornevall.org [163]
>
> It is 2016, you really do not need to blacklist IPs, there are other 
> options to fight spam - at least captchas (which is already 
> implemented) and manual verification.

I think I have a bit more experience than you on the spam on this 
tracker. I'd love to remove all that anti-spam things that makes me 
loose a lot of time because of stupid guys, really !

> 1/ Yes, for your contacts to know which feature your client support,
>> we send the identity of the client. see XEP-0115 [0].
>
> Would the consequences of turning this "features sending" off be 
> harmful for conversations?

Yes. see 4/

>
>> 3/ I don't really understand what you mean. Log encrypted messages is
>> used by Gajim to locally log (write to db) your chat when it is
>> encrypted by GPG or E2E.
>
> I meant that I turned it off and then after some time it shows as on. 
> Considering other thing that happened when ft_send_local_ips 
> selectively being turned on, I found it strange. Like maybe some other 
> options or actions turn this options on?

Nothing turns on this option on except advanced configuration editor. It 
is on by default when you create a new account. And it's not linked at 
all with the ft_Send_local_ip option.

>
>> So your paranoid mode also means a client with very few features
>
> I think it would be the core features everybody who prefer more 
> privacy wants, like messaging, encryption, offline sending, maybe file 
> transfer. Would "paranoid mode" break those things?

Yes it would. Gajim don't allow you to send a file to a contact if it 
doesn't support it. And use only the FT protocols that are supported by 
your contact's client (there are several). So not announcing we support 
that means no FT at all. Same thing for encryption and many many other 
things.

>
>> Gajim also asks for a few things to
>> server on connection to know if it support some features, and just
>> asking that in the particular order Gajim asks is enough for the
>> server to know you use Gajim.
>
> Well, first great step would be if just other clients, not server, get 
> no more information than needed.
>

Once again, Gajim build stanza in a certain order, send errors in some 
format, etc. So I'm quite sure it's not hard to identify Gajim with just 
sending a few stanza and see how it replies.

More information about the Gajim-devel mailing list