en:howto:jabber:pidgin
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Next revisionBoth sides next revision | ||
howto:jabber_eng [2015/06/16 11:34] – [c.) Tab: PROXY:] casper | en:howto:jabber:pidgin [2022/11/29 19:31] – gelöscht - Externe Bearbeitung (Unknown date) 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Instructions for using Jabber with Systemli on Pidgin ====== | ||
- | |||
- | ===== 1.) Why use Jabber via the Systemli server? ===== | ||
- | |||
- | ==== a) Encryption: ==== | ||
- | |||
- | The Jabber-server of Systemli is maintained by a techie-collective belonging to the radical political left. The server itself is encrypted. Connections to the Jabber-server of Systemli are only possible with SSL-encryption. This means that your Jabber-conversations with other Systemli users (address ending in | ||
- | ...@jabber.systemli.org) is completely encrypted through SSL. This equates the encryption standard of online-banking and is said to be safe. There are also other Jabber-servers: | ||
- | Computer Club can be recommended as well as long as the SSL-encryption is enabled. | ||
- | (Advice: if you don't completely trust SSL (and/or the Systemli-peeps) and you wish additional encryption: use Off-the-record-encryption (OTR) or GPG additional to SSL: [[https:// | ||
- | |||
- | |||
- | ==== b.) Against surveillance: | ||
- | |||
- | Whoever tries to watch you can find out what times you go online | ||
- | encrypted with systemli.org. They can also see who else is doing this | ||
- | and when. They can monitor your encrypted traffic and make out if you | ||
- | use it more frequently at certain times. | ||
- | But they can't see who you are communicating with or about what. | ||
- | This results in very minor findings during a surveillance. (When using | ||
- | pgp-encrypted e-mails the findings are more interesting as they can | ||
- | see who you are talking to!) | ||
- | (Advice: if you don't want anyone to be able to find out when you are | ||
- | connecting to systemli.org and how much traffic you have, use the | ||
- | additional tool called TOR (see further down) to anonymise your | ||
- | conversations). | ||
- | |||
- | ===== 2.) Download Pidgin: ===== | ||
- | |||
- | http:// | ||
- | your corresponding operating system. (With Linux you can just use the | ||
- | general software download pool) | ||
- | |||
- | ===== 3.) Checking the download: ===== | ||
- | If you're techno-savvy enough you should | ||
- | check if you really downloaded the right software (when using Linux | ||
- | this is not necessary). If you're not.... pray to Bakunin that the | ||
- | cops or other fuckwits didn't just send you a fake Pidgin that turns | ||
- | out to be a ' | ||
- | |||
- | ===== 4.) Install Pidgin ===== | ||
- | |||
- | Install Pidgin as your operating system demands it. | ||
- | |||
- | ===== 5.) Set up account on server: ===== | ||
- | Visit [[https:// | ||
- | |||
- | ===== 5.) Start Pidgin, set up account: ===== | ||
- | |||
- | ==== a) Tab: Basic: ==== | ||
- | |||
- | Protocol: XMPP | ||
- | User: choose a name | ||
- | that is random enough so you can't be identified through it Resource: | ||
- | leave that one blank (this is important as it could reveal information | ||
- | about your computer) | ||
- | Domain: jabber.systemli.org | ||
- | Password: insert your | ||
- | password here (special characters, numbers, upper and lower case; at | ||
- | least 12 digits long; don't use it for anything else). DON'T tick the | ||
- | box 'save password' | ||
- | computer is completely encrypted). | ||
- | Rest: leave blank | ||
- | |||
- | Tick box: ' | ||
- | |||
- | {{: | ||
- | |||
- | |||
- | ==== b.) Tab: Advanced: ==== | ||
- | |||
- | DON'T tick box: 'Allow plaintext auth over unencrypted streams' | ||
- | |||
- | Connect port: 5222 Connect | ||
- | server: leave blank [in case you use TOR you should insert the | ||
- | IP-address of the jabber server here (Command: tor-resolve | ||
- | jabber.systemli.org) In Windows you can find tor-resolve under | ||
- | %PROGRAMFILES%\Vidalia Bundle\Tor\] File transfer proxies: there is | ||
- | something pre-chosen, make it empty | ||
- | <note warning> | ||
- | BOSH URL: leave blank Show Custom Smilys: why not, | ||
- | |||
- | {{: | ||
- | |||
- | |||
- | ==== c.) Tab: PROXY: ==== | ||
- | If you don't use TOR, you can leave this as it is. If | ||
- | you would like to use TOR, you firstly have to get it up and running: | ||
- | https:// | ||
- | * Proxy type: SOCKS 5 | ||
- | * Host: 127.0.01 | ||
- | * Port: 9050 (if you're using Tor standalone), | ||
- | * Rest: leave blank | ||
- | press ' | ||
- | |||
- | {{: | ||
- | |||
- | < | ||
- | |||
- | < | ||
- | |||
- | If you lost the connection to the jabberserver after it, you set up tor and pidgin correct. Now you can start tor again and login to you jabberaccount: | ||
- | |||
- | < | ||
- | </ | ||
- | |||
- | ===== 6.) Adjustments ===== | ||
- | |||
- | This is very important to do it right! If you got | ||
- | something wrong in the earlier steps, your jabber is quite likely to | ||
- | just not work. But if you make a mistake now, jabber works but you | ||
- | endanger you and other users! | ||
- | |||
- | ==== a.) Disable Logging ==== | ||
- | Logging Tools → Preferences → Logging YOU HAVE TO TURN OFF ALL LOGGING!!! Make sure that non of the | ||
- | ' | ||
- | the first chat! Afterwards you can 'go online' | ||
- | |||
- | {{: | ||
- | |||
- | |||
- | ==== b.) Test SSL certificate ==== | ||
- | Now you get a message about a the SSL | ||
- | certificate. Look at the fingerprint before your first chat! Compare | ||
- | the SHA-1 fingerprint with the one you can see on | ||
- | https:// | ||
- | click on ' | ||
- | it can't validate the fingerprint, | ||
- | have just done that yourself. The fingerprint expires at some point | ||
- | and a new one will be issued, which you can find under | ||
- | https:// | ||
- | notified before the certificate is renewed. At all times you can view | ||
- | the fingerprint of your account at: tools → certificate → info, to | ||
- | compare it with the ones displayed on the website. In case you are | ||
- | notified about a changing certificate and you can't find any hint on | ||
- | the Systemli website, please let us know immediately | ||
- | (mailto: | ||
- | |||
- | {{: | ||
- | |||
- | |||
- | ===== 7.) OTR ===== | ||
- | |||
- | To be able to encrypt your messages, download OTR (off-the-record-messaging) from this page: www.cypherpunks.ca/ | ||
- | plugin ' | ||
- | |||
- | ===== 8.) Looking for your chat partners ===== | ||
- | |||
- | When you are online, you can add buddies to your list with ' | ||
- | added, you get a message asking you to confirm that buddy. To start a | ||
- | chat, double-click on the buddy. If the one you want to talk to is not | ||
- | online, you can leave a message that they will receive when they go | ||
- | online. Once the messages have been delivered, they are not on the | ||
- | Systemli server anymore. Because no-one uses logging (hopefully), | ||
- | messages are gone after you have logged off from Pidgin. The one thing | ||
- | that remains on your computer though is the list of your buddies. If | ||
- | your computer is not completely encrypted and it gets confiscated/ | ||
- | stolen, who ever did it can access the buddy-list (including all of | ||
- | the infos your buddies have attached to their online appearance, and | ||
- | also anything you have renamed their nicks!). Therefore, please | ||
- | consider the following point! | ||
- | |||
- | ===== 9.) Don't do anything stupid! ===== | ||
- | |||
- | * If there is some kind of emergency and you need to use jabber via a browser, use: | ||
- | https:// | ||
- | imo.im etc.). | ||
- | * °Take care that no-one can access your computer while you are logged in to jabber and log out once you leave the house/ | ||
- | * Don't save your password on your non encrypted computer or on the computer of someone else. ° Don't change the nicks of your buddies into their real names and also don't give any other hints on their identity. | ||
- | * Don't attach any personal information to your own account, e.g. don't use your photo as an avatar. | ||
- | * Regularly update the security of your operating system and of Pidgin and use an anti virus program if you have MS Windows. | ||
- | * Be aware that the software you use could be hacked by a ' | ||
- | * Ask your chat partners if they know about these security measures, e.g. if they deactivated the logging. | ||
- | |||