en:howto:jabber:pidgin
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Last revisionBoth sides next revision | ||
en:howto:jabber:pidgin [2022/11/29 19:31] – gelöscht - Externe Bearbeitung (Unknown date) 127.0.0.1 | en:howto:jabber:pidgin [2022/11/29 19:31] – ↷ Seite von howto:jabber_eng nach en:howto:jabber:pidgin verschoben und umbenannt y | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Instructions for using Jabber with Systemli on Pidgin ====== | ||
+ | |||
+ | ===== 1.) Why use Jabber via the Systemli server? ===== | ||
+ | |||
+ | ==== a) Encryption: ==== | ||
+ | |||
+ | The Jabber-server of Systemli is maintained by a techie-collective belonging to the radical political left. The server itself is encrypted. Connections to the Jabber-server of Systemli are only possible with SSL-encryption. This means that your Jabber-conversations with other Systemli users (address ending in | ||
+ | ...@jabber.systemli.org) is completely encrypted through SSL. This equates the encryption standard of online-banking and is said to be safe. There are also other Jabber-servers: | ||
+ | Computer Club can be recommended as well as long as the SSL-encryption is enabled. | ||
+ | (Advice: if you don't completely trust SSL (and/or the Systemli-peeps) and you wish additional encryption: use Off-the-record-encryption (OTR) or GPG additional to SSL: [[https:// | ||
+ | |||
+ | |||
+ | ==== b.) Against surveillance: | ||
+ | |||
+ | Whoever tries to watch you can find out what times you go online | ||
+ | encrypted with systemli.org. They can also see who else is doing this | ||
+ | and when. They can monitor your encrypted traffic and make out if you | ||
+ | use it more frequently at certain times. | ||
+ | But they can't see who you are communicating with or about what. | ||
+ | This results in very minor findings during a surveillance. (When using | ||
+ | pgp-encrypted e-mails the findings are more interesting as they can | ||
+ | see who you are talking to!) | ||
+ | (Advice: if you don't want anyone to be able to find out when you are | ||
+ | connecting to systemli.org and how much traffic you have, use the | ||
+ | additional tool called TOR (see further down) to anonymise your | ||
+ | conversations). | ||
+ | |||
+ | ===== 2.) Download Pidgin: ===== | ||
+ | |||
+ | http:// | ||
+ | your corresponding operating system. (With Linux you can just use the | ||
+ | general software download pool) | ||
+ | |||
+ | ===== 3.) Checking the download: ===== | ||
+ | If you're techno-savvy enough you should | ||
+ | check if you really downloaded the right software (when using Linux | ||
+ | this is not necessary). If you're not.... pray to Bakunin that the | ||
+ | cops or other fuckwits didn't just send you a fake Pidgin that turns | ||
+ | out to be a ' | ||
+ | |||
+ | ===== 4.) Install Pidgin ===== | ||
+ | |||
+ | Install Pidgin as your operating system demands it. | ||
+ | |||
+ | ===== 5.) Set up account on server: ===== | ||
+ | Visit [[https:// | ||
+ | |||
+ | ===== 5.) Start Pidgin, set up account: ===== | ||
+ | |||
+ | ==== a) Tab: Basic: ==== | ||
+ | |||
+ | Protocol: XMPP | ||
+ | User: choose a name | ||
+ | that is random enough so you can't be identified through it Resource: | ||
+ | leave that one blank (this is important as it could reveal information | ||
+ | about your computer) | ||
+ | Domain: jabber.systemli.org | ||
+ | Password: insert your | ||
+ | password here (special characters, numbers, upper and lower case; at | ||
+ | least 12 digits long; don't use it for anything else). DON'T tick the | ||
+ | box 'save password' | ||
+ | computer is completely encrypted). | ||
+ | Rest: leave blank | ||
+ | |||
+ | Tick box: ' | ||
+ | |||
+ | {{: | ||
+ | |||
+ | |||
+ | ==== b.) Tab: Advanced: ==== | ||
+ | |||
+ | DON'T tick box: 'Allow plaintext auth over unencrypted streams' | ||
+ | |||
+ | Connect port: 5222 Connect | ||
+ | server: leave blank [in case you use TOR you should insert the | ||
+ | IP-address of the jabber server here (Command: tor-resolve | ||
+ | jabber.systemli.org) In Windows you can find tor-resolve under | ||
+ | %PROGRAMFILES%\Vidalia Bundle\Tor\] File transfer proxies: there is | ||
+ | something pre-chosen, make it empty | ||
+ | <note warning> | ||
+ | BOSH URL: leave blank Show Custom Smilys: why not, | ||
+ | |||
+ | {{: | ||
+ | |||
+ | |||
+ | ==== c.) Tab: PROXY: ==== | ||
+ | If you don't use TOR, you can leave this as it is. If | ||
+ | you would like to use TOR, you firstly have to get it up and running: | ||
+ | https:// | ||
+ | * Proxy type: SOCKS 5 | ||
+ | * Host: 127.0.01 | ||
+ | * Port: 9050 (if you're using Tor standalone), | ||
+ | * Rest: leave blank | ||
+ | press ' | ||
+ | |||
+ | {{: | ||
+ | |||
+ | < | ||
+ | |||
+ | < | ||
+ | |||
+ | If you lost the connection to the jabberserver after it, you set up tor and pidgin correct. Now you can start tor again and login to you jabberaccount: | ||
+ | |||
+ | < | ||
+ | </ | ||
+ | |||
+ | ===== 6.) Adjustments ===== | ||
+ | |||
+ | This is very important to do it right! If you got | ||
+ | something wrong in the earlier steps, your jabber is quite likely to | ||
+ | just not work. But if you make a mistake now, jabber works but you | ||
+ | endanger you and other users! | ||
+ | |||
+ | ==== a.) Disable Logging ==== | ||
+ | Logging Tools → Preferences → Logging YOU HAVE TO TURN OFF ALL LOGGING!!! Make sure that non of the | ||
+ | ' | ||
+ | the first chat! Afterwards you can 'go online' | ||
+ | |||
+ | {{: | ||
+ | |||
+ | |||
+ | ==== b.) Test SSL certificate ==== | ||
+ | Now you get a message about a the SSL | ||
+ | certificate. Look at the fingerprint before your first chat! Compare | ||
+ | the SHA-1 fingerprint with the one you can see on | ||
+ | https:// | ||
+ | click on ' | ||
+ | it can't validate the fingerprint, | ||
+ | have just done that yourself. The fingerprint expires at some point | ||
+ | and a new one will be issued, which you can find under | ||
+ | https:// | ||
+ | notified before the certificate is renewed. At all times you can view | ||
+ | the fingerprint of your account at: tools → certificate → info, to | ||
+ | compare it with the ones displayed on the website. In case you are | ||
+ | notified about a changing certificate and you can't find any hint on | ||
+ | the Systemli website, please let us know immediately | ||
+ | (mailto: | ||
+ | |||
+ | {{: | ||
+ | |||
+ | |||
+ | ===== 7.) OTR ===== | ||
+ | |||
+ | To be able to encrypt your messages, download OTR (off-the-record-messaging) from this page: www.cypherpunks.ca/ | ||
+ | plugin ' | ||
+ | |||
+ | ===== 8.) Looking for your chat partners ===== | ||
+ | |||
+ | When you are online, you can add buddies to your list with ' | ||
+ | added, you get a message asking you to confirm that buddy. To start a | ||
+ | chat, double-click on the buddy. If the one you want to talk to is not | ||
+ | online, you can leave a message that they will receive when they go | ||
+ | online. Once the messages have been delivered, they are not on the | ||
+ | Systemli server anymore. Because no-one uses logging (hopefully), | ||
+ | messages are gone after you have logged off from Pidgin. The one thing | ||
+ | that remains on your computer though is the list of your buddies. If | ||
+ | your computer is not completely encrypted and it gets confiscated/ | ||
+ | stolen, who ever did it can access the buddy-list (including all of | ||
+ | the infos your buddies have attached to their online appearance, and | ||
+ | also anything you have renamed their nicks!). Therefore, please | ||
+ | consider the following point! | ||
+ | |||
+ | ===== 9.) Don't do anything stupid! ===== | ||
+ | |||
+ | * If there is some kind of emergency and you need to use jabber via a browser, use: | ||
+ | https:// | ||
+ | imo.im etc.). | ||
+ | * °Take care that no-one can access your computer while you are logged in to jabber and log out once you leave the house/ | ||
+ | * Don't save your password on your non encrypted computer or on the computer of someone else. ° Don't change the nicks of your buddies into their real names and also don't give any other hints on their identity. | ||
+ | * Don't attach any personal information to your own account, e.g. don't use your photo as an avatar. | ||
+ | * Regularly update the security of your operating system and of Pidgin and use an anti virus program if you have MS Windows. | ||
+ | * Be aware that the software you use could be hacked by a ' | ||
+ | * Ask your chat partners if they know about these security measures, e.g. if they deactivated the logging. | ||
+ | |||