Pidgin

From LinuxReviews
Jump to navigationJump to search
Pidgin
Pidgin 2.2.1.png
Initial release31 December 1998
Operating systemCross-platform (Windows, GNU/Linux, no Pidgin for u if u use Mac).
TypeInstant messaging client
LicenseGPL
Websitepidgin.im
Chat.png

Pidgin (originally known as "Gaim" - but not "Gajim" which is the best IM out there) is a multi-platform multi-protocol instant messaging client which allows you to connect to pretty much all the different messaging services. You can use Pidgin to talk to people on Discord, Google Hangouts, IRC, Matrix and many other services from Pidgin as long as you have an account at those services. It can support secure messaging over insecure messaging networks using a Off-The-Record or OMEMO plugin as long as both parties have support for that overlay protocol.

Pidgin has one major security-flaw: Account passwords are stored as plain text.

Pidgin is free software available under the GNU General Public License and works on all the popular desktop operating systems (GNU/Linux, BSD, and Windows, no Android version).

Protocol Support

Pidgin's strength is it's ability to manage multiple accounts on multiple services so you don't have to care what messaging program someone else happens to prefer.

Pidgin-protocols-supported.jpg

As of Pidgin 2.13.0 the supported protocols are:

  • AIM (AOL Instant Messenger, uses the OSCAR protocol)
  • Bonjour (Local network chat protocol made by Apple)
  • Discord
  • Gadu-Gadu
  • GroupWise
  • Hangouts
  • ICQ
  • Internet Relay Chat (IRC)
  • Matrix
  • SIMPLE (The text part of the SIP VOIP protocol)
  • Sametime
  • eXtensible Messaging and Presence Protocol (XMPP, also known as Jabber. Used by Google Talk)
  • Zephyr

Security

Encrypted Anonymous Conversations are supported (using the OTR plugin)

You absolutely have to be very aware that many IM protocols are based on plain-text and many of those who are not go through closed source servers who monitor everything (Discord etc).

There is a plugin for secure messaging over a standard protocol called "Off The Record" (OTR) available for Pidgin. Installing and using the Off The Record plugin is advisable. OTR adds an encryption layer on top of the messaging networks protocol. It's major disadvantage and flaw is that both ends must have it installed and it is unlikely that some random person you'd like to have a conversation with has it.

The OTR protocol for Pidgin is available in most distributions under a package-name like pidgin-otr. It can also be downloaded from http://www.cypherpunks.ca/otr/. The OTR software has not been updated since 2016. It is nevertheless considered to be secure as there are no known flaws.

Compromised accounts configuration file

A huge issue with Pidgin in terms of security however is that ALL OF YOUR ACCOUNTS AND PASSWORDS ARE STORED IN A PLAIN TEXT XML FILE ~/.purple/accounts.xml[1].

Verdict and recommendation

Pidgin is a nice piece of software with support for many protocols. And the support for private messages using the Off The Record plugin - if you and the conversation partner have it - is nice. However, it is hard to ignore the obvious problem with storing all your account passwords in a single plain-text XML file. The selling-point for a program like Pidgin is the support for managing multiple accounts from one piece of software. You're putting all your eggs in one basket and in the case of Pidgin it's a plain-text basket.

If you can live with that major flaw then Pidgin's fine. If it concerns you - and it should - then Pidgin is simply not an option.

Links

Pidgin's homepage is at http://pidgin.im/

Notes


Add your comment
LinuxReviews welcomes all comments. If you do not want to be anonymous, register or log in. It is free.