Does pidgin still save your password in plain text (or base64-ized) in a configuration file in your home? I haven't used them in years because of this, and we also banned it in our company to avoid mistakes.
libpurple saving passwords in plain text is the correct decision. If it did encrypt them, it would also have to hold the key, so it would only add a false sense of security.
The only improvement would be a hardware-backed secret storage mechanism, but those aren't exactly ubiquitous.
There is a plugin called "Windows Credentials", which according to the description uses Windows credentials instead of saving the passwords as plaintext.
I am unfortunately not exactly aware of what this means in practice, but I doubt it is worse than the default behaviour. But for Windows only, one could assume.
It would be nice if Whatsapp, which is so popular, would help make its users a lot more secure by adopting end-to-end encryption, perhaps like what TextSecure v2 is using.
Getting people to use services with proper encryption is going to be a very slow process unless we convince/pressure the big ones to do it.
This is awesome! Must have taken a fair bit of hacking to get working, given WhatsApp's policies.
Does anyone know if there are mobile apps based on Pidgin? Pidgin/Purple solved the multi-chat-client problem so well for the desktop, I'd love it to do the same on mobile.
Pidgin is great. I have all my services hooked up to it: Aim/FB(when i had it)/Multiple Steam accounts/GTalk etc. Really great light weight chat client. Just wish there was a way to get Skype contacts on it.
There actually is a way, you can use Skype4Pidgin. However this requires you to have skype running, but you are able to chat with your skype contacts through Pidgin.
I do have to note that I've used this with Finch (also uses the purple library) and I've had one incident that I was talking to one person and one of my messages was mysteriously sent to a group chat instead of that one person. I've only had that happen to me once and I've not had that with Pidgin.
[+] [-] giovannibajo1|12 years ago|reply
[+] [-] aaren|12 years ago|reply
https://code.google.com/p/pidgin-gnome-keyring/
[+] [-] nodata|12 years ago|reply
Pidgin needs to supply the plaintext password to the server to authenticate.
[+] [-] lucian1900|12 years ago|reply
The only improvement would be a hardware-backed secret storage mechanism, but those aren't exactly ubiquitous.
[+] [-] vikas0380|12 years ago|reply
"Purple does not now and is not likely to encrypt the passwords in the accounts.xml file, nor is it likely to be encrypted in a future release. "
[+] [-] Vilkku|12 years ago|reply
I am unfortunately not exactly aware of what this means in practice, but I doubt it is worse than the default behaviour. But for Windows only, one could assume.
[+] [-] X4|12 years ago|reply
[+] [-] kcbanner|12 years ago|reply
[+] [-] salient|12 years ago|reply
Getting people to use services with proper encryption is going to be a very slow process unless we convince/pressure the big ones to do it.
[+] [-] mxchael|12 years ago|reply
[+] [-] sturmeh|12 years ago|reply
[+] [-] thomasahle|12 years ago|reply
Does anyone know if there are mobile apps based on Pidgin? Pidgin/Purple solved the multi-chat-client problem so well for the desktop, I'd love it to do the same on mobile.
[+] [-] X4|12 years ago|reply
[+] [-] amjd|12 years ago|reply
https://news.ycombinator.com/item?id=6913300
https://github.com/venomous0x/WhatsAPI
[+] [-] govindkabra31|12 years ago|reply
[+] [-] Axsuul|12 years ago|reply
[+] [-] jullles|12 years ago|reply
[+] [-] rfnslyr|12 years ago|reply
[+] [-] Attic|12 years ago|reply
Here's the link: http://code.google.com/p/skype4pidgin/
[+] [-] amjd|12 years ago|reply
[deleted]