TyperTech
Regular Member
- Joined
- Feb 26, 2024
- Posts
- 44
- Reaction score
- 0
- Status
- Offline
- Last Seen
Guide to Installing Gajim, the Popular XMPP Client on Tails
Sponsored by eGangster, a clearnet OpSec educational site (https://egangster.org)
If you are on Tails you already have a great XMPP client, Pidgin Internet Messenger. The name is about as uncool as Gajim yet the latter has risen to become rather popular among the choices. I think it is likely due to one big factor, the easier use of OMEMO support.
In brief there are three current privacy protocols that can be used to make those anonymous messages super anonymous and yes, those messaging have to be using the same protocol. OpenPGP or just PGP is what you know from Kleopatra messaging. It uses keys to encrypt things behind the scenes between two chatters. OTR or off the record is based on OpenPGP and adds the benefit that it is well, off the record meaning is does not save message history. OMEMO is rather different in that it uses double-ratchet system encryption which no one on earth understands but sounds sophisticated. What this protocol does do is allow you to have group chat because the others would be a nightmare to try and maintain multiple connections and keys among all chatters.
Thing is the whole XMPP deal is encrypted end to end (TLS, Transport Layer Security), so why do we need another encryption layer? Hold on people. We talk about end to end because it is encrypted while in transit but in reality there is a point where it’s not encrypted—when it gets to the provider’s server. E2E in this case is rather misleading. Here, end to end is like an armored truck transporting your message from one sender to another. It has to stop by HQ to register and route the contents. Although the contents stay on the truck and don’t go elsewhere the guards in the truck (the provider server) could potentially read your message now that the truck is not bouncing around (at the server), so these extra encryption protocols are like putting your message in a steel safe which is transported on the truck. No way is anybody gonna crack that or snoop your comms now.
So which method is better? It’s what we immediately ask isn’t it. PGP I think is legacy status because OTR is superior, but between OTR and OMEMO if one were truly better the other wouldn’t exist so the answer is each has it’s benefits. If both are good though I imagine people won’t be switching back and forth between them so OMEMO is likely to win out because hey, if your chat becomes a party you’re ready to go.
Installing Gajim on Tails
The objective is to add Gajim as if it were a Tails program which saves your settings and is available in the same menu as Pidgin. The way we’ll do it is not though the Synaptic Package Manager of Tails but rather plain ol’ Unix CLI, as root user of course. When we’re done Gajim will automatically load on startup (it does take a while FYI but fail you it will not).
- First you need to have Tails configured to use Persistent Storage and have set an Administrative Password from the welcome screen. This is a basic Tails thing to search for if you are unsure. Also, you’ll need to tell your Persistent Storage to save Dotfiles which are settings files for programs. This task can be done by going to the very bottom of the Persistent Storage settings (Applications > System Tools > Persistent Storage).
- In Tails go to Applications > System Tools > Root Terminal.
- Type and enter each of the following lines. You will get a notification at the top of your screen each time asking if you want to install it once or every time. Click install every time:
apt install gajim
apt install gajim-omemo
- Now go to Applications > Internet and you should see Gajim! If not restart Tails.
- Launch Gajim and awe in wonder.
- You will see it has credential fields in which to sign in but there is a minor catch. It needs to be told it will be going over a Tor proxy. So put in your creds but then
- Check the Advanced Settings box and login. In the connection dialogue select Tor as a proxy (it’s settings are already appropriate), and fill in your provider and type the default port number which is listed for you (5222). Your provider is the suffix part of your username after the @.
- Now log in and connect. Next configure the client settings to your liking from the menu option Gajim > Preferences.
- The last step we need to do is make these program settings persistent by copying the newly created program setting files to your Persistent Storage. Tails is so cool that simply by doing so it will load them next time and hence forth.
- Open any file folder from Places and Show Hidden Files by clicking the folder options hamburger icon in the upper right. Now navigate to the Dotfiles folder and create a new folder called ".local". In there create a new folder called "share". Open that directory and leave the folder open. Now open a new file folder from Places and navigate to Home > .local > share. You will find a directory called "gajim" which you should copy in it’s entirety to the open Dotfiles > .local > share directory. That does it!
Gajim Usage Tips
As you add a contact and start to chat there are two important buttons in the lower right. As you will see the left one provides the option to use OMEMO which you need to select. To the right is information about the other’s fingerprint (synonymous as saying key) which verifies you are chatting with the correct person. Compare that with what you see on their NSFW account or wherever to make sure it is the same, then validate it so you can start to chat securely like the eGangter you know you are.
Your OMEMO fingerprint can found under Gajim > Plugins > OMEMO when you click the settings wheel button on the right.
Sponsored by eGangster, a clearnet OpSec educational site (https://egangster.org)
If you are on Tails you already have a great XMPP client, Pidgin Internet Messenger. The name is about as uncool as Gajim yet the latter has risen to become rather popular among the choices. I think it is likely due to one big factor, the easier use of OMEMO support.
In brief there are three current privacy protocols that can be used to make those anonymous messages super anonymous and yes, those messaging have to be using the same protocol. OpenPGP or just PGP is what you know from Kleopatra messaging. It uses keys to encrypt things behind the scenes between two chatters. OTR or off the record is based on OpenPGP and adds the benefit that it is well, off the record meaning is does not save message history. OMEMO is rather different in that it uses double-ratchet system encryption which no one on earth understands but sounds sophisticated. What this protocol does do is allow you to have group chat because the others would be a nightmare to try and maintain multiple connections and keys among all chatters.
Thing is the whole XMPP deal is encrypted end to end (TLS, Transport Layer Security), so why do we need another encryption layer? Hold on people. We talk about end to end because it is encrypted while in transit but in reality there is a point where it’s not encrypted—when it gets to the provider’s server. E2E in this case is rather misleading. Here, end to end is like an armored truck transporting your message from one sender to another. It has to stop by HQ to register and route the contents. Although the contents stay on the truck and don’t go elsewhere the guards in the truck (the provider server) could potentially read your message now that the truck is not bouncing around (at the server), so these extra encryption protocols are like putting your message in a steel safe which is transported on the truck. No way is anybody gonna crack that or snoop your comms now.
So which method is better? It’s what we immediately ask isn’t it. PGP I think is legacy status because OTR is superior, but between OTR and OMEMO if one were truly better the other wouldn’t exist so the answer is each has it’s benefits. If both are good though I imagine people won’t be switching back and forth between them so OMEMO is likely to win out because hey, if your chat becomes a party you’re ready to go.
Installing Gajim on Tails
The objective is to add Gajim as if it were a Tails program which saves your settings and is available in the same menu as Pidgin. The way we’ll do it is not though the Synaptic Package Manager of Tails but rather plain ol’ Unix CLI, as root user of course. When we’re done Gajim will automatically load on startup (it does take a while FYI but fail you it will not).
- First you need to have Tails configured to use Persistent Storage and have set an Administrative Password from the welcome screen. This is a basic Tails thing to search for if you are unsure. Also, you’ll need to tell your Persistent Storage to save Dotfiles which are settings files for programs. This task can be done by going to the very bottom of the Persistent Storage settings (Applications > System Tools > Persistent Storage).
- In Tails go to Applications > System Tools > Root Terminal.
- Type and enter each of the following lines. You will get a notification at the top of your screen each time asking if you want to install it once or every time. Click install every time:
apt install gajim
apt install gajim-omemo
- Now go to Applications > Internet and you should see Gajim! If not restart Tails.
- Launch Gajim and awe in wonder.
- You will see it has credential fields in which to sign in but there is a minor catch. It needs to be told it will be going over a Tor proxy. So put in your creds but then
- Check the Advanced Settings box and login. In the connection dialogue select Tor as a proxy (it’s settings are already appropriate), and fill in your provider and type the default port number which is listed for you (5222). Your provider is the suffix part of your username after the @.
- Now log in and connect. Next configure the client settings to your liking from the menu option Gajim > Preferences.
- The last step we need to do is make these program settings persistent by copying the newly created program setting files to your Persistent Storage. Tails is so cool that simply by doing so it will load them next time and hence forth.
- Open any file folder from Places and Show Hidden Files by clicking the folder options hamburger icon in the upper right. Now navigate to the Dotfiles folder and create a new folder called ".local". In there create a new folder called "share". Open that directory and leave the folder open. Now open a new file folder from Places and navigate to Home > .local > share. You will find a directory called "gajim" which you should copy in it’s entirety to the open Dotfiles > .local > share directory. That does it!
Gajim Usage Tips
As you add a contact and start to chat there are two important buttons in the lower right. As you will see the left one provides the option to use OMEMO which you need to select. To the right is information about the other’s fingerprint (synonymous as saying key) which verifies you are chatting with the correct person. Compare that with what you see on their NSFW account or wherever to make sure it is the same, then validate it so you can start to chat securely like the eGangter you know you are.
Your OMEMO fingerprint can found under Gajim > Plugins > OMEMO when you click the settings wheel button on the right.