Hacker News new | ask | show | jobs
by ryanlol 2945 days ago
>If you are paranoid, use Pidgin with OTR plugin.

Don't do that, this is a super bad idea. If you really have to go that way, at least use coyim or something. Definitely not anything libpurple based.
2 comments
jsjohnst 2945 days ago
Keybase.io chat is quite good too.
link
lqdc13 2945 days ago
Why? Because they had a code exec vuln in 2017?

On the CoyIM site it says: "Not yet audited. Do not use for anything sensitive."

link
ryanlol 2945 days ago
So who audited pidgin and libOTR?

>Because they had a code exec vuln in 2017?

No. Look at the code, it’s scary! Pidgin and libPurple were not built with security in mind.

Coyim is being built ground up in an effort to avoid the numerous issues surrounding Pidgin/libOTR.

I think you absolutely should not use either, but if you’re going to use one at least use Coyim.

link