[Pidgin] #9571: Security issue for shared or public computer users

Pidgin trac at pidgin.im
Tue Jun 30 09:11:39 EDT 2009


#9571: Security issue for shared or public computer users
--------------------------+-------------------------------------------------
 Reporter:  phamthanhnam  |        Owner:  rekkanoryo  
     Type:  defect        |       Status:  new         
Milestone:                |    Component:  unclassified
  Version:  2.5.7         |   Resolution:              
 Keywords:                |  
--------------------------+-------------------------------------------------
Description changed by phamthanhnam:

Old description:

> In my opinion, Pidgin is good for many home users who have their own
> computers, but it is not suited for public computer users who use the
> same user account (as guest) on a computer yet.
> We can see this situation in Internet cafés, exhibitions, hotels,
> airports, libraries, classrooms, etc... With default configuration,
> Pidgin logs all messages and conversations of all accounts without
> notification to users and these messages and conversations are not
> encrypted. Any user can easily view others' private messages even when
> they have already logged off, and any curious malefactor can easily turn
> on logging to trap others. The same manner when I borrow a computer from
> someone or lend someone my computer for a moment. This seems to be a
> security issue.
> So, for support better users in a shared public environment, I suggest to
> add an option "Temporary Account" or something when creating a new
> account. Users using computers that ain't their own will choose this
> option. This temporary account will not memorize or log any private
> information and will be auto-deleted when user logs out.

New description:

 In my opinion, Pidgin is good for many home users who have their own
 computers, but it is not suited for public computer users who use the same
 user account (as guest) on a computer yet.
 We can see this situation in Internet cafés, exhibitions, hotels,
 airports, libraries, classrooms, etc... With default configuration, Pidgin
 logs all messages and conversations of all accounts without notification
 to users and these messages and conversations are not encrypted. Any user
 can easily view others' private messages even when they have already
 logged off, and any curious malefactor can easily turn on logging to trap
 others. The same manner when I borrow a computer from someone or lend
 someone my computer for a moment. This seems to be a security issue.[[BR]]
 So, for support better users in a shared public environment, I suggest to
 add an option "Temporary Account" or something when creating a new
 account. Users using computers that ain't their own will choose this
 option. This temporary account will not memorize or log any private
 information and will be auto-deleted when user logs out.

--

-- 
Ticket URL: <http://developer.pidgin.im/ticket/9571#comment:1>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list