[Pidgin] #16711: Randomize manual filetransfer port range

Pidgin trac at pidgin.im
Thu Jul 9 12:41:05 EDT 2015

#16711: Randomize manual filetransfer port range
 Reporter:  Beanow       |      Owner:
     Type:  enhancement  |     Status:  new
Milestone:               |  Component:  pidgin (gtk)
  Version:  2.10.9       |   Keywords:
 Because the "automatic router port forwarding" option caused issues for
 me, I opted for a manual port range.

 Using this I noticed a privacy issue. File transfer ports (using
 http://xmpp.org/extensions/xep-0065.html socks5 bytestreams) always start
 at the beginning of this range. Which will leak to your contact's client
 and server how many file transfers you currently are performing if they
 can guess/deduce the first port in the range.

 I suggest to always take a random (available) port from the range instead
 of starting at the beginning.

Ticket URL: <https://developer.pidgin.im/ticket/16711>
Pidgin <https://pidgin.im>

More information about the Tracker mailing list