Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] How secure is Bitlbee?

StealthMonger StealthMonger at
Sun Dec 23 15:38:25 PST 2012

Hash: SHA1

Uncle Zzzen <unclezzzen at> writes:

> Lately I've discovered and I feel a lot more
> comfy with it.  My question is, how secure is Bitlbee compared to
> Jitsi or Pidgin?

bitlbee appears to be a low-latency, connection-based technology and
will therefore have the same security defects as any other low-latency
technology, such as Tor.  Low latency implies that an observer who can
monitor both sides of the connection can swiftly detect that they are
in communication, just by the packet timing and volume.

To avoid this defect, security has to be message-based rather than
connection-based, and the messages have to be encrypted and travel via
a channel having high, random latency so that they get mixed with
other such messages, thwarting traffic analysis.  An example is the
mixmaster anonymizing remailer network [1].

Tor documentation [2] is relevant here:

   ... for low-latency systems like Tor, end-to-end traffic
   correlation attacks [8, 21, 31] allow an attacker who can observe
   both ends of a communication to correlate packet timing and volume,
   quickly linking the initiator to her destination.



- -- 

 -- StealthMonger <StealthMonger at>
    Long, random latency is part of the price of Internet anonymity.

   anonget: Is this anonymous browsing, or what?

   stealthmail: Hide whether you're doing email, or when, or with whom.
   mailto:stealthsuite at

Key: mailto:stealthsuite at

Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.9 <>


More information about the liberationtech mailing list