Closed cha0s closed 3 years ago
It looks like the OTR plugin pulls this directly from the purple_account_get_username()
call which is where we pull the email address for auth too, and where a lot of UI expects the username field to be, to use as the unique ID for all settings to be stored against.
Workarounds could be:
otrl_proto_default_query_msg
As the 'username' in Pidgin/libpurple is more of an internal field (eg, for some protocol plugins that use the "user splits" feature it could be a hybrid of emails and servers and config), I feel like this is something more suited to the OTR plugin to solve, but happy to discuss
Thank you for the thoughtful response! I opened a report here: https://bugs.otr.im/plugins/pidgin-otr/-/issues/156 but I have to say that I am not very optimistic about this being implemented as the last commit on that project appears to have been 2 years ago :(
Much appreciate the time you took to dig in on this a little bit! I will close this issue as I'm not sure there's a satisfactory solution to be achieved here.
To the OTR plugins credit, their plugin has been rock-solid and hasn't really needed an update, which might be why there hasn't been any commits lately. Private information leaks would be fairly important to them, I imagine, so hopefully this prompts them to make a change.
That said, I'm not completely against making changes in the Discord plugin if it would help - I don't want to be leaking any sensitive information to other people if there's any way we can avoid it.
Please feel free to re-open this issue if you can come up with a way that we can workaround the leakage in the plugin, or if you get no response from the OTR guys.
Since the 'username' used for discord is the email address, this information is disclosed when negotiating an OTR connection. This should be fixed, somehow. Seems
discord_create_fullname
is one way this could be done. I would appreciate any guidance on how to accomplish this!