search

snikket-im / snikket-ios

Snikket iOS client
https://snikket.org/app/ios/
GNU General Public License v3.0
72 stars 10 forks source link

Avoid sending the "from" JID before starttls #211

Open realbiz21 opened 1 year ago

realbiz21 commented 1 year ago

Describe your feature proposal Hide the "from" JID when connecting to a server before TLS establishment has occurred for a starttls-required server.

Is your feature request related to a problem? Please describe. No, but it would increase user privacy.

When establishing an initial connection to an XMPP server, the following is sent without encryption when a client executes the XmppClient.login() method:

<stream to="[server]" from="[user_jid]" ...>

The user's JID is exposed prior to the starttls proceeding and visible to a passive network observer.

Additional context Using: Snikket version 1.2.

The issue is similar to tigase/siskin-im#217 however it appears Siskin IM uses a later version of the Martin library. Snikket iOS appears to use version 2.1.3 and the solution described in the above issue does not apply.

However, while looking at version 2.1.3, there appears(?) to be something similar via a SEE_OTHER_HOST_KEY flag, though I am unfamiliar with the Swift language:

https://github.com/tigase/Martin/blob/2.1.3/Sources/TigaseSwift/XmppSessionLogic.swift#L339

I am unaware if this is a valid solution having limited iOS experience.