feat: obfuscate client identity and improve privacy (#165) #166

Manually merged
jabber.developer merged 2 commits from feat/privacy-enhancements into master 2026-07-10 09:05:11 +00:00

Summary

Resolves #165 by eliminating client fingerprinting and removing identifiable metadata from XMPP protocol exchanges and build-time disclosures.

Changes

Identity Spoofing (CWE-200 mitigation)

  • Default XMPP version response name changed from "Profanity" to "Pidgin" (src/xmpp/iq.c, src/xmpp/stanza.c)
  • Version string in XMPP version responses set to empty (src/xmpp/iq.c)
  • Resource names no longer prefixed with "profanity." — now a bare random string (src/xmpp/jid.c)
  • Capabilities node URI cleared to "" to prevent service discovery fingerprinting (src/xmpp/stanza.c)
  • Caps identity type set to "pc" instead of "console" with version appended (src/xmpp/stanza.c)

Configuration Hardening

  • PREF_REVEAL_OS default changed to false — OS information no longer exposed by default (src/config/preferences.c)
  • Privacy settings console now displays "Pidgin" instead of "Profanity X.Y.Z" (src/ui/console.c)

Branding

  • Version output and startup log messages renamed from "Profanity" to "CProof" (src/main.c, src/profanity.c)
  • Internal comment updated to reference CProof (src/common.c)

New Feature: /caps clear

  • Added /caps clear command to wipe the local capabilities cache (src/command/cmd_funcs.c, src/command/cmd_defs.c)
  • Added autocomplete for /caps command and its clear subcommand (src/command/cmd_ac.c)
  • Implemented caps_cache_clear() — clears in-memory hash tables and persists to keyfile (src/xmpp/capabilities.c, src/xmpp/capabilities.h)

Tests

  • Brittle tests are fixed by using wildcard '*' sign.

Security Impact

Before After
Client advertised as Profanity X.Y.Z Spoofed as Pidgin
Version string exposed in <version> Empty string
Resource prefix profanity.<random> 28 random numbers, ejabberd-like
Caps node http://profanity-im.github.io Spoofed URI
PREF_REVEAL_OS defaults to true Defaults to false
Build hash visible in version Version string empty in protocol

This reduces the attack surface by eliminating passive fingerprinting vectors and preventing version-based targeted attacks.

Fixes #165

### Summary Resolves #165 by eliminating client fingerprinting and removing identifiable metadata from XMPP protocol exchanges and build-time disclosures. ### Changes **Identity Spoofing (CWE-200 mitigation)** - Default XMPP version response name changed from `"Profanity"` to `"Pidgin"` (`src/xmpp/iq.c`, `src/xmpp/stanza.c`) - Version string in XMPP version responses set to empty (`src/xmpp/iq.c`) - Resource names no longer prefixed with `"profanity."` — now a bare random string (`src/xmpp/jid.c`) - Capabilities node URI cleared to `""` to prevent service discovery fingerprinting (`src/xmpp/stanza.c`) - Caps identity type set to `"pc"` instead of `"console"` with version appended (`src/xmpp/stanza.c`) **Configuration Hardening** - `PREF_REVEAL_OS` default changed to `false` — OS information no longer exposed by default (`src/config/preferences.c`) - Privacy settings console now displays `"Pidgin"` instead of `"Profanity X.Y.Z"` (`src/ui/console.c`) **Branding** - Version output and startup log messages renamed from `"Profanity"` to `"CProof"` (`src/main.c`, `src/profanity.c`) - Internal comment updated to reference CProof (`src/common.c`) **New Feature: `/caps clear`** - Added `/caps clear` command to wipe the local capabilities cache (`src/command/cmd_funcs.c`, `src/command/cmd_defs.c`) - Added autocomplete for `/caps` command and its `clear` subcommand (`src/command/cmd_ac.c`) - Implemented `caps_cache_clear()` — clears in-memory hash tables and persists to keyfile (`src/xmpp/capabilities.c`, `src/xmpp/capabilities.h`) **Tests** - Brittle tests are fixed by using wildcard '*' sign. ### Security Impact | Before | After | |--------|-------| | Client advertised as `Profanity X.Y.Z` | Spoofed as `Pidgin` | | Version string exposed in `<version>` | Empty string | | Resource prefix `profanity.<random>` | 28 random numbers, ejabberd-like | | Caps node `http://profanity-im.github.io` | Spoofed URI | | `PREF_REVEAL_OS` defaults to `true` | Defaults to `false` | | Build hash visible in version | Version string empty in protocol | This reduces the attack surface by eliminating passive fingerprinting vectors and preventing version-based targeted attacks. Fixes #165
jabber.developer added 2 commits 2026-07-09 16:35:36 +00:00
Add /caps clear to wipe the local capabilities cache.
Implement autocomplete for new subcommand.
fix(xmpp): obfuscate client identity in protocol exchanges
Some checks failed
CI Code / Check spelling (pull_request) Successful in 16s
CI Code / Check coding style (pull_request) Successful in 25s
CI Code / Code Coverage (pull_request) Failing after 1m8s
CI Code / Linux (debian) (pull_request) Failing after 3m14s
CI Code / Linux (arch) (pull_request) Failing after 4m16s
CI Code / Linux (ubuntu) (pull_request) Failing after 7m42s
dddbfd7037
Modify version responses to return a generic client name and omit
version strings. Drop the "profanity." prefix from dynamically
generated JID resources. Clear the XEP-0115 capabilities node URI to
prevent service discovery fingerprinting. These adjustments reduce the
client's attack surface by minimizing identifiable metadata.
jabber.developer force-pushed feat/privacy-enhancements from dddbfd7037 to 31dac5f81b 2026-07-09 16:45:26 +00:00 Compare
jabber.developer force-pushed feat/privacy-enhancements from 31dac5f81b to aeb5cfd7db 2026-07-09 17:49:45 +00:00 Compare
jabber.developer force-pushed feat/privacy-enhancements from aeb5cfd7db to e7c847f8dc 2026-07-09 20:21:27 +00:00 Compare
jabber.developer force-pushed feat/privacy-enhancements from e7c847f8dc to 4daaa38363 2026-07-09 20:47:37 +00:00 Compare
jabber.developer force-pushed feat/privacy-enhancements from 4daaa38363 to 02e2dc4c62 2026-07-10 07:54:00 +00:00 Compare
jabber.developer force-pushed feat/privacy-enhancements from 02e2dc4c62 to 14ad962dee 2026-07-10 08:13:36 +00:00 Compare
jabber.developer force-pushed feat/privacy-enhancements from 14ad962dee to 3610f18d7d 2026-07-10 08:20:35 +00:00 Compare
jabber.developer force-pushed feat/privacy-enhancements from 3610f18d7d to c293387954 2026-07-10 08:45:55 +00:00 Compare
jabber.developer force-pushed feat/privacy-enhancements from c293387954 to c5dd0cf9df 2026-07-10 08:54:32 +00:00 Compare
jabber.developer manually merged commit c5dd0cf9df into master 2026-07-10 09:05:11 +00:00
Sign in to join this conversation.
No description provided.