feat: obfuscate client identity and improve privacy (#165) #166
Reference in New Issue
Block a user
No description provided.
Delete Branch "feat/privacy-enhancements"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Summary
Resolves #165 by eliminating client fingerprinting and removing identifiable metadata from XMPP protocol exchanges and build-time disclosures.
Changes
Identity Spoofing (CWE-200 mitigation)
"Profanity"to"Pidgin"(src/xmpp/iq.c,src/xmpp/stanza.c)src/xmpp/iq.c)"profanity."— now a bare random string (src/xmpp/jid.c)""to prevent service discovery fingerprinting (src/xmpp/stanza.c)"pc"instead of"console"with version appended (src/xmpp/stanza.c)Configuration Hardening
PREF_REVEAL_OSdefault changed tofalse— OS information no longer exposed by default (src/config/preferences.c)"Pidgin"instead of"Profanity X.Y.Z"(src/ui/console.c)Branding
"Profanity"to"CProof"(src/main.c,src/profanity.c)src/common.c)New Feature:
/caps clear/caps clearcommand to wipe the local capabilities cache (src/command/cmd_funcs.c,src/command/cmd_defs.c)/capscommand and itsclearsubcommand (src/command/cmd_ac.c)caps_cache_clear()— clears in-memory hash tables and persists to keyfile (src/xmpp/capabilities.c,src/xmpp/capabilities.h)Tests
Security Impact
Profanity X.Y.ZPidgin<version>profanity.<random>http://profanity-im.github.ioPREF_REVEAL_OSdefaults totruefalseThis reduces the attack surface by eliminating passive fingerprinting vectors and preventing version-based targeted attacks.
Fixes #165
dddbfd7037to31dac5f81b31dac5f81btoaeb5cfd7dbaeb5cfd7dbtoe7c847f8dce7c847f8dcto4daaa383634daaa38363to02e2dc4c6202e2dc4c62to14ad962dee14ad962deeto3610f18d7d3610f18d7dtoc293387954c293387954toc5dd0cf9df