I believe the Tails documentation pages includes advice not to live install any extra add-ons. Certainly a page in the Tor documentation pages strongly advises against using any but a small list of add-ons with Tor. (That page is hopelessly outdated, but I believe that the advice is still valid.)
There are several reasons why this might be a bad idea:
verifying the authenticity of the code can be difficult, even if you use the mozilla add-on site (this has been specifically targeted in a sophisticated attempted MITM attack using an improperly obtained wildcard certificate)
you increase the number of devs in whom you place trust; it only takes one bad apple to break your implicit security model ("trust all software if the dev says it is intended to promote privacy")
you increase the number of devs in whose coding skill you place trust
even if the dev is trustworthy, the code is well written, and has not been tampered with, it might still interact badly with Tails.
CryptoCat is a topic of particular controversy in the privacy community. Several highly respected researchers have stated that the design philosophy is inherently risky (for what its worth, I think they have a point there); others have said that the Cryptocat dev's initiative is admirable but that helping people in dangerous situations requires high skill levels as well as enthusiasm for doing good. If you search using the Tails provided search engines, you can almost certainly find some previous discussions dating back several years.
All that said, I have to agree with the previous comment, that the Pidgin chat client included with Tails is hard for a beginner to use. In any case, no-one should use chat unless they are using OTC or one of a handful of tools which offer similar encryption.
Providing easy to use chat secure to OTR standards appears to be one of the two biggest gaps in current tools like Tails; the other is anonymous email. But obtaining reasonably anonymous email will require a resurgence of work on remailers (which is happening, so there is reason for hope some years down the line), whereas secure chat tools do appear to be available now; the problem is that these haven't yet been sufficiently integrated into Tails. Or if they have, that is not evident from the documentation and the number of questions in this forum asking how to use Tails to engage in anonymous private chats.
Comment by
Anonymous
— Mon 29 Apr 2013 07:14:41 PM CEST
OP:
I believe the Tails documentation pages includes advice not to live install any extra add-ons. Certainly a page in the Tor documentation pages strongly advises against using any but a small list of add-ons with Tor. (That page is hopelessly outdated, but I believe that the advice is still valid.)
There are several reasons why this might be a bad idea:
CryptoCat is a topic of particular controversy in the privacy community. Several highly respected researchers have stated that the design philosophy is inherently risky (for what its worth, I think they have a point there); others have said that the Cryptocat dev's initiative is admirable but that helping people in dangerous situations requires high skill levels as well as enthusiasm for doing good. If you search using the Tails provided search engines, you can almost certainly find some previous discussions dating back several years.
All that said, I have to agree with the previous comment, that the Pidgin chat client included with Tails is hard for a beginner to use. In any case, no-one should use chat unless they are using OTC or one of a handful of tools which offer similar encryption.
Providing easy to use chat secure to OTR standards appears to be one of the two biggest gaps in current tools like Tails; the other is anonymous email. But obtaining reasonably anonymous email will require a resurgence of work on remailers (which is happening, so there is reason for hope some years down the line), whereas secure chat tools do appear to be available now; the problem is that these haven't yet been sufficiently integrated into Tails. Or if they have, that is not evident from the documentation and the number of questions in this forum asking how to use Tails to engage in anonymous private chats.
As far as I know, nobody has researched this topic yet.