Connecting to an onion service leaks DNS requests to clearnet
Upon connecting to any .onion account/server the client performs a DNS lookup for _xmppconnect.[...].onion which leaks the requested onion service to the users DNS resolver and its upstreams.
You can watch this happen by running
sudo tcpdump udp port 53 -vv -X in any terminal window and then connecting to any (valid or not) .onion.
I don't python, but a patch like the following should fix the issue
diff --git a/gajim/common/connection.py b/gajim/common/connection.py index 571e00d30..90b0bafd0 100644 --- a/gajim/common/connection.py +++ b/gajim/common/connection.py @@ -1078,12 +1078,16 @@ class Connection(CommonConnection, ConnectionHandlers): h = hostname p = 5222 ssl_p = 5223 + use_txt = True if use_custom: h = custom_h p = custom_p ssl_p = custom_p if not self.redirected: use_srv = False + if h.endswith('.onion'): + use_srv = False + use_txt = False self.redirected = None # SRV resolver @@ -1095,7 +1099,7 @@ class Connection(CommonConnection, ConnectionHandlers): ] self._hostname = hostname - if h: + if h and use_txt: app.resolver.resolve('_xmppconnect.' + helpers.idn_to_ascii(h), self._on_resolve_txt, type_='txt')