Tor Messenger 0.1.0b5 is released
We are pleased to announce another public beta release of Tor Messenger. This release features important security updates to libotr, and addresses a number of stability and usability issues. All users are highly encouraged to upgrade.
The initial public release was a success in that it garnered a lot of useful feedback. We tried to respond to all your concerns in the comments of the blog post but also collected and aggregated a FAQ of the most common questions.
OTR over Twitter DMs
Tor Messenger now supports OTR conversations over Twitter DMs (direct messages). Simply configure your Twitter account with Tor Messenger and add the Twitter account you want as a contact. Any (direct) message you send to another Twitter contact will be sent over OTR provided that both contacts are running Tor Messenger (or another client that supports Twitter DMs and OTR).
Facebook support dropped
Facebook has long officially deprecated their XMPP gateway, and it doesn't appear to work anymore. We had multiple reports from users about this issue and decided that it was best to remove support for Facebook from Tor Messenger.
We hear that an implementation of the new mqtt based protocol is in the works, so we hope to restore this functionality in the future.
Before upgrading, back up your OTR keys
Before upgrading to the new release, you will need to back up your OTR keys or simply generate new ones. Please see the following steps to back them up.
In the future, we plan to port Tor Browser's updater patches (#14388) so that keeping Tor Messenger up to date is seamless and automatic. We also plan to add a UI to make importing OTR keys and accounts from Pidgin, and other clients, as easy as possible (#16526).
The secure updater will likely be a part of the next release of Tor Messenger.
Please note that Tor Messenger is still in beta. The purpose of this release is to help test the application and provide feedback. At-risk users should not depend on it for their privacy and safety.
sha256sums.txt file containing hashes of the bundles is signed with the key
3A0B 3D84 3708 9613 6B84 5E82 6887 935A B297 B391).
Here is the complete changelog since v0.1.0b4:
Tor Messenger 0.1.0b5 -- March 09, 2016
- All Platforms
- Bug 13795: Remove SPI root certificate because Debian no longer ships it
- Bug 18094: Remove references to torbutton from start-tor-messenger script
- Bug 18235: Disable Facebook as they no longer support XMPP
- Bug 17494: Better error reporting for failed outgoing messages
- Bug 17749: Show version information in the "About" window
- Bug 13312: Add support for OTR over Twitter DMs
- Bump libotr to 4.1.1
- Bug 17896: Add Edit menu to the conversation window on OS X
- GH 65: Support Unicode paths on Windows
FBI Director Comey is spending quite a bit of time these days testifying before Congress, and not all his auditors are entirely happy with his rumored decision to charge Mrs. Clinton or his insistence on breaking American cybersecurity (not to mention privacy) in order to spy better on dead criminals or whatever nonsensical excuse he offers.
Suggestion for a fun PR stunt:
Get some journalists to communicate by TM over Twitter DM with a well known whistleblower and Tor supporter currently residing in Russia, and make sure someone passes a note to Comey to tell him about it during his testimony.
We plan to highlight this feature a bit more, but I guess without the two people you mentioned :)
> We plan to highlight this feature a bit more.
> I guess without the two people you mentioned :)
I defer to your judgment on that score, but you/Shari *must* issue a statement on DOJ orders served on Apple and other companies, especially the rumored forthcoming backdoor order naming WhatsApp.
Oppressive governments may be willing to cooperate in a concerted attack on their perceived common enemy, human rights activists who use Tor, Ricochet, WhatsApp, Signal in iPhone, or whatever. On this basis, it seems not impossible that the security services of USA, UK, CN, RU, IR, VN might ink deals to collaborate in "rubber hose" breakage of cybersecurity measures protecting Open Source software. Even though those countries would be unlikely to collaborate on anything else, they are all likely to see HRW, Riseup Networks, Tor Project, WhisperSystems, Silent Circle, Apple, etc, as "dangerous adversaries" worthy of overt oppression.
It may now be true that the hand of every government is raised against us.
> Oppressive governments may be willing to cooperate in a concerted attack on their perceived common enemy, human rights activists who use Tor, Ricochet, WhatsApp, Signal in iPhone, or whatever. On this basis, it seems not impossible that the security services of USA, UK, CN, RU, IR, VN might ink deals to collaborate in "rubber hose" breakage of cybersecurity measures protecting Open Source software.
Not a day later, comes this grim news:
China asks FBI chief to help battle terrorism, hackers
15 Mar 2016
> Chinese leaders on Monday urged FBI Director James Comey to work more closely with his Beijing counterparts on Internet security and anti-terrorism cases.
> The message came during a meeting in Beijing between Comey and Chinese Public Security Minister Guo Shengkun, according to Xinhua, a state-run news agency.
> “The two sides agreed to have more pragmatic cooperation in cybersecurity and anti-terrorism,” the report said.
A key point here is that China (and increasingly, the US--- cf Prepresident Trump) have rather broad interpretations of the meaning of the word "terrorism". China already uses this term to include political dissidents, and recently FBI keeps broadening its own use of the term, to cover for example eco-activists, animal-rights activists, BLM activists, divestment activists, social-justice activists, etc. (since any of these people, according to FBI, could turn violent at any moment, or might become "anarchists" or cybersecurity enthusiasts).
The major tech companies are outraged that the USG never really supported their attempts to stand up to Chinese demands for data on Chinese citizens (and exiles living in "the West"), and have been further outraged by the hypocrisy of FBI's anti-encryption campaign (CWII) and NSA's all-pervasive economic espionage.
And now it seems FBI and NSA are considering voluntarily sharing with the government of China the personal data of US persons and proprietary information of US companies which they collect under "counter-terror" mandates. What next? NSA sharing its data trove with the government of RU? VN? IR?
All the world's governments increasingly see themselves at war with the giant tech companies, because these companies increasingly operate independently of any government's control. A spate of trade treaties even prohibits national governments from enacting laws which would attempt to bring them back under government control. So to some extent, CWII ties in with a rather desperate attempt by the world's government to wrest back control of their national portion of the global economy. Hence demands such as these by the governments of USA and CN and other nations:
> China has also irked the international business community with a series of national security laws that foreign businesses say could give Beijing access to their source code and user data.
All the world's governments also see themselves at war with their own citizens, because increasingly the masses everywhere see their interests as being grossly abused by the political/economic elite.
So in broad outline, the history of the 21st Century seems likely to involve a grand global struggle between governments, corporate mega-conglomerates, and citizens. All three of these groups will increasingly tend to put the situation like this:
It's all of them against all of us.