Sunsetting Tor Messenger

In 2015, we introduced Tor Messenger, a cross-platform chat program that aimed to be secure by default by sending all of its traffic over Tor and enforcing encrypted one-to-one conversations by bundling and using OTR (Off-the-Record) messaging. The aim was to provide a chat client that supported a wide variety of transport networks like Jabber (XMPP), IRC, Google Talk, Facebook, Twitter; had an easy-to-use graphical interface; and configured most of the security and privacy settings automatically with minimal user intervention.

When we released the first version, we tried to clearly identify the limitations of such a product: Tor Messenger was meant for communicating over existing social networks. This meant that in such a client-server model, your metadata could be logged by the server, but your route to the server would be not be disclosed because it would be over Tor, and your communications would be encrypted with Off-the-Record messaging. We still thought this was a better alternative than the other products in the market, such as Pidgin, because it had safer and secure default configurations.

Eleven beta releases later, we have, sadly, decided to discontinue supporting Tor Messenger. Here's why:

1. Instantbird Development Has Halted

Tor Messenger is based on Instantbird (see the original blog post on why we picked Instantbird), a product that is no longer maintained by its developers. While the chat features will be ported over to Thunderbird as they share the same codebase, the UI itself is no longer developed. The necessity of porting to Thunderbird also gave us the opportunity to step back and assess progress -- the adoption of Tor Messenger was low and the real need is for metadata-free alternatives.

2. The Metadata Problem

As described above, a centralized client-server architecture suffers from metadata leaks and Tor Messenger inherits those problems while being unable to mitigate them. Metadata leaks information about participants and their social graphs, and while it does not reveal the actual data, it can reveal patterns about your communication: who your friends are, when you talk to them, how much you talk to them, etc.

3. Limited Resources

Even after all the releases, Tor Messenger was still in beta and we had never completed an external audit (there were two internal audits by Tor developers). We were also ignoring user requests for features and bug reports due to the limited resources we could allocate to the project. Given these circumstances, we decided it's best to discontinue rather than ship an incomplete product.

Existing Users and Recommendations

We alas recognize that this step doesn't leave users with many good options. Check out EFF's series about secure messaging to get up to speed on what to consider in a messenger. If you still really need XMPP, despite its centralized metadata problems, check out CoyIM.  

Questions?

We realize this announcement may raise some questions, so please feel free to use the comment section below and we will try to address them. We apologize for any inconvenience this may have caused.

We still believe in Tor's ability to be used in a messaging app, but sadly, we don't have the resources to make it happen right now. Maybe you do?

Very interesting, but I cannot see any mention of its desktop version and open source code yet. Seems very young project. Looks like their model are payed accounts (see "pricing") for some or all categories (not clear for me yet).

Anonymous

April 04, 2018

Permalink

Is there a special trick to download Tor Messenger?

All I get is
The requested URL /tormessenger/0.5.0b1/tormessenger-install-0.5.0b1_en-US.exe was not found on this server.

Anonymous

April 04, 2018

Permalink

OMEMO does not need MAM(Messanges arxiv). Please register on server 404.city ​​and see for yourself. At 404, MAM is off and everything works fine

Anonymous

April 05, 2018

Permalink

@ Tor Project: it would be useful to post a comparision of the mentioned "anonymous encrypted chat" softwares mentioned above, using a sensible list of evaluations, such as whether chats are stored in a centralized location, are securely encrypted end to end, ease of obtaining an anonymously registered account (presumably meaning free as in free beer) on a server offering the protocol, etc.

Anonymous

April 05, 2018

Permalink

Does this mean the Tor Project will return the hundreds of thousands of dollars it accepted to deliver a finished product?

Anonymous

April 24, 2018

Permalink

I ditched Matrix/Riot ever since it is funded by a Blockchain (Etherum) Startup and wants to integrate Blockchain based apps (widgets).

The blockchain technology is still anything but sustainable (waste of natural resources), essentially implements a ponzi scheme (encouraging speculation and hypercapitalism) and it is questionable how free and decentralized it really is (who really has the power to decide where the next fork goes?). And I question if this technology will make our world more fair and just as it is marketed, if it is in the interested of the people or rather the ones that are pushing this technology on this planet (whoever they are and whatever their true interest is).

I therefore prefer to stick with good old XMPP, a standard that prompotes federation and decentralization that works in the interest of the people. And yes, secure and private chat with XMPP is not at all that easy (with all the different solutions and levels of implemenation quality).

Anonymous

May 09, 2018

Permalink

You should try Tox https://tox.chat. It's a p2p free and open source messenger that works over Tor. It has audio and video chats and allows sending files. It has group conversations as well. There are desktop and mobile clients. It hasn't had an audit yet but it's worth looking into.

Join the discussion...

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

9 + 3 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.