Tor at the Heart: Tor Messenger
During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom. Donate today!
Tor Messenger is a cross-platform chat program that aims to be secure by default and sends all of its traffic over Tor. It supports a wide variety of transport networks, including XMPP, IRC, Twitter, and others; enables Off-the-Record (OTR) Messaging automatically; has an easy-to-use graphical user interface; and has a secure automatic updater.
Tor Messenger builds on the networks you are familiar with, so you can continue communicating in a way your contacts are willing and able to do.
It's based on Instantbird, an instant messaging client developed in the Mozilla community, and leverages both the code (Tor Launcher, updater) and in-house expertise that the Tor Project has garnered working on Tor Browser with Firefox.
It was launched in Oct. 2015 and has since been receiving steady security and stability releases. However, there remain a few important items on the short term roadmap,
- Making the build reproducible on more platforms (so far only Linux)
- Porting some Tor Button-like features (security slider, new circuit for site)
- Taking advantage of Yawning's sandboxing work
- Translations and documentation
- Engaging an independent audit
This summer, the team participated in GSoC, helping to mentor a project implementing CONIKS. CONIKS is a key verification system with the goal of easing the burden of key management for end-users, while at the same time not asking users to trust their communication providers to act in their interest. An alpha release was recently tagged.
At the Tor developers' meeting in Seattle this past September, we held several sessions on messaging. One of the goals was to help determine where to take Tor Messenger in the future. The consensus was that we should be focused on eliminating metadata, both in the currently supported networks (where this might materialize as rosterless communication or having temporary identities), or incorporating new networks with architectures like those found in other onion messaging systems. There are many unsolved problems here, like balancing serverless communication with presence detection and asynchronous messaging, and we're excited to help push the field forward.