Tor Messenger 0.3.0b1 is released

We are pleased to announce another public beta release of Tor Messenger. This release features important improvements to the stability and security of Instantbird. All users are highly encouraged to upgrade.

Tor Browser Build

Starting with this release, Tor Messenger will be built on top of Tor Browser instead of Mozilla ESR. This will help us in improving the security of Tor Messenger by making use of Tor Browser's patches. We will also try to keep in sync with the Tor Browser stable release cycle.

Secure Updates

Tor Messenger 0.2.0b2 users will be automatically prompted to install the update (similar to Tor Browser). On installing and restarting, the update will be applied; your account settings and OTR keys will be preserved.

Downloads

Please note that Tor Messenger is still in beta. The purpose of this release is to help test the application and provide feedback. At-risk users should not depend on it for their privacy and safety.

Linux (32-bit)

Linux (64-bit)

Windows

macOS

sha256sums-unsigned-build.txt
sha256sums-unsigned-build.txt.asc

The sha256sums-unsigned-build.txt file containing hashes of the bundles is signed with the key 0xB01C8B006DA77FAA (fingerprint: E4AC D397 5427 A5BA 8450  A1BE B01C 8B00 6DA7 7FAA). Please verify the fingerprint from the signing keys page on Tor Project's website.

Changelog

Tor Messenger 0.3.0b1 -- 22 November 2016

  • All Platforms
    • Use the tor-browser-45.5.0esr-6.0-1 branch (e5dafab8) on tor-browser
    • Use the THUNDERBIRD_45_4_0_RELEASE tag on comm-esr45
    • Update ctypes-otr to 0.0.3
    • Trac 16489: Only show "close" button on Windows
    • Trac 16491: Contact list entries don't adapt to the actual font size
    • Trac 16536: Investigate Tor Browser patches relevant to Tor Messenger
    • Trac 17471: Investigate Tor Browser preferences relevant to Tor Messenger
    • Trac 17480: Make url linkification toggleable
    • Trac 19816: Build process should generate mar files
    • Trac 20205: Support SASL ECDSA-NIST256P-CHALLENGE
    • Trac 20208: Put conversations on hold by default
    • Trac 20231: Remove incomplete translations
    • Trac 20276: Fix toggling sounds
    • Trac 20608: Use Instantbird app version
    • Bugzilla 1246431: Properly handle incoming xmpp server messages
    • Bugzilla 1313137: Fix irc "msg is not defined" error
    • Bugzilla 1316000: Remove old Yahoo! Messenger support
  • Mac
    • Trac 20204: Windows don't drag on macOS Sierra
    • Trac 20206: Avoid prompting to download font "Osaka" on macOS Sierra
    • Trac 20207: IB and Tor Messenger still share a notification key
  • Windows
    • Trac 20062: Make stripping signatures reproducible on TM .exe files
Anonymous

November 28, 2016

Permalink

would it be better if the tbb came with tor messenger so like there bundled together

Anonymous

November 29, 2016

Permalink

Followed the procedures here https://www.torproject.org/docs/verifying-signatures.html.en to verify the package and ended with this:

gpg --verify tor-messenger-linux64-0.3.0b1_en-US.tar.xz{.asc*,}

gpg: Signature made Tue 22 Nov 2016 08:48:45 AM WET using RSA key ID 6DA77FAA
gpg: BAD signature from "Sukhbir Singh "

But the link says that the "output should say "Good signature":" But this isn't the case here.

Is the package altered or what?

But no tor-messenger-linux64-0.3.0b1_en-US.tar.xz.asc is provided, so that won't work.

What you want to do is download the sha256sums-unsigned-build.txt (and .asc for that), then

gpg --verify sha256sums-unsigned-build.txt.asc

that'll give you a good signature.

Next, look at the shas in that file (sha256sums-unsigned-build.txt), and run

shasum -a 256 tor-messenger-linux64-0.3.0b1_en-US.tar.xz

they should match,

f5a4aa5bcd096ecc4a2788eaca3c7978c42d058cde101635421798ca638ece5a

Anonymous

November 29, 2016

Permalink

Is OMEMO support coming? OTR just doesn't work when you have multiple devices, or need a group chat.

Anonymous

December 03, 2016

Permalink

Some confusion here... I gather that TM is not in itself a messenger meaning I cannot give an ID to another TM user and chat.

If correct, then what chat options does one have and is there an FAQ explaining how to implement them.

Thanks.

You're correct in that Tor Messenger is not an identity provider, and does not host a network. It implements the client side of transport protocols you may already be familiar with, like XMPP, IRC, and Twitter.

You would need to register an account for one of those services and then enter that information in TM to connect. You can then distribute the id to your contacts.

Hopefully that's clear.