Tor Messenger Beta: Chat over Tor, Easily

Today we are releasing a new, beta version of Tor Messenger, based on Instantbird, an instant messaging client developed in the Mozilla community.

What is it?

Tor Messenger is a cross-platform chat program that aims to be secure by default and sends all of its traffic over Tor. It supports a wide variety of transport networks, including Jabber (XMPP), IRC, Google Talk, Facebook Chat, Twitter, Yahoo, and others; enables Off-the-Record (OTR) Messaging automatically; and has an easy-to-use graphical user interface localized into multiple languages.

What it isn't...

Tor Messenger builds on the networks you are familiar with, so that you can continue communicating in a way your contacts are willing and able to do. This has traditionally been in a client-server model, meaning that your metadata (specifically the relationships between contacts) can be logged by the server. However, your route to the server will be hidden because you are communicating over Tor.

We are also excited about systems like Pond and Ricochet, which try to solve this problem, and would encourage you to look at their designs and use them too.

Why Instantbird?

We considered a number of messaging clients: Pidgin, Adam Langley's xmpp-client, and Instantbird. Instantbird was the pragmatic choice -- its transport protocols are written in a memory-safe language (JavaScript); it has a graphical user interface and already supports many natural languages; and it's a XUL application, which means we can leverage both the code (Tor Launcher) and in-house expertise that the Tor Project has developed working on Tor Browser with Firefox. It also has an active and vibrant software developer community that has been very responsive and understanding of our needs. The main feature it lacked was OTR support, which we have implemented and hope to upstream to the main Instantbird repository for the benefit of all Instantbird (and Thunderbird) users.

Current Status

Today we are releasing a beta version with which we hope to gain both usability and security related feedback. There have been three previous alpha releases to the mailing lists that have already helped smooth out some of the rougher edges.

Downloads (Updated)

Get the latest version

Instructions

  • On Linux, extract the bundle(s) and then run: ./start-tor-messenger.desktop
  • On OS X, copy the Tor Messenger application from the disk image to your local disk before running it.
  • On all platforms, Tor Messenger sets the profile folder for Firefox/Instantbird to the installation directory.

  • Note that as a policy, unencrypted one-to-one conversations are not allowed and your messages will not be transmitted if the person you are talking with does not have an OTR-enabled client. You can disable this option in the preferences to allow unencrypted communication but doing so is not recommended.

Source Code

We are doing automated builds of Tor Messenger for all platforms.

The Linux builds are reproducible: anyone who builds Tor Messenger for Linux should have byte-for-byte identical binaries compared with other builds from a given source. You can build it yourself and let us know if you encounter any problems or cannot match our build. The Windows and OS X builds are not completely reproducible yet but we are working on it.

What's to Come

Our current focus is security, robustness and user experience. We will be fixing bugs and releasing updates as appropriate, and in the future, we plan on pairing releases with Mozilla's Extended Support Release (ESR) cycle. We have some ideas on where to take Tor Messenger but we would like to hear what you have to say. Some possibilities include:

How To Help

Give it a try and provide feedback, requests, and file bugs (choose the "Tor Messenger" component). If you are a developer, help us close all our tickets or help us review our design doc. As always, we are idling on IRC in #tor-dev (OFTC) (nicks: arlolra; boklm; sukhe) and subscribed to the tor-talk/dev mailing lists.

Please note that this release is for users who would like to help us with testing the product but at the same time who also understand the risks involved in using beta software.

Thanks and we hope you enjoy Tor Messenger!

Update: For Windows 10 (and some Windows 7, 8) users who were experiencing an issue in Tor Messenger where it wouldn't start, we have updated the download links above with a newer version that fixes the problem described in bug 17453.

Anonymous

October 30, 2015

Permalink

Downloaded the client, installed it and when I try to run it says:
Instandbird has stopped working

Unfortunately :(
I'm on Windows 7 Ultimate 64 bit

Anonymous

October 30, 2015

Permalink

Tried with 2 Gmail accounts.. on 1, no problems. The other failed, and I got a gmail message saying "someone has your password" - access was blocked due to "unsafe app"

Anonymous

October 30, 2015

Permalink

Win 7 64bit here. Tor Messenger is not working for me. It is just not starting after executing the exe. Compatibility mode (e.g. Win Vista) is not helping either.
In the taskmanager I can see that the Instantbird process is starting (even with ~78MB of RAM usage) and closing after around three seconds. There is no error whatsoever, it is just closing the process and never opening any window.

Anonymous

October 30, 2015

Permalink

Signature du problème :
Nom d’événement de problème: APPCRASH
Nom de l’application: instantbird.exe
Version de l’application: 41.0.0.5729
Horodatage de l’application: 000232e8
Nom du module par défaut: d2d1.dll
Version du module par défaut: 6.2.9200.16765
Horodateur du module par défaut: 528bf6b2
Code de l’exception: c0000005
Décalage de l’exception: 002284f6
Version du système: 6.1.7601.2.1.0.256.48
Identificateur de paramètres régionaux: 1036
Information supplémentaire n° 1: 0a9e
Information supplémentaire n° 2: 0a9e372d3b4ad19135b953a78882e789
Information supplémentaire n° 3: 0a9e
Information supplémentaire n° 4: 0a9e372d3b4ad19135b953a78882e789

Anonymous

October 30, 2015

Permalink

I was able to connect to my Google Apps (for Work) gTalk account, but when I try to connect to a regular gmail gChat account it says Not Authorized and won't connect.

Anonymous

October 30, 2015

Permalink

Hi, thanks for the nice work! I will test it soon.

Are you sure this really supports Facebook chat? I think Facebook dropped its XMPP support sometime earlier this year (see https://developers.facebook.com/docs/chat ) and as far as I can see Instantbird uses XMPP for the Facebook chat.

Anonymous

October 30, 2015

Permalink

You mention in the release notes that it works wit gtalk and facebook, but does this assume thay they have their XMMP endpoints open? Facebook closed theirs a couple of months ago and gtalk only works if the user has not migrated to hangout. Is it sitll valid in those cases?

Anonymous

October 30, 2015

Permalink

My Facebook account doesn't allow me to log in because it is from an unknown location. But this is going to happen all the time, right? What can I do about it?

Anonymous

October 30, 2015

Permalink

LOL, does not accept any username for facebook.

Seriously, why are you pushing out a broken product? Are you developing pc games in your free time?

Jesus.

Works for me but is timing out on "Downloading Contact List..."
Make sure you use your "User Name". NOT the same as what you use to log in. You can find it by going to your profile and grabbing the text after facebook.com/

Anonymous

October 30, 2015

Permalink

The reason why I switched from pidgin to gain as XMPP-Client was that there openpgp plugin allows to send offline-messages to your contacts -- something that doesn't work with OTR. An other tool that allows to send encrypted offline messages is retroshare and at least I think that an messanger that's not capable to send offline messages is quite useless. Personally, I prefer OpenPGP solutions over OTR, mostly because I have to share my public just once and not at every single contact (on the down-side their is no deniability).

Anonymous

October 30, 2015

Permalink

I doubt this is a good idea. With this you basically send the message that it is OK to log via Tor to your personal gmail or facebook account - which obviously defeats the purpose of connecting via Tor on the first place.

The identity of most people is linked to their "normal" accounts, especially on Facebook which enforces a strict "real names" policy.

Furthermore, both gmail or facebook will kick you out if you try to connect via Tor, and that is going to be confusing and furstrating for the vast majority of uninformed users.

Summing up:

- not user friendly
- it encourages super bad OPSEC.

This is not just for Google Talk or Facebook. This is for IRC and Jabber as well, both of which work fine without associating any real identity. Not to mention, like we said in the blog post, a lot of people use Google Talk or Facebook because they have their existing networks there -- we are just providing a secure way for them to use it without revealing their location or the content of their chats, which Tor and OTR take care of quite nicely.

"Not user friendly". We know we can do better. It will help to know the specific concerns.

Anonymous

October 30, 2015

Permalink

Why doesnt TOR work with Jitsi.org I think its the best encrypted chat platform because it also handles end to end encrypted VOIP and video calls, and is open source

Thoughts?

Anonymous

October 30, 2015

Permalink

Is SILC still relevant? At one time there were some SILC servers operating as hidden services. I didn't see an Instantbird add-on for the SILC protocol. Pidgin works and is recommended on the main SILC website.

SILC - Secure Internet Live Conferencing
http://silcnet.org/

Anonymous

October 30, 2015

Permalink

Feedback/Bugreport
The error message you get when running it right from the .dmg on OS X 10.11.1 is not correct: "Profile Missing Your Instantbird profile cannot be loaded. It may be missing or inaccessible."

Expected behaviour: Dialog:"Tor Messenger can not run from the disk image, pls copy to applications folder"

also the window for the "Tor Network Settings" stays ontop of all other windows

Anonymous

October 30, 2015

Permalink

Current version of todays date when connecting to irc networks that have ssl v2/v3 disabled and allow only TLSv1 to v1.2 and high ciphers such as aes256-gcm-sha384
please fix it.

Anonymous

October 30, 2015

Permalink

The messenger tor works, but when you get using the Facebook "message", he warns that the password may be wrong, but is not! everything is right, the other features are OK, but when using the facebook does not work ... I'm on windows 8 64bit ... help!

I had this and it was because I was using Authentication on Facebook. I used the Code Generator on the Facebook App on my iPhone and got a 6 digit code to use as the password.... could it be that causing it for you?

Anonymous

October 30, 2015

Permalink

When attempting to connect via Google Talk, it fails during authentication even though the correct password is presented. I figure this has to do with 2-step verification. Any way around this?

When logged into gmail through Tor browser, I am getting the following warning. Logging in again does not solve it:
"Gmail is having authentication problems. Some features will not work. Try logging in to fix the problem"

The 2 options provided here don't resolve both that error nor the ability to login to Tor Messenger.

If you change your security settings, by turning "access to less secure apps" to on and allow access from new devices/locations, it might connect. This worked for me, hopefully it will for you too.

This is a big issue for usability! Most people do not notice this option exists because they only ever use gtalk through the web interface, but if you try to use pidgin it's a big problem. Tor Messenger already special-cases gmail accounts; it should handle gtalk auth errors with a link to a page with current screenshots of exactly how to do it.

Another usability issue is that Gmail and Facebook use geolocation to detect suspicious activity, and might lock you out if you start coming in through tor; Tor Messenger should at least give a warning about this.

Anonymous

October 30, 2015

Permalink

The press has taken notice of the debut of TM:

http://www.theregister.co.uk/2015/10/30/tor_messenger_a_death_knell_for…
Tor Messenger beta debuts, promises unlogged Jabber for all
Instant messages with onion breath to scare away the spooks
30 Oct 2015
Darren Pauli

For US persons who dare to attend political events, or to reside in cities where Things Happen, ACLU has obtained further evidence that FBI's spy planes do indeed collect electronic evidence:

http://arstechnica.com/tech-policy/2015/10/fbi-planes-gathered-days-of-…
FBI planes gathered days of video, electronic surveillance over Baltimore
Sean Gallagher
30 Oct 2015

Occupy organizers have previously reported interference with their cell phones when a particular police vehicle equipped with a directional roof aerial similar in appearance to military versions of IMSI catchers passed near their locations.

This is a good illustration of why ordinary people need TM.

Anti-war activists, environmentalists, Occupy people: watch out for electronic surveillance of personal communication devices from drones designed for military/police use, such as ScanEagle (made by Insitu), NOVA (made by Altavian), and Qube (made by AeroVironment), which according to FAA are all now operating domestically in "anti-poaching" and "environmental surveillance" [telecom environment?] roles for various US police agencies. Recall that emails leaked from the Italian malware-as-a-service company Hacking Team show that Insitu was interested in serving malware from its drones. NSA has for many years served malware from military drones, apparently including Scan Eagles operating in Africa. See

https://theintercept.com/drone-papers

According to FAA, Dow Chemical and BNSF are among the mega-corporations operating Chinese manufactured "patrol drones", and these could conceivably be re-purposed to attack demonstrators. There are preliminary indications that dozens of US drone start ups are marketing activist-surveillance-as-a-service to companies associated with the big banks.

Oppression everywhere, and it is very quickly getting much worse. The appropriate response: redouble our determination to oppose oppression of dissidents and to expose state-sponsored human rights violations and other criminality. In particular, we must bring to justice the baby-killing hospital bombing drone assassins and those who enable CIA-sponsored kidnapping/torture.

> Does this run on Tails? If not, is there a way to set it up?

Plus one.

Could one disable javascript in Tor Browser but still use TM? (It seems that Javascript can be exploited by bad guys attacking the browser. And can't TBB people fix that bug where latest FireFox ignores the default image loading setting?).

> you can register XMPP accounts from Tor Messenger (in-band) if the server supports it. You don't need an existing account. (This is not true for Facebook, Google Talk or Twitter, where you do need existing accounts for Tor Messenger to work.)

Can one do that safely? Can you work with riseup.net to provide a TM-friendly chat server? Note that leaked emails from Hacking Team show that Czech police targeted the riseup mail server, so the threat model must at a minimum include companies like Gamma and Hacking Team. For this reason, please seek an outside audit of TM.

Anonymous

October 30, 2015

Permalink

> Matthew Green, one of the people who audited Truecrypt, postulated the NSA has solved some of the issues surrounding ECDLP (Elliptic Curve Discreete Logarithm Problem). "A riddle wrapped in a curve" (http://blog.cryptographyengineering.com/)

Second that. This is a very important issue for Tor people to track.

> Since its conception and rollout by Netscape till today, hundreds of security holes have been discovered in JavaScript.

That was my first thought too.

> The point was that JavaScript is a memory managed language, which theoretically eliminates a certain class of exploits. Further, as you said, Mozilla's JS VM has been in production for quite some time and seen some battle hardening.

More details might help encourage the doubters. And obtaining an independent security audit of TM, especially as part of a future edition of Tails, should be an important goal.

Look, it isn't that Javascript is particularly bad as a language. Other than that it has some issues from being designed in an era where security wasn't at the forefront as much, it isn't really any worse than any other language with a similar sized library. For example, it isn't particularly worse than Java. The problem isn't the language itself, it's that the primary (original) use of the language was to allow code on a foreign computer to execute on yours, and it has a larger attack surface than HTML and CSS (possibly by orders of magnitude.)
That means that Javascript has gotten a bad reputation in some parts of the security community, but that reputation is only really relevant for Javascript on a webpage that isn't fully trusted by the user. Javascript potentially allows websites to run harmful code on your computer, but if you're running a program on your computer it doesn't matter that it uses Javascript because it's already running on your computer.

Anonymous

October 30, 2015

Permalink

> Yes, this is on purpose because we don't want users clicking their links and opening a browser that is not Tor Browser. We will fix this in future releases by being smart about it -- by detecting Tor Browser and opening the link there, or by giving you an option of choosing what to do with the link. For now, we decided that we don't want users clicking on links by mistake so that is why they are disabled. (#13618 on Trac.)

I think that is a good design decision, sukhbir. Glad to see you are thinking about things like potential user Epic Fail, because our enemies certainly are.

Anonymous

October 30, 2015

Permalink

I'm having the same problem! While trying to connect to Facebook and Gmail like 3 or 4 times I get the not correct password message. Both are on 2-step verification and I'm on Ubuntu 15.10! I'll check out the site you posted above!

Anonymous

October 30, 2015

Permalink

Tried to log to my Facebook account and Tor Messenger wouldn't let me, asking me if I did any mistakes on my password. As I switched back to my regular Facebook page, it read it was blocked as "Someone intended to log in from an "unusual" place, showing me a Map with a pin somewhere between Myanmar and India. I don't know how this might help you guys, but this is definitely not working smoothly on FB.

Anonymous

October 30, 2015

Permalink

Heii, this post sounds interstin, but i don't own a PC
Is it possible to get a Android-Version of it ?

Many greetings
Basti

Chatsecure has tor support. But only with the "orbot" app installed beside it: https://guardianproject.info/apps/orbot/

(You have to tick the "Connect via Tor" option in the account settings or at account setup.)

Just remember. If you're creating new accounts. You must ALWAYS connect with the "use tor" option. Connect just once without tor, and that connection will be logged and your anonymity likely compromised.