Tor Messenger Beta: Chat over Tor, Easily
WARNING STARTS
As of March 2018, Tor Messenger is no longer maintained and you should NOT use it. Please see the announcement for more information.
WARNING ENDS
Today we are releasing a new, beta version of Tor Messenger, based on Instantbird, an instant messaging client developed in the Mozilla community.
What is it?
Tor Messenger is a cross-platform chat program that aims to be secure by default and sends all of its traffic over Tor. It supports a wide variety of transport networks, including Jabber (XMPP), IRC, Google Talk, Facebook Chat, Twitter, Yahoo, and others; enables Off-the-Record (OTR) Messaging automatically; and has an easy-to-use graphical user interface localized into multiple languages.
What it isn't...
Tor Messenger builds on the networks you are familiar with, so that you can continue communicating in a way your contacts are willing and able to do. This has traditionally been in a client-server model, meaning that your metadata (specifically the relationships between contacts) can be logged by the server. However, your route to the server will be hidden because you are communicating over Tor.
We are also excited about systems like Pond and Ricochet, which try to solve this problem, and would encourage you to look at their designs and use them too.
Why Instantbird?
We considered a number of messaging clients: Pidgin, Adam Langley's xmpp-client, and Instantbird. Instantbird was the pragmatic choice -- its transport protocols are written in a memory-safe language (JavaScript); it has a graphical user interface and already supports many natural languages; and it's a XUL application, which means we can leverage both the code (Tor Launcher) and in-house expertise that the Tor Project has developed working on Tor Browser with Firefox. It also has an active and vibrant software developer community that has been very responsive and understanding of our needs. The main feature it lacked was OTR support, which we have implemented and hope to upstream to the main Instantbird repository for the benefit of all Instantbird (and Thunderbird) users.
Current Status
Today we are releasing a beta version with which we hope to gain both usability and security related feedback. There have been three previous alpha releases to the mailing lists that have already helped smooth out some of the rougher edges.
Downloads (Updated)
Instructions
- On Linux, extract the bundle(s) and then run:
./start-tor-messenger.desktop
- On OS X, copy the Tor Messenger application from the disk image to your local disk before running it.
- Note that as a policy, unencrypted one-to-one conversations are not allowed and your messages will not be transmitted if the person you are talking with does not have an OTR-enabled client. You can disable this option in the preferences to allow unencrypted communication but doing so is not recommended.
On all platforms, Tor Messenger sets the profile folder for Firefox/Instantbird to the installation directory.
Source Code
We are doing automated builds of Tor Messenger for all platforms.
The Linux builds are reproducible: anyone who builds Tor Messenger for Linux should have byte-for-byte identical binaries compared with other builds from a given source. You can build it yourself and let us know if you encounter any problems or cannot match our build. The Windows and OS X builds are not completely reproducible yet but we are working on it.
What's to Come
Our current focus is security, robustness and user experience. We will be fixing bugs and releasing updates as appropriate, and in the future, we plan on pairing releases with Mozilla's Extended Support Release (ESR) cycle. We have some ideas on where to take Tor Messenger but we would like to hear what you have to say. Some possibilities include:
- Reproducible builds for Windows and OS X
- Sandboxing
- Automatic updates
- Improved Tor support
- OTR over Twitter DMs
- Produce (and distribute) internationalized builds
- Secure multi-party communication (np1sec)
- Encrypted file-transfers
- Usability study
How To Help
Give it a try and provide feedback, requests, and file bugs (choose the "Tor Messenger" component). If you are a developer, help us close all our tickets or help us review our design doc. As always, we are idling on IRC in #tor-dev (OFTC) (nicks: arlolra; boklm; sukhe) and subscribed to the tor-talk/dev mailing lists.
Please note that this release is for users who would like to help us with testing the product but at the same time who also understand the risks involved in using beta software.
Thanks and we hope you enjoy Tor Messenger!
Update: For Windows 10 (and some Windows 7, 8) users who were experiencing an issue in Tor Messenger where it wouldn't start, we have updated the download links above with a newer version that fixes the problem described in bug 17453.
> Cannot malicious exit
> Cannot malicious exit nodes eavesdrop facebook or google credentials?
>> No, because TLS is enabled for all protocols by default.
>>> The NSA has found some weak links in the algorithms used to encrypt internet traffic. It means that whatever products or enhancements Tor developers are doing are vulnerable to US government snoops.
>>>
>>> Matthew Green, one of the people who audited Truecrypt, postulated the NSA has solved some of the issues surrounding ECDLP (Elliptic Curve Discrete Logarithm Problem). "A riddle wrapped in a curve" (http://blog.cryptographyengineering.com/)
>>>
>>> If you're still interested read the following post by Bruce Schneier as well: "Why Is the NSA Moving Away from Elliptic Curve Cryptography?" (https://www.schneier.com/blog/archives/2015/10/why_is_the_nsa_.html)
The blog post by Matthew Green at
http://blog.cryptographyengineering.com/
was prompted by a readable paper by Koblitz and Menzies (see the link in MG's blog) which attempts to review the current status of public-key cryptosystems and the most popular candidates for PQC (post-quantum-cryptography). This topic has recently become much more urgent and contentious owing to the following developments:
o documents leaked by Snowden convinced everyone that (as some had long suspected), NSA deliberately weakened a specific part of NIST crypto standard describing a random number generator to be used as part of RSA (the algorithm), and NSA even appears to have bribed RSA (the company) to overlook the crippling of its primary product,
o on the other hand, the black budget leaked by Snowden shows NSA has only been putting tens of millions per annum into research on quantum computers, suggesting that they do not believe that a huge breakthrough is only a few years away, which suggests that PQC may not be urgently needed for some years (unless NSA is wrong about what will be possible in the near future),
o NIST had an (understandable and laudable) falling out with NSA after it learned it had been gulled by NSA operatives,
o NIST sponsored a high profile conference on PQC intended to mobilize civilian cryptographers to get cracking,
o after decades of urging adoption of ECC (elliptic-curve cryptography)--- Koblitz is one the co-inventors of ECC--- NSA suddenly withdrew support and now advocates moving from RSA directly to some PQC scheme, causing everyone to wonder WTF?,
o researchers recently showed that the older DHE schemes are much more vulnerable than previously recognized; this issue directly affects Tor users because Tor client/server pairs use public key cryptography when setting up Tor circuits--- the packets themselves are encrypted using symmetry cryptography--- current Tor prefers to set up circuits using ECDHE, a Diffie-Hellman type scheme using elliptic curves, but still allows the now deprecated DHE.
This is all very technical, but the Koblitz-Menzies paper does a pretty good job of making the key issues somewhat comprehensible to Tor users. Not to missed: the (humorous?) deduction that NSA considers information classified "Top Secret" to be 2^64 times more valuable than information classified "Secret".
I think the situation is so confusing (to non-experts) and so important for educated TBB and TM users to understand that a guest post in this blog by someone of the status of Bruce Schneier or Matthew Green or Jacob Appelbaum clarifying how these issues affect the work flow of typical endangered persons who use Tor (e.g. LUKS encrypted USB sticks as well as (a)symmetric encryption used to establish/maintain Tor circuits) would be useful.
Jacob Appelbaum, who I think has some association with the Tor Project, tweeted a response to Cyrus Farivar's story on TM in Ars Technica which I do not grok. I notice that he also provided pre-publication comments on the paper by Koblitz and Menzies.