Tor Project launched its first beta version of Tor Messenger – its long-in-the-works, open source instant messenger client based on Instantbird. The Messenger is designed for both simplicity and privacy by default: It integrates the “Off-the-Record” (OTR) protocol to encrypt messages and routes them over Tor just as seamlessly as the Tor Browser does for web data. It’s also compatible with the same XMPP or “Jabber” chat protocol used by millions of Facebook and Google accounts, as well as desktop clients like Adium for Mac and Pidgin for Windows.
What is it?
Tor Messenger is a cross-platform chat program that aims to be secure by default and sends all of its traffic over Tor. It supports a wide variety of transport networks, including Jabber (XMPP), IRC, Google Talk, Facebook Chat, Twitter, Yahoo, and others; enables Off-the-Record (OTR) Messaging automatically; and has an easy-to-use graphical user interface localized into multiple languages.
What it isn’t…
Tor Messenger builds on the networks you are familiar with, so that you can continue communicating in a way your contacts are willing and able to do. This has traditionally been in a client-server model, meaning that your metadata (specifically the relationships between contacts) can be logged by the server. However, your route to the server will be hidden because you are communicating over Tor.
sha256sums.txt file containing hashes of the bundles is signed with the key:
3A0B 3D84 3708 9613 6B84 5E82 6887 935A B297 B391).
- On Linux, extract the bundle(s) and then run:
- On OS X, copy the Messenger application from the disk image to your local disk before running it.
On all platforms, Tor Messenger sets the profile folder for Firefox/Instantbird to the installation directory.
Note that as a policy, unencrypted one-to-one conversations are not allowed and your messages will not be transmitted if the person you are talking with does not have an OTR-enabled client. You can disable this option in the preferences to allow unencrypted communication but doing so is not recommended.
Tor Messenger team is doing an automated builds of Tor Messenger for all platforms.
The Linux builds are reproducible: anyone who builds Tor Messenger for Linux should have byte-for-byte identical binaries compared with other builds from a given source. You can build it yourself. The Windows and OS X builds are not completely reproducible yet but the team is working on it.
What’s to Come
Current focus is security, robustness and user experience. Some possibilities include:
- Reproducible builds for Windows and OS X
- Automatic updates
- Improved Tor support
- OTR over Twitter DMs
- Produce (and distribute) internationalized builds
- Secure multi-party communication (np1sec)
- Encrypted file-transfers
- Usability study
“Please note that this release is for users who would like to help us with testing the product but at the same time who also understand the risks involved in using beta software. As such, don’t rely on this product for strong anonymity just yet.”