[tor-dev] Tor Messenger Beta: Chat over Tor, Easily

Sukhbir Singh azadi at riseup.net
Thu Oct 29 21:12:00 UTC 2015


Hi,

Today we are releasing a new, beta version of Tor Messenger, based on
Instantbird [0], an instant messaging client developed in the Mozilla
community.

* What is it?

Tor Messenger is a cross-platform chat program that aims to be secure by
default and sends all of its traffic over Tor.  It supports a wide variety of
transport networks, including Jabber (XMPP), IRC, Google Talk, Facebook Chat,
Twitter, Yahoo, and others; enables Off-the-Record (OTR) Messaging [1]
automatically; and has an easy-to-use graphical user interface localized into
multiple languages.

* What it isn't...

Tor Messenger builds on the networks you are familiar with, so that you can
continue communicating in a way your contacts are willing and able to do. This
has traditionally been in a client-server model, meaning that your metadata
(specifically the relationships between contacts) can be logged by the server.
However, your route to the server will be hidden because you are communicating
over Tor.

We are also excited about systems like Pond [2] and Ricochet [3], which try to
solve this problem, and would encourage you to look at their designs and use
them too.

* Why Instantbird?

We considered a number of messaging clients: Pidgin, Adam Langley's
xmpp-client, and Instantbird. Instantbird was the pragmatic choice -- its
transport protocols are written in a memory-safe language (JavaScript); it has
a graphical user interface and already supports many natural languages; and
it's a XUL application, which means we can leverage both the code (Tor
Launcher) and in-house expertise that the Tor Project has developed working on
Tor Browser with Firefox. It also has an active and vibrant software developer
community that has been very responsive and understanding of our needs. The
main feature it lacked was OTR support, which we have implemented [4] and hope
to upstream to the main Instantbird repository for the benefit of all
Instantbird (and Thunderbird) users.

* Current Status

Today we are releasing a beta version with which we hope to gain both
usability and security related feedback. There have been three previous alpha
releases to the mailing lists that have already helped smooth out some of the
rougher edges.

* Downloads

Linux (32-bit)
    https://dist.torproject.org/tormessenger/0.1.0b2/tor-messenger-linux32-0.1.0b2_en-US.tar.xz
    
Linux (64-bit)
    https://dist.torproject.org/tormessenger/0.1.0b2/tor-messenger-linux64-0.1.0b2_en-US.tar.xz

Windows
    https://dist.torproject.org/tormessenger/0.1.0b2/tormessenger-install-0.1.0b2_en-US.exe

OS X
    https://dist.torproject.org/tormessenger/0.1.0b2/TorMessenger-0.1.0b2-osx64_en-US.dmg

sha256sums
    https://dist.torproject.org/tormessenger/0.1.0b2/sha256sums.txt
    https://dist.torproject.org/tormessenger/0.1.0b2/sha256sums.txt.asc

The sha256sums.txt file containing hashes of the bundles is signed with the
key 0x6887935AB297B391 (fingerprint: 3A0B 3D84 3708 9613 6B84  5E82 6887 935A
B297 B391).

* Instructions

- On Linux, extract the bundle(s) and then run: ./start-tor-messenger.desktop
- On OS X, copy the Tor Messenger application from the disk image to your
  local disk before running it.

On all platforms, Tor Messenger sets the profile folder for
Firefox/Instantbird to the installation directory.

- Note that as a policy, unencrypted one-to-one conversations are not allowed
  and your messages will not be transmitted if the person you are talking with
  does not have an OTR-enabled client. You can disable this option in the
  preferences to allow unencrypted communication but doing so is not
  recommended.

* Source Code

We are doing automated builds [5] of Tor Messenger for all platforms.

The Linux builds are reproducible: anyone who builds Tor Messenger for Linux
should have byte-for-byte identical binaries compared with other builds from a
given source. You can build it yourself [6] and let us know if you encounter
any problems or cannot match our build. The Windows and OS X builds are not
completely reproducible yet but we are working on it [7].

* What's to Come

Our current focus is security, robustness and user experience. We will be
fixing bugs and releasing updates as appropriate, and in the future, we plan
on pairing releases with Mozilla's Extended Support Release (ESR) cycle. We
have some ideas on where to take Tor Messenger but we would like to hear what
you have to say. Some possibilities include:

- Reproducible builds for Windows and OS X (#10942)
- Sandboxing (#10943)
- Automatic updates (#14388)
- Improved Tor support (#10950)
- OTR over Twitter DMs (#13312)
- Produce (and distribute) internationalized builds (#10945)
- Secure multi-party communication (np1sec) [8]
- Encrypted file-transfers
- Usability study

* How To Help

Give it a try and provide feedback, requests, and file bugs [9] (choose the
"Tor Messenger" component). If you are a developer, help us close all our
tickets [10] or help us review our design doc [11]. As always, we are idling
on IRC in #tor-dev (OFTC) (nicks: arlolra; boklm; sukhe) and subscribed to the
tor-talk/dev mailing lists.

Please note that this release is for users who would like to help us with
testing the product but at the same time who also understand the risks
involved in using beta software.

Thanks and we hope you enjoy Tor Messenger!

[0] - http://instantbird.com
[1] - https://otr.cypherpunks.ca
[2] - https://pond.imperialviolet.org
[3] - https://ricochet.im
[4] - https://github.com/arlolra/ctypes-otr
[5] - https://gitweb.torproject.org/tor-messenger-build.git
[6] - https://gitweb.torproject.org/tor-messenger-build.git/tree/README
[7] - https://trac.torproject.org/projects/tor/ticket/10942
[8] - https://github.com/equalitie/np1sec
[9] - https://trac.torproject.org/projects/tor/newticket
[10] - https://trac.torproject.org/projects/tor/query?status=!closed&component=Tor+Messenger
[11] - https://trac.torproject.org/projects/tor/wiki/doc/TorMessenger/DesignDoc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20151029/627b5957/attachment.sig>


More information about the tor-dev mailing list