Naked Security Naked Security

Tor Project releases anonymous Messenger app beta

The Tor Project has launched a new Messenger app that combines Tor with OTR to offer private chats across a variety of popular messaging services.

shutterstock_229047229

Anyone who is concerned about their privacy, or the potential impact of government surveillance on their lives, will be pleased to learn that The Onion Router (TOR) Project has released a new, easy-to-use, beta version of its Tor Messenger client.

Based on Instantbird, a cross-platform instant messenger tool developed by the Mozilla community, it has been designed with privacy in mind. The Tor messenger allows users to chat securely across a range of popular messaging services, including Facebook Chat, Twitter, Google Talk and Jabber, prompting developer Sukhbir Singh to say:

Tor Messenger builds on the networks you are familiar with, so that you can continue communicating in a way your contacts are willing and able to do.

The new chat tool protects location and routing information by using Tor – which could allow Facebook users, for instance, to chat with friends, even if they reside in countries where the service is blocked. While data in transit is covered by the OTR (Off-The-Record) protocol, which requires the two parties to engage in a one-time swap of a secret key in order to decode the messages they send each other.

Unlike similar instant messaging clients, such as Adium and Pidgin, which can also be set up for encrypted chat sessions, the new Tor Messenger will enforce encrypted chats “out of the box.” Though it should be noted that the default settings will prevent messages being sent to someone that does not have support for OTR on their end.

There is a workaround to that though – if your chat partner does not have an OTR-enabled client, you can disable the OTR option in preferences in order to allow unencrypted communication. As you may imagine though, the Tor Project files that option under a heading of “not recommended.”

Singh explained why the team settled for Instantbird, saying it was a “pragmatic choice” that allowed them to use code and expertise developed for the Tor Browser which is built on top of Firefox, another XUL application developed from Mozilla.

He did, however, explain how there had been some teething issues with the new beta version of Messenger, especially for those users installing the Windows version. Singh said the team was continuing to look into bug reports and issue fixes via updates as quickly as it could while highlighting the fact that the current version was far from the finished product:

Please note that this release is for users who would like to help us with testing the product but at the same time who also understand the risks involved in using beta software.

If that statement hasn’t put you off, Tor Messenger beta is available in Linux (32-bit and 64-bit), Windows and OS X versions, each of which can be be downloaded from the developer’s site, where you will also find installation instructions. If you want to know more about how to setup Tor Messenger, Ars Technica has published a guide here which should have you up and running in a matter of minutes.

Speaking to The Verge, Singh said “it’s just not Tor. It’s Tor and OTR. Tor gives us location anonymity. OTR gives us encryption and secrecy,” though he did stress how no-one should expect complete anonymity at this stage in Messenger’s development.

Indeed, complete anonymity is not guaranteed even after Messenger comes out of beta – someone will always be looking to exploit vulnerabilities in Tor projects – so be sure to keep your installation fully patched and up to date.


Image of TOR through Magnifying Glass courtesy of Shutterstock.com