But they still warn users not to trust Tor Messenger until it's been more comprehensively audited. The group's developers point out that they've programmed the software in JavaScript wherever possible instead of the libpurple codebase written in C and used by Pidgin and Adium-a piece of code known for its bountiful security bugs. But Tor Messenger is still in beta, and like any early privacy software, it should be approached with caution. The Tor Project, a non-profit whose diverse funding sources range from the US State Department to the National Science Foundation to Reddit, has a strong reputation for releasing secure software. The result is that anyone can download the software and in seconds start sending messages to their pre-existing contacts that are not only strongly encrypted, but tunneled through Tor's maze of volunteer computers around the world to hide the sender's IP address. It's also compatible with the same XMPP or "Jabber" chat protocol used by millions of Facebook and Google accounts, as well as desktop clients like Adium for Mac and Pidgin for Windows. The app, perhaps more than any other desktop instant messaging program, is designed for both simplicity and privacy by default: It integrates the "Off-the-Record" (OTR) protocol to encrypt messages and routes them over Tor just as seamlessly as the Tor Browser does for web data. On Thursday the Tor Project launched its first beta version of Tor Messenger, its long-in-the-works, open source instant messenger client. Now the non-profit Tor Project has officially released another piece of software that could bring that same level of privacy to instant messaging: a seamless and simple app that both encrypts the content of IMs and also makes it very difficult for an eavesdropper to identify the person sending them. "If you still really need XMPP, despite its centralized metadata problems, check out CoyIM.The anonymity network Tor has long been the paranoid standard for privacy online, and the Tor Browser that runs on it remains the best way to use the web while revealing the least identifying data. "Given these circumstances, we decided it's best to discontinue rather than ship an incomplete product," Tor devs said. "We were also ignoring user requests for features and bug reports due to the limited resources we could allocate to the project." "Even after all the releases, Tor Messenger was still in beta, and we had never completed an external audit (there were two internal audits by Tor developers)," the Tor Project said today. This meant servers would still be able to log messages sent between Tor Messenger clients.Īll of this was only exacerbated by the fact that funds were never plentiful for the development team. Tor developers also weren't able to address the client-server architecture problem they promised to fix. While Mozilla chose to integrate Instantbird's chat features into Thunderbird, the Tor team didn't have the resources to continue the development of a separate IM client or rebase Tor Messenger on anything else.Įven if it could have extracted the chat features from the Thunderbird codebase, Tor devs would still have needed a GUI component for their IM client, something they didn't have the resources to cover.īut this wasn't the only issue. Probably the biggest issue that led Tor developers to drop Tor Messenger developers was that Mozilla stopped working on Instantbird, the IM client at the base of Tor Messenger. Tor team encountered problems after problemsīut eleven beta versions later, Tor Messenger development ground to a halt and the Tor team didn't even manage to ship even a single stable version. In layman terms, this meant that all messages would be automatically encrypted and travel over a secure network like Tor, keeping private conversations safe from prying eyes.Īt the time of launch, Tor developers admitted that Tor Messenger wasn't 100% secure, as it was still built on a client-server architecture that allowed servers to log IM metadata, even if the server wasn't able to view the content of the messages.īack then, the Tor team said they were looking into alternatives to this architectural model flaw, which would arrive in future versions. The main attraction point was that Tor Messenger would ship with Off-the-Record (OTR) Messaging enabled by default and would exchange all messages via the Tor network. The Tor Project launched Tor Messenger in October 2015, as an alternative to the multitude of IM clients that were available on the market, at the time. Tor developers cited a multitude of reasons for their decision today, all containing valid reasons, in hindsight. The Tor Project announced today plans to discontinue Tor Messenger, the organization's security-hardened instant messaging application.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |