In October, 29 Tor Project has presented the Tor Messenger – client for popular IM-services like Facebook, Google, Twitter, XMMP and based on Instantbird. OTR (Off-The-Record) Messaging in XMPP-based services are default enabled. General idea of this new messenger – users can communicate with their usual serviсes via Tor tunnels and government or hackers can’t track their client-server routes and location.
Why Instantbird? Tor developers says:
- good GUI and extension support * XUL application – code can be imported from Tor Browser (also Firefox-based)
- big community
- OTR support
Now Tor Messenger can be use in Linux, Windows and OS X. Mobile version isn’t available. Checksum verification and regular updates highly recommend.
Tor Messenger is a Instantbird with the minimal improvements: new logo, additional theme , and some new extensions: ctypes-otr – js-ctypes wrapper for libotr; and Tor Launcher for running Tor tunnel. Every human who uses Firefox can remember this settings window:
Right, this is the Mozilla Firefox – Instantbird made by Mozilla in Firefox style. You can also change some “under the hood” settings in
about:config editor. Maybe if you use Firefox – Instantbird isn’t a bad choice. Some untypical things for Firefox style – default themes: Instantbird has four default themes and supported the color scheme change for every theme. Other themes and extensions is also supported.
Here is all supported services: Facebook Chat (now dropped by Facebook), Google Talk, IRC, Odnoklassniki (Russian social network), Twitter, XMPP, Yahoo.
Shortly – I want more. Seriously, in the scheme
client <-> Tor <-> services we can see a one problem – services. Really, if you use some proprietary services like a Google/Yahoo/Twitter is too hard detect you, but nothing impossible: contact lists, messages, style and others can blow on. The Tor is not a placebo – let’s remember the Silk Road history. Pidgin in my opinion is better than Instantbird, also support OTR and have a larger community. OTR is a great thing, but all clients need to support it: if your XMPP-client don’t support OTR – conversation works without OTR encryption.
Some service like Google use two-factor authentication and location warning (if you authorize from non-typical IP), using Tor with those services is hard.
I don’t recommend this application is serious security use cases, but using can be interested in countries with strong censorship like China or Russia: for example, Google is banned in China.
Tor Messenger today only in beta stage, some features can change in the future. If you are interested in secure chat, please also check the Tox and Matrix articles – this protocols doesn’t use proprietary services. Thanks for reading.