Fwd: [tor-dev] Tor Messenger Beta: Chat over Tor, Easily

Razer Rayzer at riseup.net
Thu Oct 29 15:24:52 PDT 2015 


On 10/29/2015 02:29 PM, coderman wrote:
> ---------- Forwarded message ----------
> From: Sukhbir Singh <azadi at riseup.net>
> Date: Thu, 29 Oct 2015 17:12:00 -0400
> Subject: [tor-dev] Tor Messenger Beta: Chat over Tor, Easily
>
> Hi,
>
> Today we are releasing a new, beta version of Tor Messenger, based on
> Instantbird [0], an instant messaging client developed in the Mozilla
> community.

Unlike InstantBird on which it appears to be based, it manages to tackle
the Twitter Security question that occurs when using tor. I was having
no luck with Instantbird. Have yet to check anything besides twitter but
so far so good.

RR

>
> * What is it?
>
> Tor Messenger is a cross-platform chat program that aims to be secure by
> default and sends all of its traffic over Tor.  It supports a wide variety of
> transport networks, including Jabber (XMPP), IRC, Google Talk, Facebook Chat,
> Twitter, Yahoo, and others; enables Off-the-Record (OTR) Messaging [1]
> automatically; and has an easy-to-use graphical user interface localized into
> multiple languages.
>
> * What it isn't...
>
> Tor Messenger builds on the networks you are familiar with, so that you can
> continue communicating in a way your contacts are willing and able to do. This
> has traditionally been in a client-server model, meaning that your metadata
> (specifically the relationships between contacts) can be logged by the server.
> However, your route to the server will be hidden because you are communicating
> over Tor.
>
> We are also excited about systems like Pond [2] and Ricochet [3], which try to
> solve this problem, and would encourage you to look at their designs and use
> them too.
>
> * Why Instantbird?
>
> We considered a number of messaging clients: Pidgin, Adam Langley's
> xmpp-client, and Instantbird. Instantbird was the pragmatic choice -- its
> transport protocols are written in a memory-safe language (JavaScript); it has
> a graphical user interface and already supports many natural languages; and
> it's a XUL application, which means we can leverage both the code (Tor
> Launcher) and in-house expertise that the Tor Project has developed working on
> Tor Browser with Firefox. It also has an active and vibrant software developer
> community that has been very responsive and understanding of our needs. The
> main feature it lacked was OTR support, which we have implemented [4] and hope
> to upstream to the main Instantbird repository for the benefit of all
> Instantbird (and Thunderbird) users.
>
> * Current Status
>
> Today we are releasing a beta version with which we hope to gain both
> usability and security related feedback. There have been three previous alpha
> releases to the mailing lists that have already helped smooth out some of the
> rougher edges.
>
> * Downloads
>
> Linux (32-bit)
>     https://dist.torproject.org/tormessenger/0.1.0b2/tor-messenger-linux32-0.1.0b2_en-US.tar.xz
>
> Linux (64-bit)
>     https://dist.torproject.org/tormessenger/0.1.0b2/tor-messenger-linux64-0.1.0b2_en-US.tar.xz
>
> Windows
>     https://dist.torproject.org/tormessenger/0.1.0b2/tormessenger-install-0.1.0b2_en-US.exe
>
> OS X
>     https://dist.torproject.org/tormessenger/0.1.0b2/TorMessenger-0.1.0b2-osx64_en-US.dmg
>
> sha256sums
>     https://dist.torproject.org/tormessenger/0.1.0b2/sha256sums.txt
>     https://dist.torproject.org/tormessenger/0.1.0b2/sha256sums.txt.asc
>
> The sha256sums.txt file containing hashes of the bundles is signed with the
> key 0x6887935AB297B391 (fingerprint: 3A0B 3D84 3708 9613 6B84  5E82 6887 935A
> B297 B391).
>
> * Instructions
>
> - On Linux, extract the bundle(s) and then run: ./start-tor-messenger.desktop
> - On OS X, copy the Tor Messenger application from the disk image to your
>   local disk before running it.
>
> On all platforms, Tor Messenger sets the profile folder for
> Firefox/Instantbird to the installation directory.
>
> - Note that as a policy, unencrypted one-to-one conversations are not allowed
>   and your messages will not be transmitted if the person you are talking with
>   does not have an OTR-enabled client. You can disable this option in the
>   preferences to allow unencrypted communication but doing so is not
>   recommended.
>
> * Source Code
>
> We are doing automated builds [5] of Tor Messenger for all platforms.
>
> The Linux builds are reproducible: anyone who builds Tor Messenger for Linux
> should have byte-for-byte identical binaries compared with other builds from a
> given source. You can build it yourself [6] and let us know if you encounter
> any problems or cannot match our build. The Windows and OS X builds are not
> completely reproducible yet but we are working on it [7].
>
> * What's to Come
>
> Our current focus is security, robustness and user experience. We will be
> fixing bugs and releasing updates as appropriate, and in the future, we plan
> on pairing releases with Mozilla's Extended Support Release (ESR) cycle. We
> have some ideas on where to take Tor Messenger but we would like to hear what
> you have to say. Some possibilities include:
>
> - Reproducible builds for Windows and OS X (#10942)
> - Sandboxing (#10943)
> - Automatic updates (#14388)
> - Improved Tor support (#10950)
> - OTR over Twitter DMs (#13312)
> - Produce (and distribute) internationalized builds (#10945)
> - Secure multi-party communication (np1sec) [8]
> - Encrypted file-transfers
> - Usability study
>
> * How To Help
>
> Give it a try and provide feedback, requests, and file bugs [9] (choose the
> "Tor Messenger" component). If you are a developer, help us close all our
> tickets [10] or help us review our design doc [11]. As always, we are idling
> on IRC in #tor-dev (OFTC) (nicks: arlolra; boklm; sukhe) and subscribed to the
> tor-talk/dev mailing lists.
>
> Please note that this release is for users who would like to help us with
> testing the product but at the same time who also understand the risks
> involved in using beta software.
>
> Thanks and we hope you enjoy Tor Messenger!
>
> [0] - http://instantbird.com
> [1] - https://otr.cypherpunks.ca
> [2] - https://pond.imperialviolet.org
> [3] - https://ricochet.im
> [4] - https://github.com/arlolra/ctypes-otr
> [5] - https://gitweb.torproject.org/tor-messenger-build.git
> [6] - https://gitweb.torproject.org/tor-messenger-build.git/tree/README
> [7] - https://trac.torproject.org/projects/tor/ticket/10942
> [8] - https://github.com/equalitie/np1sec
> [9] - https://trac.torproject.org/projects/tor/newticket
> [10] - https://trac.torproject.org/projects/tor/query?status=!closed&component=Tor+Messenger
> [11] - https://trac.torproject.org/projects/tor/wiki/doc/TorMessenger/DesignDoc


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20151029/188272f9/attachment-0003.sig>

More information about the cypherpunks mailing list