Tor Messenger Beta: Chat over Tor, Easily
WARNING STARTS
As of March 2018, Tor Messenger is no longer maintained and you should NOT use it. Please see the announcement for more information.
WARNING ENDS
Today we are releasing a new, beta version of Tor Messenger, based on Instantbird, an instant messaging client developed in the Mozilla community.
What is it?
Tor Messenger is a cross-platform chat program that aims to be secure by default and sends all of its traffic over Tor. It supports a wide variety of transport networks, including Jabber (XMPP), IRC, Google Talk, Facebook Chat, Twitter, Yahoo, and others; enables Off-the-Record (OTR) Messaging automatically; and has an easy-to-use graphical user interface localized into multiple languages.
What it isn't...
Tor Messenger builds on the networks you are familiar with, so that you can continue communicating in a way your contacts are willing and able to do. This has traditionally been in a client-server model, meaning that your metadata (specifically the relationships between contacts) can be logged by the server. However, your route to the server will be hidden because you are communicating over Tor.
We are also excited about systems like Pond and Ricochet, which try to solve this problem, and would encourage you to look at their designs and use them too.
Why Instantbird?
We considered a number of messaging clients: Pidgin, Adam Langley's xmpp-client, and Instantbird. Instantbird was the pragmatic choice -- its transport protocols are written in a memory-safe language (JavaScript); it has a graphical user interface and already supports many natural languages; and it's a XUL application, which means we can leverage both the code (Tor Launcher) and in-house expertise that the Tor Project has developed working on Tor Browser with Firefox. It also has an active and vibrant software developer community that has been very responsive and understanding of our needs. The main feature it lacked was OTR support, which we have implemented and hope to upstream to the main Instantbird repository for the benefit of all Instantbird (and Thunderbird) users.
Current Status
Today we are releasing a beta version with which we hope to gain both usability and security related feedback. There have been three previous alpha releases to the mailing lists that have already helped smooth out some of the rougher edges.
Downloads (Updated)
Instructions
- On Linux, extract the bundle(s) and then run:
./start-tor-messenger.desktop
- On OS X, copy the Tor Messenger application from the disk image to your local disk before running it.
- Note that as a policy, unencrypted one-to-one conversations are not allowed and your messages will not be transmitted if the person you are talking with does not have an OTR-enabled client. You can disable this option in the preferences to allow unencrypted communication but doing so is not recommended.
On all platforms, Tor Messenger sets the profile folder for Firefox/Instantbird to the installation directory.
Source Code
We are doing automated builds of Tor Messenger for all platforms.
The Linux builds are reproducible: anyone who builds Tor Messenger for Linux should have byte-for-byte identical binaries compared with other builds from a given source. You can build it yourself and let us know if you encounter any problems or cannot match our build. The Windows and OS X builds are not completely reproducible yet but we are working on it.
What's to Come
Our current focus is security, robustness and user experience. We will be fixing bugs and releasing updates as appropriate, and in the future, we plan on pairing releases with Mozilla's Extended Support Release (ESR) cycle. We have some ideas on where to take Tor Messenger but we would like to hear what you have to say. Some possibilities include:
- Reproducible builds for Windows and OS X
- Sandboxing
- Automatic updates
- Improved Tor support
- OTR over Twitter DMs
- Produce (and distribute) internationalized builds
- Secure multi-party communication (np1sec)
- Encrypted file-transfers
- Usability study
How To Help
Give it a try and provide feedback, requests, and file bugs (choose the "Tor Messenger" component). If you are a developer, help us close all our tickets or help us review our design doc. As always, we are idling on IRC in #tor-dev (OFTC) (nicks: arlolra; boklm; sukhe) and subscribed to the tor-talk/dev mailing lists.
Please note that this release is for users who would like to help us with testing the product but at the same time who also understand the risks involved in using beta software.
Thanks and we hope you enjoy Tor Messenger!
Update: For Windows 10 (and some Windows 7, 8) users who were experiencing an issue in Tor Messenger where it wouldn't start, we have updated the download links above with a newer version that fixes the problem described in bug 17453.
Comments
Please note that the comment area below has been archived.
Any way for links pasted in
Any way for links pasted in chat to be formatted as clickable hyperlinks?
Yes, this is on purpose
Yes, this is on purpose because we don't want users clicking their links and opening a browser that is not Tor Browser. We will fix this in future releases by being smart about it -- by detecting Tor Browser and opening the link there, or by giving you an option of choosing what to do with the link. For now, we decided that we don't want users clicking on links by mistake so that is why they are disabled. (#13618 on Trac.)
That makes sense and what I
That makes sense and what I assumed. Sounds like you've identified the plan forward with this as well. Thanks and great job!
I need help. I have just
I need help. I have just installed the Tor messenger but 'Add contact', ' New conversation',
'Join chat' are not active.Please advise
Add an account first. You
Add an account first. You could for example use XMPP or an IRC network. All 1-on-1 chats will be automatically OTR-encrypted. If you want to use an XMPP server that has a hidden service, there are several to choose from, but one I tested to work well in Tor Messenger is rows.io (just check their website for information and use in-band registration to create a new account). Of course if you want to actually have a person to talk to, they also need to have an XMPP account somewhere or should be logged into the same IRC network, depending on what you end up using. There are also less privacy-friendly options like Facebook Messenger available, you can also use these depending on what your needs/wishes are into a chat service.
I am trying to get this chat
I am trying to get this chat waorking also...when you go to add a account irc or the other it ask what server you want to use....pick user then server ??????? I have no idea....I am running into the same problem as everyone else trying to log in to my google or facebook account......anyhelp any body ????
Don't use your Google or
Don't use your Google or Facebook accounts, use a Jabber/XMPP account or connect to an IRC network that is Tor-friendly. For example OFTC or Darenet. If you don't have a Jabber account yet, just search the web for a server that sounds good to you and create an account, preferably they offer in-band registration so you can do it right from the Messenger without having to fill in any forms. There are many suitable services, dukgo.com, rows.io, and many more, you also get a free Jabber account if you're member of FSF or FSFE for example. It's really nothing particularly new, these communication protocols have been around for decades now.
I am unable to run it on my
I am unable to run it on my Windows Machine (Win 8.1 Pro 64 bit). I have tried using the compatibility mode for win7 and 8 but nothing worked. Tried running as administrator but it does not change anything. There's no error, when I click on the exe it waits for sometime and then nothing happens.
Other users are reporting
Other users are reporting this issue. It may be related to https://trac.torproject.org/projects/tor/ticket/17453. We are checking and will post an update.
There is now a workaround
There is now a workaround for this issue:
https://trac.torproject.org/projects/tor/ticket/17453#comment:7
Works for me on Win 7 64bit
Works for me on Win 7 64bit
See the update above,
See the update above, there's a new release. This issue should now be fixed.
Why wasn't it checked before
Why wasn't it checked before it was released? if you make such a major misake on one OS, what other faults are there that you haven't checked?
It was checked. It's just
It was checked. It's just that this issue affects some Windows users, not all. The entire purpose of a beta release is to get feedback from users because we cannot check builds on all platforms. (We have updated the builds with the bug fixed.)
Same here on windows 10,
Same here on windows 10, nothing happens after install and run.
Can you try the workaround
Can you try the workaround in the above ticket and let us know if it works for you?
See the update above,
See the update above, there's a new release. This issue should now be fixed.
Can this be safely used on
Can this be safely used on Tails or will this negatively affect security?
We can't say yet. We will
We can't say yet. We will work with the Tails team; they are tracking the progress at: https://labs.riseup.net/code/issues/8577. Until we have an update, don't use it on Tails, or use it at your own discretion. If it works, tell us!
I had posted earlier about
I had posted earlier about tor messenger not working on Win 8.1. Although it works on my Win server 2012 R2 VM.
Most likely related to
Most likely related to https://trac.torproject.org/projects/tor/ticket/17453
See the update above,
See the update above, there's a new release. This issue should now be fixed.
love this!
love this!
Does this run on Tails? If
Does this run on Tails? If not, is there a way to set it up?
We don't know yet but you
We don't know yet but you can follow the progress here: https://labs.riseup.net/code/issues/8577. We will work with the Tails team.
It won't work within the Tor
It won't work within the Tor network. When starting the application terminal gave me this error: There seems to have been a quoting problem with your TOR_CONTROL_PASSWD environment variable. When clicking on OK, the program will start but is NOT connected through the Tor network. If you want to use the program in Tails, use it at own risk!!! No guarentees!
It looks like it works if
It looks like it works if you disable the tor launcher addon and change the proxy port to be that of the default tor proxy of the tails system. I still see the error but I am able to connect to servers on the onion network. There still could be some security issues, so I would be rather cautious about using it with servers on the clearnet.
How To Help: a) i would like
How To Help:
a) i would like an audit for RICOCHET.
b) POND is not yet ready and no one can try it !
c) i would like false address -robot are ok- for testing Tor Messenger Beta.
d) i love ricochet ; will tor messenger be better or different ?
pls, add a comparison !
thx.
c). You can register
c). You can register accounts from within Tor Messenger for XMPP. If the server supports in-band registration, Tor Messenger will create an account for you. No email address or information required.
d). We love Ricochet! We use both products interchangeably. What Tor Messenger aims to provide is a secure way to connect with your friends over existing social networks like XMPP, IRC, Google Talk, while Ricochet is excellent if you don't want to have any metadata about whom you talk with. It depends on your use but we recommend both products.
your comment "d)" I think
your comment "d)" I think clears up the "What it isn't..." section in your main posting. the big difference between tor messenger and ricochet is:
tor sends metadata, but through tor onion routing.
ricochet sends no metadata, but doesn't send messages through onion routing.
correct?
It's not that Tor sends
It's not that Tor sends metadata. It's that because in a client-server model, the server knows your contacts (your metadata). This is not a Tor problem or Tor Messenger problem. And Ricochet sends messages over Tor (that's how it works).
It's that because in a
It's that because in a client-server model, the server knows your contacts (your metadata). This is not a Tor problem or Tor Messenger problem.
Hi sukhbir
Thanks for your effort in trying to create a product for us, Tor users.
Could you or someone else design a Tor-compatible product that is NOT based on the client-server model but instead based on a decentralized model such as, for example, Bitmessage? I understand that in Bitmessage no metadata is being transmitted across the network.
Ricochet peers (users) each
Ricochet peers (users) each have their own Tor onion service running, thereby keeping their communication private within the Tor network and without a central server to collect metadata. It uses onion routing to keep users anonymous.
Using services like Facebook Chat lets you use onion routing to connect, but then Facebook is in a position to gather metadata about who you're communicating with and when, even when concealing the content with OTR.
a) i would like an audit for
a) i would like an audit for RICOCHET
What exactly do you mean by "audit"?
Security audits i suppose it
Security audits
i suppose it is yet done of course.
could eff , ocap or tor devs publish one ?)
i suppose that a special computer with a special program can search and research every fault (hidden or not) or error ( some aggressive tests can improve this 'app').
it is an experimental app and not recommended in hostile environment ; an audit will bring a reputation label and maybe sponsor,donation,support ...
It is possible for computer
It is possible for computer security experts and cryptographers to independently assess the robustness of privacy enhancing technology through careful examination.
i meant using the term
i meant using the term _audit_ to go far ; a step further.
i was not speaking about development for tablet or cellphone (i have not confidence in these gadget made for social network _ ask to a lawyer what is thinking about that or look at the peoples who are taxed - or in jail - for a call or a message made a month, a week before).
it is not done yet for an hostile environment or when you are in danger ( because it should be illegal ? does it need to be approved from police,, army, government, your partner ? is it a proof of concept and nothing more ? a rewrite from an old terminal command with a modern re-looking which tor ? ).
if it is an experimental tool , we are all the beta-testers : so why do the devs or the security experts not open/organize a ricochet day where the users will be guest to communicate each others ... if it can improve the app , why not !
i prefer that the app stay in the hands of the devs than to be integrated in a tor project. i let them decide what will be the future of their creation ; i hope that they will choose to go a step further for you, for us, for our privacy, for finding maybe a free way when you are under survey ... before it was too late.
Make donations to ricochet and tor project , pls.
Thx.
Windows build not working
Windows build not working for me on Windoze 10
Please see
Please see https://trac.torproject.org/projects/tor/ticket/17453. Short story: it seems to be an issue that is affecting some users on Windows. We are checking.
See the update above,
See the update above, there's a new release. This issue should now be fixed.
What about implementing
What about implementing OMEMO encryption?
http://conversations.im/omemo/
Definitely worth
Definitely worth considering.
I've opened https://trac.torproject.org/projects/tor/ticket/17457
Is this something one can
Is this something one can use without have previously registered a chat account somewhere?
Yes, you can register XMPP
Yes, you can register XMPP accounts from Tor Messenger (in-band) if the server supports it. You don't need an existing account. (This is not true for Facebook, Google Talk or Twitter, where you do need existing accounts for Tor Messenger to work.)
any chance explaining what
any chance explaining what "in-band" is ? an example or list of them please
thank champs
It doesn't open on my
It doesn't open on my machine. It gives an error: 0x0000000070C19BD5 made reference to the memory on 0x0000000000000000. The memory can't be written.
If i launch it as admin it just loads but nothing happens, won't open and won't display any error.
Does this require something else in order to work?
Same here.
Same here.
Windows 10? If yes, please
Windows 10? If yes, please see https://trac.torproject.org/projects/tor/ticket/17453.
Thanks for letting me know
Thanks for letting me know and yes, happening in Windows 10. Will wait for some update then.
Update: we have a workaround
Update: we have a workaround on https://trac.torproject.org/projects/tor/ticket/17453#comment:7
See the update above,
See the update above, there's a new release. This issue should now be fixed.
Heyhey, my Windows 8 /64-bit
Heyhey, my Windows 8 /64-bit says "Insufficient system resources exist to complete the requested service."
Are you able to run/install
Are you able to run/install other software?
Yep, me too.
Yep, me too.
Crash Сигнатура
Crash
Сигнатура проблемы:
Имя события проблемы: APPCRASH
Имя приложения: instantbird.exe
Версия приложения: 41.0.0.5729
Отметка времени приложения: 000232e8
Имя модуля с ошибкой: d2d1.dll
Версия модуля с ошибкой: 6.1.7601.17514
Отметка времени модуля с ошибкой: 4ce7b7aa
Код исключения: c0000005
Смещение исключения: 0001f3ba
Версия ОС: 6.1.7601.2.1.0.256.1
Код языка: 1049
Дополнительные сведения 1: 0a9e
Дополнительные сведения 2: 0a9e372d3b4ad19135b953a78882e789
Дополнительные сведения 3: 0a9e
Дополнительные сведения 4: 0a9e372d3b4ad19135b953a78882e789
Is this Windows 10? If yes,
Is this Windows 10? If yes, please report this to https://trac.torproject.org/projects/tor/ticket/17453.
See the update above,
See the update above, there's a new release. This issue should now be fixed.
No. It is win 7sp1 x64
No. It is win 7sp1 x64
I'm excited about Tor
I'm excited about Tor Messenger and really want to try it but downloaded .dmg twice and got the wrong sha256sum. Same number both of time different than original one.
5c0396f876101bd624d500322d7c588d85c844d1
That looks like sha1. Run
That looks like sha1. Run sha256sum on the DMG. It should match.
installed on windows 8.1 x64
installed on windows 8.1 x64 without errors, running doesn't show anything, process explorer shows tor.exe for a few secs. Tor browser runs fine on the same machine.
We are checking. If you have
We are checking. If you have any more information you can provide, please file a ticket with the "Tor Messenger" component.
See the update above,
See the update above, there's a new release. This issue should now be fixed.
Any idea how to get this to
Any idea how to get this to jive with Google Talk? Obviously Google raises alerts when trying to connect to their services via Tor. Makes it tough to use my existing account
Thanks!
This will likely be a common
This will likely be a common problem. We have plans to allow controlling the Tor process from Tor Messenger so you can refresh your circuit and get a new exit node, but that may also not solve the problem. We had (rather, have) a similar issue with TorBirdy and Mike Hearn from Google replied on how to solve this: https://lists.torproject.org/pipermail/tor-talk/2012-October/025923.html. You can try this and it may involve giving your phone number, so be careful with that.
That requires you to disable
That requires you to disable tor, log into gmail to set a cookie, then reenable tor in the same browser for them to see your activity and whitelist you. How do you get the tor browser to stop using tor in order to do this?
I know it's not a proper
I know it's not a proper solution by any shot. But this entire blocking behaviour by Google seems to be random and this is the only solution. In future release, you can refresh your circuit and get a new exit and that might help. But it's not a definitive solution. We know this is a huge problem and we will come up with better ways to handle this in the next release.
It is not a solution. You
It is not a solution. You cannot solve this issue. Google raises an alert every time somebody tries to log into an account from an "unusual place". Google keeps track of where the account owner normally resides and throws a hissy fit every time s/he tries to log in from somewhere else, as determined by geoip location.
The issue is not limited to Tor. It happens when you use a VPN, too. Heck, it happens when you travel abroad, too!
In fact, the issue isn't limited to Google, either. Yahoo does the same. I don't use Facebook, but I suspect that they do the same, too.
There is not much point in supporting these chat protocols in a Tor-dependent messenger. I suggest that you remove them at least until Google, Yahoo, and all the other snoopers decide to become more Tor-friendly.
Not working on windows 7 -
Not working on windows 7 - 64 bit.
It starts and shutdowns in half a second.
Is there a fix ?
Does it start at all or it
Does it start at all or it doesn't even start? We have tested it in Windows 7 and 8 so will need a bit more information here to proceed.
You can try this:
You can try this: https://trac.torproject.org/projects/tor/ticket/17453#comment:7
See the update above,
See the update above, there's a new release. This issue should now be fixed.
Cannot malicious exit nodes
Cannot malicious exit nodes eavesdrop facebook or google credentials?
No, because TLS is enabled
No, because TLS is enabled for all protocols by default.
No, because TLS is enabled
No, because TLS is enabled for all protocols by default.
The NSA has found some weak links in the algorithms used to encrypt internet traffic. It means that whatever products or enhancements Tor developers are doing are vulnerable to US government snoops.
Matthew Green, one of the people who audited Truecrypt, postulated the NSA has solved some of the issues surrounding ECDLP (Elliptic Curve Discreete Logarithm Problem). "A riddle wrapped in a curve" (http://blog.cryptographyengineering.com/)
If you're still interested read the following post by Bruce Schneier as well: "Why Is the NSA Moving Away from Elliptic Curve Cryptography?" (https://www.schneier.com/blog/archives/2015/10/why_is_the_nsa_.html)
Cannot they do a
Cannot they do a man-in-the-middle attack?
Cannot they do a
Cannot they do a man-in-the-middle attack?
No need to do man-in-the-middle attack no more. Direct attack is quicker and saves on resources and manpower.
If I want to uninstall Tor
If I want to uninstall Tor Messenger, is it enough to delete the program's folder? I can't find the program on Control Panel (Windows). Thanks
Deleting the folder should
Deleting the folder should be enough since we do not write outside the folder. (Even the profile is in the folder.) If you find Tor Messenger is creating files outside its installation directory that are leaking information, please file a bug.
hello, when i run malwbites
hello, when i run malwbites shows me riskwaretor mallware. is this ok? thanks
That's odd. Can you file a
That's odd. Can you file a bug with more information on https://trac.torproject.org/projects/tor/newticket. Choose "Tor Messenger" as the component.
Tor Messenger is safe. Check the code :)
maybe malwarebytes did not
maybe malwarebytes did not know about tm, since tm is new beta.
maybe proxy port action of tm looks "suspicious" to malwarebytes
Using Telegram for now, but
Using Telegram for now, but hopefully it his will scale up in utility in a couple of years.
Telegram is not secure, you
Telegram is not secure, you can bet NSA/GCHQ are watching everything on there. Details here: https://web.archive.org/web/20150927213317/http://www.alexrad.me/discou…
Use an OTR client like Pidgin/Jitsi/Adium/etc. for secure chatting until Tor Messenger development advances further.
That site does not include
That site does not include the latest or previously existing features in Telegram, such as encryption of cloud chats, the password layer on top of 2FA, etc.
And essentially that boils down to hacking into one secret chat with one trillion dollars, which is pretty much not worth it. And supposedly you'd notice, as it could take over a day for the keys to exchange. In which you would know that the chat has been compromised. I can post more info.
Here is Telegram's response. https://core.telegram.org/articles/DH_Hash_Collision
Other stuff from customer support: http://i.imgur.com/gTEbbAx.png
Throws the error "Your
Throws the error "Your Instantbird profile cannot be loaded. It may be missing or inaccessible." after runninf .dmg on Mac !!
"On OS X, copy the Tor
"On OS X, copy the Tor Messenger application from the disk image to your local disk before running it."
Problem signature: Problem
Problem signature:
Problem Event Name: APPCRASH
Application Name: instantbird.exe
Application Version: 41.0.0.5729
Application Timestamp: 000232e8
Fault Module Name: d2d1.dll
Fault Module Version: 6.1.7601.17514
Fault Module Timestamp: 4ce7b7aa
Exception Code: c0000005
Exception Offset: 0001f3ba
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 2057
Additional Information 1: 0a9e
Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
Additional Information 3: 0a9e
Additional Information 4: 0a9e372d3b4ad19135b953a78882e789
Windows 10? Please see
Windows 10? Please see https://trac.torproject.org/projects/tor/ticket/17453. Sorry, this seems to be known bug that we will fix in the next release.
See the update above,
See the update above, there's a new release. This issue should now be fixed.
I download Tor Messenger and
I download Tor Messenger and install it but its not opening. I am using window 7 on my PC
Most likely related to
Most likely related to https://trac.torproject.org/projects/tor/ticket/17453
See the update above,
See the update above, there's a new release. This issue should now be fixed.
Hi sukhbir: its transport
Hi sukhbir:
its transport protocols are written in a memory-safe language (JavaScript)
I'm shocked and puzzled as to why Tor developers would consider JavaScript to be safe.
Since its conception and rollout by Netscape till today, hundreds of security holes have been discovered in JavaScript.
Tor developers are a diverse
Tor developers are a diverse group and I'm sure among them are many who hold the same beliefs as you.
The point was that JavaScript is a memory managed language, which theoretically eliminates a certain class of exploits. Further, as you said, Mozilla's JS VM has been in production for quite some time and seen some battle hardening.
I'm curious why you're not
I'm curious why you're not interested in integrating Ricochet's concept of secure, anonymous, server-less communications entirely inside the Tor network into Tor Messenger. It seems to align perfectly with the Tor Project's aims, especially as Tor Browser's functioning (accessing both the outside web and hidden services) is so analogous to Tor Messenger (accessing both outside third party IM servers and a Ricochet-style system of hidden service IM nodes).
Is it just a lack of resources (since you're so busy getting the baseline messaging client up and running)? Do you not like the Ricochet concept enough to integrate it? Do you think there aren't enough people who'd use it to be worth the development effort? Are there other important reasons?
I'm sure the Ricochet developers do good work, but the Tor Project would provide a better implementation, better support, and better auditing simply due to having more funding, better familiarity with Tor, and the sheer number of people focused on your products both inside and outside of the organization.
Are you planning on integrating the Ricochet concept into Tor Messenger in the future (near, medium, or distant/wishlist), or will that never occur?
Thanks for all your hard work.
We love Ricochet. That's why
We love Ricochet. That's why we made sure to point to it in the blog post. Many of us use both Ricochet and Tor Messenger.
The goal for Tor Messenger is to meet people where they are -- so you can have more safety on your side, while still interacting with your friends who e.g. use XMPP and OTR but haven't seen the light yet. While the goal of Ricochet (ok, one of the goals) is to give people a chat approach where there's no "middle", and thus no central point for the adversary to break in and snoop on things.
(In fact, we spent a while over the past few weeks trying to sort out whether the name 'Tor Messenger' would confuse people into thinking that we think this is the one true way, and we think approaches like Pond and Ricochet are not the one true way. We don't think that. We like both approaches.)
Whether one day the Tor Messenger client adds support for the Ricochet protocol is still a matter under discussion by the Tor Messenger folks and the Ricochet developer. One reason against is actually because the Ricochet person wants Ricochet to be an experience (i.e. including a client with good usability), not just a standardized protocol that all sorts of apps can implement and present to the user however they want. One argument on the other side though is that Ricochet is going to have a tough time being its own self-contained network, while also still using Qt (and thus not working well on mobile). More thinking to be done there for sure.
As for the "doing it inside Tor Messenger would provide better familiarity with Tor" angle, we've actually brought the main Ricochet person under our umbrella and we're happy to call him a Tor person now. So we help him, and he helps us, just as much as in the Tor Messenger case.
And lastly, on the funding angle, actually neither project has any funding currently. We're working on helping both of them to fix that.
Thanks for your
Thanks for your response.
Please keep in mind that you're not necessarily restricted to only using Ricochet's protocol for hidden service IM nodes, so if you are interested in the concept but can't come to an agreement with the Ricochet devs or for whatever reason can't integrate it into Tor Messenger, you could always develop your own standardized protocol (e.g. based on TorChat; though the benefits of not having to reinvent the wheel are obvious).
I hope it's possible to integrate Ricochet (or something similar) into Tor Messenger in the future, as they seem like a perfect fit, and I tend to favor single programs that do everything instead of multiple programs that do one thing each (more dev eyes/interest in a larger project, and it's harder to get non-tech users interested in using multiple programs for the same function). It's understandable, though, that the Ricochet developer may not want to lose control of his project (which might occur if it gets submerged into Tor Messenger).
Keep up the good work.
Agreed on all points.
Agreed on all points.
> your friends who e.g. use
> your friends who e.g. use XMPP and OTR but haven't seen the light yet.
By seeing the light, do you mean using Tor or that there is something wrong with using XMPP with OTR?
I use XMPP and OTR (and
I use XMPP and OTR (and Tor). But when I do, because of the XMPP design, there is a central server somewhere out there (probably more than one), which gets to know all my contacts. A bad person could break into that server, and learn the contact lists of all the users. Designs like Ricochet don't have that central server, so they don't have that particular risk.
If we could move everybody in the world over to a Ricochet-like protocol, that would be great. We should totally work towards that. But since it requires a Tor install, many people -- especially those on mobile platforms -- aren't in a position yet to do that easily.
Thanks for the informative
Thanks for the informative reply, arma. I'm very excited about Ricochet too. I hope Ricochet makes it to the mobile phone platform one day also.
An even more secure solution for mobile phones would be having IM software like Ricochet run on a separate (offline) hardware device, similar to JackPair (https://www.jackpair.com). That way the mobile phone could be completely compromised and under targeted surveillance and it would not affect the user's security.
The genius of JackPair is the use of 3.5mm audio jacks as a data transmission channel between the offline hardware device and the cellphone. Virtually eliminating the possibility of a compromised cellphone infecting the offline hardware encryption device through a 3.5mm audio cable.
One step at a time I suppose ;). I believe future secure communications will rely on separate hardware devices treating cellphones as compromised dumb modems. Moving the "endpoint" off the cellphone's hardware and onto the hardware of a secure offline hardware device plugged into the cellphone via a hard to exploit data channel (3.5mm audio jack, Bluetooth maybe, but definitely not Bad USB).
I agree that using
I agree that using "compromised" hardware is an industry business/politic bug and speaking about cellphone or laptop/tablet is useless as long as you will buy a product without any warranty of privacy.
Encrypting the voice is a big & serious challenge.
i do not know if ricochet can be installed on data memory card.
The real challenge could be to convince the industry the necessity of a real product protecting our privacy.
In fact, it is about the contract : the contract is done from, with, for a government (20 peoples ?) nothing involving the consumer and the contract done between a client and a service do include a third unknown person.
*a compromised original product still stay it.
"And lastly, on the funding
"And lastly, on the funding angle, actually neither project has any funding currently. We're working on helping both of them to fix that."
Can you give any more details on this? Who, where, when,...
Does it launch it's own tor
Does it launch it's own tor service or does it require to have Tor Browser opened first and will use its service?
If it starts an independent tor service, can we use it for other apps (curl, torsocks etc)?? You know as we do with tor browser for example (redirecting apps to 127.0.0.1:9150).
Thanks.
It launches its own Tor
It launches its own Tor service. This is a feature, in that it simplifies everything from your perspective, but it's also sort of sad in that it would be nice for you to be able to run many applications at once, and they all use a single Tor client, and also they do it safely. We're not there yet though:
https://trac.torproject.org/projects/tor/wiki/org/meetings/2015SummerDe…
And yes, if you want to attach some other program to the Tor that Tor Messenger launches, feel free.
The socks address for tor
The socks address for tor messenger is 127.0.0.1:9152
I managed to run the
I managed to run the messenger part individually (debian:jessie) while my regular tor was on and configured the socks5 proxy as above. It worked fine but a way to check whether it is actually trafficking through tor or not would be nice. In the same manner it should work under tails as well.
The only account I had to try it on was twitter and it looked like an old messenger (no pics or video, just links you would have to manually transfer to a browser)
I couldn't figure out how to check a #hash channel but somehow it knew who of my followed identities were on at the time.
You can twitt just fine and you can RT but there was no way to FV something.
I can't say much about a messenger since I haven't used one for ages (!Y maybe 12-13 years ago) ..
So what's the deal with 9152 instead of 9150?
It doesn't work at all,
It doesn't work at all, Windows 7 64bit, Windows 8.1 32bit, and Windows 10 64bit.
Faulting application name: instantbird.exe, version: 41.0.0.5729, time stamp: 0x000232e8
Faulting module name: d2d1.dll, version: 6.2.9200.16765, time stamp: 0x528bf6b2
Exception code: 0xc0000005
Fault offset: 0x002284f6
Faulting process id: 0x1728
Faulting application start time: 0x01d112c2de7b0b89
Faulting application path: Tor Messenger\Messenger\instantbird.exe
Faulting module path: C:\Windows\system32\d2d1.dll
Report Id: 26f0368d-7eb6-11e5-8e12-005056c00008
Faulting application name: tormessenger-install-0.1.0b2_en-US.exe, version: 0.0.0.0, time stamp: 0x53c50d97
Faulting module name: SyncShellExtension86_70.dll, version: 0.0.0.0, time stamp: 0x560252bd
Exception code: 0xc0000005
Fault offset: 0x0000ce6e
Faulting process id: 0x1938
Faulting application start time: 0x01d112c2bdcd2844
Faulting application path: tormessenger-install-0.1.0b2_en-US.exe
Faulting module path: BitTorrent Sync\SyncShellExtension86_70.dll
Report Id: 0c5a1308-7eb6-11e5-8e12-005056c00008
Yep, see the above comments
Yep, see the above comments and also
https://trac.torproject.org/projects/tor/ticket/17453
Stay tuned for an update that fixes it!
Will there be skype support
Will there be skype support in the future?
Gosh. I don't want to speak
Gosh. I don't want to speak for the Tor Messenger developers here, but I wouldn't be optimistic. Skype is notoriously closed, proprietary, incompatible, etc.
(I was going to say "I hope not", but actually, I do hope there's Skype support in the future -- it would mean that Microsoft came to its senses and embraced the open source world, the world of peer-reviewable protocols, and so on. Let's not hold our breath though.)
Most likely, no, for the
Most likely, no, for the reasons arma said.
Will Tor Messenger support
Will Tor Messenger support TextSecure protocol?
This! I want to know this as
This! I want to know this as well! (Protocol v2, axolotl.)
Yes! That would be really
Yes! That would be really great.
If you'd go with Javascript, here are some libraries to consider using:
https://github.com/joebandenburg/libaxolotl-javascript
https://github.com/macropodhq/axolotl
https://github.com/alax/forward-secrecy
https://github.com/alexeykudinkin/axolotl.js
But it'd be possible to use ctypes as well, like with the OTR extension added tor Tor Messenger
Something that's definitely
Something that's definitely worth considering. We will open a ticket about this shortly.
That's great to hear!
That's great to hear!
Good to hear. I'm really
Good to hear. I'm really surprised there isn't a concerted effort to marry up against TextSecure. They are the only people doing it right as far as I can tell. Axolotl makes OTR actually usable for the practical user. It has to work seamlessly across a users devices, which is the critical nut that OWS have finally cracked.
I feel like interoperation with 'all the services' is a distraction, and perhaps a misguided goal. How are you layering security over these proprietary protocols? Surely just routing traffic through Tor doesn't do anything to help the fact these are mostly plaintext protocols?
I've installed Tor
I've installed Tor messenger, but it dousn't start... Appcrash. Something with d2d1.dll. Windows 8.1 x64
Yep, see the above comments
Yep, see the above comments and also
https://trac.torproject.org/projects/tor/ticket/17453
Stay tuned for an update that fixes it!
Avira wants to move
Avira wants to move instantbird to quaratine and I guess this is why the program doesn't work for me :(
You might
You might enjoy
https://www.torproject.org/docs/faq#VirusFalsePositives
and
https://trac.torproject.org/projects/tor/ticket/17454
(Ok, you probably won't enjoy them, but they might give you some hope for the future.)
Any plans for an android
Any plans for an android client?
Not at present. You might
Not at present. You might enjoy Chatsecure, which used to be Gibberbot, on Android.
But een Android/iOS/WP
But een Android/iOS/WP mobile client would properly be more useful then a desktop client, i do now 90% of my chats on my mobile, and i think that i am not the only one like that.
crashhhhhhhhhhhhhh
crashhhhhhhhhhhhhh
If you are on Windows, you
If you are on Windows, you can try this workaround: https://trac.torproject.org/projects/tor/ticket/17453#comment:7
Windows XP, instantbird.exe
Windows XP, instantbird.exe - entry point not found:
"the procedure entry point _vsnprintf_s could not be located in the dynamic library msvcrt.dll"
We are tracking this here:
We are tracking this here: https://trac.torproject.org/projects/tor/ticket/17469.
Avira and McAfee say it's a
Avira and McAfee say it's a virus... :-o http://i.imgur.com/DtNDAYE.jpg
See
See https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easil… (arma's comment earlier).
This is magic... effectively
This is magic... effectively got Adium back for Facebook Messenger.... brilliant job... Thanks
Any suggestion to fix the
Any suggestion to fix the problem when i click to open tor messenger but nothing appear..
Are you Windows 10? If yes,
Are you Windows 10? If yes, we know this is a bug. We have a workaround here: https://trac.torproject.org/projects/tor/ticket/17453 ... or you can just wait for the next release, which should be next week.
any plans to add gpg
any plans to add gpg encryption support?
We use OTR
We use OTR (https://otr.cypherpunks.ca/). I am not sure how GPG fits into this?
Is instabird being funded
Is instabird being funded directly or indirectly by the Department of State? Is Department of State funding for instabird tied to Congressional legislation on sanctions against Iran? Will Tor Project release its contract (or subcontract) with Department of State for instabird? Why does Sponsor O's Trac page not say Department of State? Where is the transparency?????
"Department of state" is not
"Department of state" is not the owner of internet , tor messenger is open source , Iran has its own censure policy ... for a real transparency make donations at this project, thx.
I appreciate what you are
I appreciate what you are doing, I wish I can run the app to try it out at least. Windows 7 64-bit. It's not starting because of this:
Problem Event Name: APPCRASH
Application Name: instantbird.exe
Application Version: 41.0.0.5729
Application Timestamp: 000232e8
Fault Module Name: d2d1.dll
Fault Module Version: 6.2.9200.16765
Fault Module Timestamp: 528bf6b2
Exception Code: c0000005
Exception Offset: 002284f6
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033
Additional Information 1: 0a9e
Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
Additional Information 3: 0a9e
Additional Information 4: 0a9e372d3b4ad19135b953a78882e789
You can try the following
You can try the following workaround: https://trac.torproject.org/projects/tor/ticket/17453#comment:7
I am unable to connect to
I am unable to connect to OFTC or any other IRC network. Maybe its because tor-messenger connects to ip's (servers) that forward traffic and resulting in failed connects. Can we use tor-messenger for hidden services?
Yes, you can use Tor
Yes, you can use Tor Messenger with hidden services. Just provide an onion address instead wherever applicable.
OFTC seems to throttle Tor connections on and off, and we are aware of this. One possible solution would be try this with a new exit and checking if that works or not. You can't currently do this from Tor Messenger but it's in our to-do list. (https://trac.torproject.org/projects/tor/ticket/10950).
Avira finds TR/ATRAPS.gen in
Avira finds TR/ATRAPS.gen in the Windows installer and instantbird.exe...
See arma's comment above:
See arma's comment above: https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easil…
Audit! Audit! Audit!
Audit! Audit! Audit!
What's the difference
What's the difference between Tor Messenger and TorChat?
Tor Messenger is based on
Tor Messenger is based on the client-server model and builds on existing networks like IRC, XMPP, etc. TorChat was a decentralized service that is no longer active? (Also Tor Project does not develop TorChat.)
i tried running it in
i tried running it in windows 10, to no avail but windows 7, its running okay.
You can try the following
You can try the following workaround: https://trac.torproject.org/projects/tor/ticket/17453#comment:7
Downloaded the client,
Downloaded the client, installed it and when I try to run it says:
Instandbird has stopped working
Unfortunately :(
I'm on Windows 7 Ultimate 64 bit
Try the workaround in
Try the workaround in https://trac.torproject.org/projects/tor/ticket/17453 or wait for the next release.
Tried with 2 Gmail
Tried with 2 Gmail accounts.. on 1, no problems. The other failed, and I got a gmail message saying "someone has your password" - access was blocked due to "unsafe app"
This is a problem with
This is a problem with Gmail/Google. See https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easil… for a workaround.
Win 7 64bit here. Tor
Win 7 64bit here. Tor Messenger is not working for me. It is just not starting after executing the exe. Compatibility mode (e.g. Win Vista) is not helping either.
In the taskmanager I can see that the Instantbird process is starting (even with ~78MB of RAM usage) and closing after around three seconds. There is no error whatsoever, it is just closing the process and never opening any window.
Try the workaround in
Try the workaround in https://trac.torproject.org/projects/tor/ticket/17453 or wait for the next release.
Signature du problème :
Signature du problème :
Nom d’événement de problème: APPCRASH
Nom de l’application: instantbird.exe
Version de l’application: 41.0.0.5729
Horodatage de l’application: 000232e8
Nom du module par défaut: d2d1.dll
Version du module par défaut: 6.2.9200.16765
Horodateur du module par défaut: 528bf6b2
Code de l’exception: c0000005
Décalage de l’exception: 002284f6
Version du système: 6.1.7601.2.1.0.256.48
Identificateur de paramètres régionaux: 1036
Information supplémentaire n° 1: 0a9e
Information supplémentaire n° 2: 0a9e372d3b4ad19135b953a78882e789
Information supplémentaire n° 3: 0a9e
Information supplémentaire n° 4: 0a9e372d3b4ad19135b953a78882e789
Try the workaround in
Try the workaround in https://trac.torproject.org/projects/tor/ticket/17453 or wait for the next release.
I was able to connect to my
I was able to connect to my Google Apps (for Work) gTalk account, but when I try to connect to a regular gmail gChat account it says Not Authorized and won't connect.
I'm guessing this has to do
I'm guessing this has to do with 2-step verification. Same issue I'm having, despite correct password.
Likely has to do with 2-step
Likely has to do with 2-step verification. I'm having the same issue, despite entering the correct password.
Two things: check that you
Two things: check that you create an authorized app for use with 2-step. And secondly, see the comments above related to Google. (Ctrl+F "TorBirdy")
Hi, thanks for the nice
Hi, thanks for the nice work! I will test it soon.
Are you sure this really supports Facebook chat? I think Facebook dropped its XMPP support sometime earlier this year (see https://developers.facebook.com/docs/chat ) and as far as I can see Instantbird uses XMPP for the Facebook chat.
You mention in the release
You mention in the release notes that it works wit gtalk and facebook, but does this assume thay they have their XMMP endpoints open? Facebook closed theirs a couple of months ago and gtalk only works if the user has not migrated to hangout. Is it sitll valid in those cases?
Does not start on Windows
Does not start on Windows 8.1.
Maybe test a little before releasing?
We did test but there was an
We did test but there was an issue with hardware acceleration on some computers. We have a workaround here that will be fixed in the next release: https://trac.torproject.org/projects/tor/ticket/17453.
My Facebook account doesn't
My Facebook account doesn't allow me to log in because it is from an unknown location. But this is going to happen all the time, right? What can I do about it?
LOL, does not accept any
LOL, does not accept any username for facebook.
Seriously, why are you pushing out a broken product? Are you developing pc games in your free time?
Jesus.
Works for me but is timing
Works for me but is timing out on "Downloading Contact List..."
Make sure you use your "User Name". NOT the same as what you use to log in. You can find it by going to your profile and grabbing the text after facebook.com/
The reason why I switched
The reason why I switched from pidgin to gain as XMPP-Client was that there openpgp plugin allows to send offline-messages to your contacts -- something that doesn't work with OTR. An other tool that allows to send encrypted offline messages is retroshare and at least I think that an messanger that's not capable to send offline messages is quite useless. Personally, I prefer OpenPGP solutions over OTR, mostly because I have to share my public just once and not at every single contact (on the down-side their is no deniability).
I doubt this is a good idea.
I doubt this is a good idea. With this you basically send the message that it is OK to log via Tor to your personal gmail or facebook account - which obviously defeats the purpose of connecting via Tor on the first place.
The identity of most people is linked to their "normal" accounts, especially on Facebook which enforces a strict "real names" policy.
Furthermore, both gmail or facebook will kick you out if you try to connect via Tor, and that is going to be confusing and furstrating for the vast majority of uninformed users.
Summing up:
- not user friendly
- it encourages super bad OPSEC.
This is not just for Google
This is not just for Google Talk or Facebook. This is for IRC and Jabber as well, both of which work fine without associating any real identity. Not to mention, like we said in the blog post, a lot of people use Google Talk or Facebook because they have their existing networks there -- we are just providing a secure way for them to use it without revealing their location or the content of their chats, which Tor and OTR take care of quite nicely.
"Not user friendly". We know we can do better. It will help to know the specific concerns.
Why doesnt TOR work with
Why doesnt TOR work with Jitsi.org I think its the best encrypted chat platform because it also handles end to end encrypted VOIP and video calls, and is open source
Thoughts?
Is SILC still relevant? At
Is SILC still relevant? At one time there were some SILC servers operating as hidden services. I didn't see an Instantbird add-on for the SILC protocol. Pidgin works and is recommended on the main SILC website.
SILC - Secure Internet Live Conferencing
http://silcnet.org/
Feedback/Bugreport The error
Feedback/Bugreport
The error message you get when running it right from the .dmg on OS X 10.11.1 is not correct: "Profile Missing Your Instantbird profile cannot be loaded. It may be missing or inaccessible."
Expected behaviour: Dialog:"Tor Messenger can not run from the disk image, pls copy to applications folder"
also the window for the "Tor Network Settings" stays ontop of all other windows
Try this: "On OS X, copy the
Try this: "On OS X, copy the Tor Messenger application from the disk image to your local disk before running it.".
Current version of todays
Current version of todays date when connecting to irc networks that have ssl v2/v3 disabled and allow only TLSv1 to v1.2 and high ciphers such as aes256-gcm-sha384
please fix it.
The messenger tor works, but
The messenger tor works, but when you get using the Facebook "message", he warns that the password may be wrong, but is not! everything is right, the other features are OK, but when using the facebook does not work ... I'm on windows 8 64bit ... help!
I had this and it was
I had this and it was because I was using Authentication on Facebook. I used the Code Generator on the Facebook App on my iPhone and got a 6 digit code to use as the password.... could it be that causing it for you?
When attempting to connect
When attempting to connect via Google Talk, it fails during authentication even though the correct password is presented. I figure this has to do with 2-step verification. Any way around this?
Please see
Please see https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easil… for more information.
These recommendations did
These recommendations did not work. Any other ideas?
When logged into gmail
When logged into gmail through Tor browser, I am getting the following warning. Logging in again does not solve it:
"Gmail is having authentication problems. Some features will not work. Try logging in to fix the problem"
The 2 options provided here don't resolve both that error nor the ability to login to Tor Messenger.
If you change your security
If you change your security settings, by turning "access to less secure apps" to on and allow access from new devices/locations, it might connect. This worked for me, hopefully it will for you too.
This is a big issue for
This is a big issue for usability! Most people do not notice this option exists because they only ever use gtalk through the web interface, but if you try to use pidgin it's a big problem. Tor Messenger already special-cases gmail accounts; it should handle gtalk auth errors with a link to a page with current screenshots of exactly how to do it.
Another usability issue is that Gmail and Facebook use geolocation to detect suspicious activity, and might lock you out if you start coming in through tor; Tor Messenger should at least give a warning about this.
The press has taken notice
The press has taken notice of the debut of TM:
http://www.theregister.co.uk/2015/10/30/tor_messenger_a_death_knell_for…
Tor Messenger beta debuts, promises unlogged Jabber for all
Instant messages with onion breath to scare away the spooks
30 Oct 2015
Darren Pauli
For US persons who dare to attend political events, or to reside in cities where Things Happen, ACLU has obtained further evidence that FBI's spy planes do indeed collect electronic evidence:
http://arstechnica.com/tech-policy/2015/10/fbi-planes-gathered-days-of-…
FBI planes gathered days of video, electronic surveillance over Baltimore
Sean Gallagher
30 Oct 2015
Occupy organizers have previously reported interference with their cell phones when a particular police vehicle equipped with a directional roof aerial similar in appearance to military versions of IMSI catchers passed near their locations.
This is a good illustration of why ordinary people need TM.
Anti-war activists, environmentalists, Occupy people: watch out for electronic surveillance of personal communication devices from drones designed for military/police use, such as ScanEagle (made by Insitu), NOVA (made by Altavian), and Qube (made by AeroVironment), which according to FAA are all now operating domestically in "anti-poaching" and "environmental surveillance" [telecom environment?] roles for various US police agencies. Recall that emails leaked from the Italian malware-as-a-service company Hacking Team show that Insitu was interested in serving malware from its drones. NSA has for many years served malware from military drones, apparently including Scan Eagles operating in Africa. See
https://theintercept.com/drone-papers
According to FAA, Dow Chemical and BNSF are among the mega-corporations operating Chinese manufactured "patrol drones", and these could conceivably be re-purposed to attack demonstrators. There are preliminary indications that dozens of US drone start ups are marketing activist-surveillance-as-a-service to companies associated with the big banks.
Oppression everywhere, and it is very quickly getting much worse. The appropriate response: redouble our determination to oppose oppression of dissidents and to expose state-sponsored human rights violations and other criminality. In particular, we must bring to justice the baby-killing hospital bombing drone assassins and those who enable CIA-sponsored kidnapping/torture.
> Does this run on Tails? If not, is there a way to set it up?
Plus one.
Could one disable javascript in Tor Browser but still use TM? (It seems that Javascript can be exploited by bad guys attacking the browser. And can't TBB people fix that bug where latest FireFox ignores the default image loading setting?).
> you can register XMPP accounts from Tor Messenger (in-band) if the server supports it. You don't need an existing account. (This is not true for Facebook, Google Talk or Twitter, where you do need existing accounts for Tor Messenger to work.)
Can one do that safely? Can you work with riseup.net to provide a TM-friendly chat server? Note that leaked emails from Hacking Team show that Czech police targeted the riseup mail server, so the threat model must at a minimum include companies like Gamma and Hacking Team. For this reason, please seek an outside audit of TM.
> Matthew Green, one of the
> Matthew Green, one of the people who audited Truecrypt, postulated the NSA has solved some of the issues surrounding ECDLP (Elliptic Curve Discreete Logarithm Problem). "A riddle wrapped in a curve" (http://blog.cryptographyengineering.com/)
Second that. This is a very important issue for Tor people to track.
> Since its conception and rollout by Netscape till today, hundreds of security holes have been discovered in JavaScript.
That was my first thought too.
> The point was that JavaScript is a memory managed language, which theoretically eliminates a certain class of exploits. Further, as you said, Mozilla's JS VM has been in production for quite some time and seen some battle hardening.
More details might help encourage the doubters. And obtaining an independent security audit of TM, especially as part of a future edition of Tails, should be an important goal.
Look, it isn't that
Look, it isn't that Javascript is particularly bad as a language. Other than that it has some issues from being designed in an era where security wasn't at the forefront as much, it isn't really any worse than any other language with a similar sized library. For example, it isn't particularly worse than Java. The problem isn't the language itself, it's that the primary (original) use of the language was to allow code on a foreign computer to execute on yours, and it has a larger attack surface than HTML and CSS (possibly by orders of magnitude.)
That means that Javascript has gotten a bad reputation in some parts of the security community, but that reputation is only really relevant for Javascript on a webpage that isn't fully trusted by the user. Javascript potentially allows websites to run harmful code on your computer, but if you're running a program on your computer it doesn't matter that it uses Javascript because it's already running on your computer.
> Yes, this is on purpose
> Yes, this is on purpose because we don't want users clicking their links and opening a browser that is not Tor Browser. We will fix this in future releases by being smart about it -- by detecting Tor Browser and opening the link there, or by giving you an option of choosing what to do with the link. For now, we decided that we don't want users clicking on links by mistake so that is why they are disabled. (#13618 on Trac.)
I think that is a good design decision, sukhbir. Glad to see you are thinking about things like potential user Epic Fail, because our enemies certainly are.
I'm having the same problem!
I'm having the same problem! While trying to connect to Facebook and Gmail like 3 or 4 times I get the not correct password message. Both are on 2-step verification and I'm on Ubuntu 15.10! I'll check out the site you posted above!
Crashes on Windows 10 x64.
Crashes on Windows 10 x64.
Try the new version!
Try the new version!
Tried to log to my Facebook
Tried to log to my Facebook account and Tor Messenger wouldn't let me, asking me if I did any mistakes on my password. As I switched back to my regular Facebook page, it read it was blocked as "Someone intended to log in from an "unusual" place, showing me a Map with a pin somewhere between Myanmar and India. I don't know how this might help you guys, but this is definitely not working smoothly on FB.
Hi, what about client for
Hi, what about client for mobile platforms, namely android?
You might enjoy ChatSecure
You might enjoy ChatSecure for Android.
AVG says it is a virus.
AVG says it is a virus.
See
See https://www.torproject.org/docs/faq#VirusFalsePositives and
https://trac.torproject.org/projects/tor/ticket/17454
Heii, this post sounds
Heii, this post sounds interstin, but i don't own a PC
Is it possible to get a Android-Version of it ?
Many greetings
Basti
You might enjoy ChatSecure
You might enjoy ChatSecure for Android.
Chatsecure has tor support.
Chatsecure has tor support. But only with the "orbot" app installed beside it: https://guardianproject.info/apps/orbot/
(You have to tick the "Connect via Tor" option in the account settings or at account setup.)
Just remember. If you're creating new accounts. You must ALWAYS connect with the "use tor" option. Connect just once without tor, and that connection will be logged and your anonymity likely compromised.
is there going to be a
is there going to be a PortableApps verison?
The Tor Messenger packages
The Tor Messenger packages are all self-contained. So they're nearly there!
Do you intend to develop an
Do you intend to develop an app IOS etc.
You might enjoy ChatSecure
You might enjoy ChatSecure for iOS.
Google blocked my sign-on
Google blocked my sign-on because if it coming from a non-standard country (in this case it was Paris, France). I think it will likely be difficult to use Google Talk through this without dealing with these issues. The other downside is that even if you do train Google to allow logins globally, you've now weakened the protection Google provides regarding account security.
I don't know what the issue
I don't know what the issue is but I cannot log into Facebook. Correct username and password. Could it be the Facebook login verification?
Can you please try the
Can you please try the solution in https://trac.torproject.org/projects/tor/ticket/17464 and tell us if it works for you? We would like to fix this in the next release.
How on earth does Facebook
How on earth does Facebook chat get encrypted? I don't understand?
I also try to configure it, put in my username and password, but it continually tells me my password is incorrect ..... and it's not incorrect. I've changed it to a new one, same result.
Facebook chat will get
Facebook chat will get encrypted if the person you are talking with is using Tor Messenger, or another OTR-enabled client. When you start a conversation, it will be encrypted. Facebook can't see the content of the conversation. It will just see that you are talking with the person, but not what you are talking about.
If you are having problem using FB, please see https://trac.torproject.org/projects/tor/ticket/17464. Let us know if it works for you.
Ugh every time I open up
Ugh every time I open up preferences, the whole application locks up and freezes and I have to force quit it. Quality.
Are you on OS X? See
Are you on OS X? See https://trac.torproject.org/projects/tor/ticket/17456. (It's a beta, we are fixing the problems as they come, that's the entire purpose :)
tor messenger is not working
tor messenger is not working for me with my google account, it says I entered in the wrong password, but all the info, both email and password are correct for logging in with "google talk"
Please see
Please see https://trac.torproject.org/projects/tor/ticket/17477 for now. We will try to fix this in the future but this is Google blocking logins from Tor exits, something we have tried to fix in the past but couldn't.
I'd love to see mobile apps,
I'd love to see mobile apps, which for many of the people I communicate with, are critical to have a hope of achieving a network effect. Signal/TextSecure/RedPhone somehow interoperating with much of this codebase would be my dream. It's kind of a bummer that you have many of the same goals as OWS but don't appear to be working together. For many users, secure messaging choices will be an even tougher call once the Signal chrome extension (hopefully FF too) becomes available.
Great work!
My feedback &
My feedback & experience:
How to use it with system Tor, if clearnet connections are forbidden by iptables? To do that for Tor Browser Bundle I just remove tor-launcher xpi file (64 bit version). Otherwise, I even would not get firefox started. Here, in Tor Messanger, we have no such file, but directory Messenger/extensions/tor-launcher@torproject.org instead. I deleted it. After that my Tor Messanger got started. I also changed port in network preferences to proper one.
I wanted to test it with XMPP server which has a mirror in onion. I specified onion address as host and finally got it working (account was registered in advance). And now many troubles started...
I added tor messanger XMPP account to the roster of my another XMPP IM client (mcabber). Then, Tor Messagnger asked me to "allow" that contact, and I allowed it. However, after this authorization "allowed" account did not get listed in tor messagnger's contact list (roster), which is strange. It means I cannot see contacts I authorized to see my status. Only when I manually added this contact in tor messanger too, it appearaed in my roster. Now both XMPP contacts authorized each other.
When I connected from my IM (mcabber) to tor messanger, the latter complained that OTR plugin is not supported. I was very surprized. Why it is not enabled by default? I found it in preferences and enabled. However, OTR does not work. Neither my Tor messanger contact nor IM contact can start OTR session. I run Tor Messanger with command: ./start-tor-messenger --verbose (it allows me to see warnings). I noticed that each time I click on "start private conversation" I see in log "TypeError: muc is undefined". I opened error console in Tor Messanger, and see an error "Error: __NoSuchMethod__ is depricated; resource:///modules/xmpp.jsm" and then many error messages "muc is undefined; resource:///modules/xmpp.jsm".
If I disable OTR, then messages are passed successfully to both sides. But I failed to get it working with OTR despite (according to prereferences) everything is OK (key was generated, fingerprint was seen).
Another problem are preferences of crtypes-otr extension: sometimes to get button "preferences" working I need to click on "disable", and then on "enable". Otherwise, the window with preferences is not opened.
> Only when I manually added
> Only when I manually added this contact in tor messanger too, it appearaed in my roster. Now both XMPP contacts authorized each other.
This is how XMPP works: both of you have to authorize each other before you can see the status. You can still start chatting, you can only see the availability of the other person if they have accepted your invitation.
> When I connected from my IM (mcabber) to tor messanger, the latter complained that OTR plugin is not supported.
This does not make sense. What are you trying to do here? Just use Tor Messenger -- it supports IRC and OTR is automatically enabled for one-to-one conversations.
Try using Tor Messenger without Mcabber (I am not sure why you are doing this) and you will see most of your problems fixed.
> This is how XMPP works:
> This is how XMPP works: both of you have to authorize each other before you can see the status. You can still start chatting, you can only see the availability of the other person if they have accepted your invitation.
You didn't understand what I say. I don't complain about that I cannot see the status. I complain about that I cannot see this contact in my contact list! In normal XMPP clients when I authorize somebody, I can see him in my list despite I cannot see his status(!). In tor messenger I see absolutely nothing. It means if I forgot which contact I authorized, there is no any simple way to find it.
> This does not make sense. What are you trying to do here? Just use Tor Messenger -- it supports IRC and OTR is automatically enabled for one-to-one conversations. Try using Tor Messenger without Mcabber (I am not sure why you are doing this) and you will see most of your problems fixed.
OMG, somebody of us does not understand the idea of tor messenger. Is it multiprotocol client? If yes, it must be in compliance with XMPP protocol. Does tor messenger support standard OTR protocol for XMPP? If yes, it must be compatible with all XMPP clients and their OTR implementation. The idea of tor messanger is to be compatible with standard IM protocols, so I can chat with anybody who is not yet using tor messanger, isn't it? So if somebody is using standard XMPP client such as mcabber, which supports OTR, why I cannot use OTR from tor messanger? Is its OTR implementation incompatible with the standard?
Experienced people use convenient IM clients (such as mcabber), which are properly customized to work with Tor and end2end encryption. Then, ordinary people could use tor messanger (XMPP+OTR) to anonymously chat with that IM client. It is only possible, when OTR is compatible on both sides, which, as I see, is not the case.
I think I am pretty clear...
P.S. If we don't bother about compatibility with standard protocols and standrad implementation of OTR, why to use tor messenger? It is better to use ricochet.
OK sorry, I misread this
OK sorry, I misread this comment. Let's address the issues one by one.
1. You have to enable "show offline contacts". Is this what you meant? If yes, right-click on the empty space in the contacts window and enable this option.
2. I actually misread this part badly but anyways, this was an error that we just fixed. Mcabber should now work (tested). See https://trac.torproject.org/projects/tor/ticket/17552. This was due to an XMPP issue, not the OTR code.
(And yes, our OTR implementation is compatible with other clients, that's the point.)
Thanks a lot for your
Thanks a lot for your comment! Indeed, in newer version everything works fine.
1. Yes, thanks, it works.
2. Yes, in 0.1.0b4 it is fixed.
I have just minor comment on script start-tor-messenger, which I run in my terminal as "./start-tor-messenger --debug". It works, but it writes:
Probably, you may want to fix this minor warning.
This is more of a
This is more of a suggestion: I don't know much about how Tor works but amongst the list of messengers, i notice theres no "Wickr". I suggest you take a look at Wickr if you haven't and look at how it works as it's a pretty amazing system. Maybe some of the ideas from that may translate well over to TorMessenger or future Tor products?
You can't use a Facebook
You can't use a Facebook account if you have account security on full lock down with two factor authentication.
..or Google with 2FA.
..or Google with 2FA.
Is there a version for
Is there a version for Android?
Checkout ChatSecure by the
Checkout ChatSecure by the Guardian Project. It's on Android. Currently, we don't have plans with Tor Messenger for mobile.
So, first of all : great
So, first of all : great work and thanks!
unfortunately I can't get it to run with facebook cause the buffoons at facebook don't want me to use it :)
Any updates on this issue, is there anything I can do to make it work?
Please see
Please see https://trac.torproject.org/projects/tor/ticket/17464 and let us know if it works for you?
Sorry, but the instructions
Sorry, but the instructions are unclear. What to put as "app-name"? "Tor messenger" or something else?
What to use as login name, my "facebook username" or the newly created appname?
I have the same problem. I
I have the same problem. I tried by putting "Tor Messenger" and "TorMessenger" in the app name field, with no results.
I have used my username (the one after facebook.com when you go in yuor Facebook profile) and not my email. I have also followed the instructions for generating an app password.
Is Facebook blocking Tor Messenger somehow?
Why run Tor on any
Why run Tor on any commercially closed operating system possibly acting like a trojan horse?
Is it safe against trojan horses? How?
Is it safe against spy-chips installed on commercial hardware? How?
Is it using iRL kryptokeys or is it sending kryptokeys over the internet? Why is that considered safe?
Is Tor downloading javascript when it is being run? Why?
The imagination of safety on the internet might be the very thing that makes it unsafe. I suggest awareness and openness in all communication until people themselves create "dedicated trusted computer communication and voting devices".
Swing your thing on the youtube and they will not be able to pull down your pants! ;-)
/Martin Gustavsson
Scientific party of Sweden
how to run in kali linux.?
how to run in kali linux.?
No idea. Try running it how
No idea. Try running it how you usually do and see if it works?
Torchat is not opening after
Torchat is not opening after successful installation can someone tell me what to do?
am running it on host windows 10
Please try the updated
Please try the updated download links. There was a bug which we have fixed. If it still doesn't work for you, let us know.
why there is no usual
why there is no usual uninstall tool? and does it make keys in the registry?
Everything is contained in a
Everything is contained in a single folder. To uninstall, just remove the folder and Tor Messenger will be uninstalled. And no, we don't touch the registry.
what if the other using it's
what if the other using it's not using tor-messenger , we still have an encrypted conversation ? if not
why we use tor-messenger
-----------------------------------
and when i want start a conversation using facebook it's shown that's it's not an privat conversation , "2:24:56 PM - Attempting to start a private conversation with […]"
If the other person is not
If the other person is not using Tor Messenger or another OTR-enabled client, you cannot talk with them as Tor Messenger does not allow sending of unencrypted communication. This is by design. Also, if the other person is using OTR, it will still say "Attempting to start..." but if it the conversation actually starts, it will tell you that the conversation is private. If all it says is "Attempting to start..." and nothing after it, then that conversation is not secure.
Password not working on
Password not working on gtalk. falls to connect with any account I try.
Please see
Please see https://trac.torproject.org/projects/tor/ticket/17477
How come you list Google
How come you list Google Talk as working, when Google denies login because Instabird/Tor messenger don't use OAuth 2.0?
http://googleonlinesecurity.blogspot.ca/2014/04/new-security-measures-w…
When will this be updated? It is very aggravating.
Google Talk will work with
Google Talk will work with third-party XMPP clients, like Tor Messenger. We don't use OAuth for Google Talk.
How can you say this when I
How can you say this when I have spent the past 12 hours trying to get Google Talk to work and it denies it every time?
Except it does not work at
Except it does not work at all.
Why do you list Google Talk
Why do you list Google Talk when it isn't OAuth 2.0 :
Google Will deny login unless you update it.
...
http://googleonlinesecurity.blogspot.ca/2014/04/new-security-measures-w…
Wow what a simply brilliant
Wow what a simply brilliant project.
it would be nice to see android & ios versions of this as many current apps do not support key encryption/decryption.
<
You may enjoy ChatSecure on
You may enjoy ChatSecure on Android.