Given these circumstances, we decided it's best to discontinue rather than ship an incomplete product. We were also ignoring user requests for features and bug reports due to the limited resources we could allocate to the project. Metadata leaks information about participants and their social graphs, and while it does not reveal the actual data, it can reveal patterns about your communication: who your friends are, when you talk to them, how much you talk to them, etc.Įven after all the releases, Tor Messenger was still in beta and we had never completed an external audit (there were two internal audits by Tor developers). While the chat features will be ported over to Thunderbird as they share the same codebase, the UI itself is no longer developed. The necessity of porting to Thunderbird also gave us the opportunity to step back and assess progress - the adoption of Tor Messenger was low and the real need is for metadata-free alternatives.Īs described above, a centralized client-server architecture suffers from metadata leaks and Tor Messenger inherits those problems while being unable to mitigate them. Tor Messenger is based on Instantbird (see the original blog post on why we picked Instantbird), a product that is no longer maintained by its developers.
This meant that in such a client-server model, your metadata could be logged by the server, but your route to the server would be not be disclosed because it would be over Tor, and your communications would be encrypted with Off-the-Record messaging. We still thought this was a better alternative than the other products in the market, such as Pidgin, because it had safer and secure default configurations.Įleven beta releases later, we have, sadly, decided to discontinue supporting Tor Messenger. Here's why: When we released the first version, we tried to clearly identify the limitations of such a product: Tor Messenger was meant for communicating over existing social networks. The aim was to provide a chat client that supported a wide variety of transport networks like Jabber (XMPP), IRC, Google Talk, Facebook, Twitter had an easy-to-use graphical interface and configured most of the security and privacy settings automatically with minimal user intervention. In 2015, we introduced Tor Messenger, a cross-platform chat program that aimed to be secure by default by sending all of its traffic over Tor and enforcing encrypted one-to-one conversations by bundling and using OTR (Off-the-Record) messaging.
0 kommentar(er)
