Slashdot Mirror
Tor Winds Down Its Encrypted Messenger App 3 Years After Launch (venturebeat.com)
The Tor Project has announced that it's winding down its privacy-focused Tor Messenger chat program, nearly three years after its beta debut. From a report: Tor, an acronym of "The Onion Router," is better known for its privacy-focused browser that directs traffic through a volunteer-run network of relays to prevent any untoward eavesdropping on users' online activity. Indeed, the Tor Browser is often used by activists, whistleblowers, and anyone wishing to remain anonymous, and major companies -- such as Facebook -- have embraced Tor over the years.
The people behind the anonymity network started working on Tor Messenger in early 2014, launched it in alpha a year later, before rolling out the beta version in October 2015, where it has remained since -- though there have been more than 10 separate beta releases. [...] In terms of why Tor Messenger is being sunsetted, well, there are a number of reasons. Arguably the most important of the reasons is that uptake wasn't quite where Tor wanted it to be at to justify working on it, while it also realized that it wasn't the perfect private messaging client due to its metadata problem.
The people behind the anonymity network started working on Tor Messenger in early 2014, launched it in alpha a year later, before rolling out the beta version in October 2015, where it has remained since -- though there have been more than 10 separate beta releases. [...] In terms of why Tor Messenger is being sunsetted, well, there are a number of reasons. Arguably the most important of the reasons is that uptake wasn't quite where Tor wanted it to be at to justify working on it, while it also realized that it wasn't the perfect private messaging client due to its metadata problem.
What is the "metadata problem"? The article has no info about it.
Well it said:
although the sender's IP address was concealed, some metadata could still be logged by the server, including contacts and details around when and how often two people communicated.
Sounds like the classic issues if you have all the clients connect to a server to find each other. The alternative though is that every user has to run their own hidden service, which has a whole lot of other threats even if there's no centralized metadata storage.
I'm thinking there should probably be some way to avoid that using a rolling shared secret. Like say my "permanent" identity is "Kjella", but my rolling identity is sha256("Kjella" + date + secret) which is shared with my contacts but not the server. At server it looks like every day a new identity goes online, with a new message history. That would stop any meaningful metadata collection pretty much dead in its tracks.
Live today, because you never know what tomorrow brings
If those "male" developpers were bitter, angry, pathetic, misogynistic pigs like you, then nothing of value was lost.