Tor Winds Down Its Encrypted Messenger App 3 Years After Launch

The Tor Project has announced that it's winding down its privacy-focused Tor Messenger chat program, nearly three years after its beta debut. From a report: Tor, an acronym of "The Onion Router," is better known for its privacy-focused browser that directs traffic through a volunteer-run network of relays to prevent any untoward eavesdropping on users' online activity. Indeed, the Tor Browser is often used by activists, whistleblowers, and anyone wishing to remain anonymous, and major companies -- such as Facebook -- have embraced Tor over the years.

The people behind the anonymity network started working on Tor Messenger in early 2014, launched it in alpha a year later, before rolling out the beta version in October 2015, where it has remained since -- though there have been more than 10 separate beta releases. [...] In terms of why Tor Messenger is being sunsetted, well, there are a number of reasons. Arguably the most important of the reasons is that uptake wasn't quite where Tor wanted it to be at to justify working on it, while it also realized that it wasn't the perfect private messaging client due to its metadata problem.

Re:metadata?

[Kjella]

What is the "metadata problem"? The article has no info about it.

Well it said:

although the sender's IP address was concealed, some metadata could still be logged by the server, including contacts and details around when and how often two people communicated.

Sounds like the classic issues if you have all the clients connect to a server to find each other. The alternative though is that every user has to run their own hidden service, which has a whole lot of other threats even if there's no centralized metadata storage.

I'm thinking there should probably be some way to avoid that using a rolling shared secret. Like say my "permanent" identity is "Kjella", but my rolling identity is sha256("Kjella" + date + secret) which is shared with my contacts but not the server. At server it looks like every day a new identity goes online, with a new message history. That would stop any meaningful metadata collection pretty much dead in its tracks.

Are the alternatives already good enough?

[Mean+Variance]

Is this a loss of a person to person messaging platform that was more secure or anonymous than current options like Signal, Telegram, Cyph or something else?

Mostly out of curiosity I have tried to make sense of the pros and cons of these and don't see a clear winner. For some reason, Cyph looks like the most secure and anonymous from the endpoints of where the encryption occurs (at the browser), but I'm admittedly naive.

There are alternatives

[jarle.aase]

Unlike the open Internet, Tor makes it easy to create real peer to peer messaging clients. All Tor nodes can create hidden services that are instantly accessible to anyone. Using a true peer to peer architecture, without hub's, there are no meta-data laying around, except on the peers themselves.

Tor Chat (which now seems dead) pioneered this approach. Ricochet is an alternative that is actively maintained.

I am working on a project to bring another peer to peer instant messenger to the onion party. I believe it matters to be able to communicate privately. I believe that it matters a lot.

Re:metadata?

[Kjella]

You imply here threats not equally applicable to the central phonebook server configuration. Please elaborate.

You're running a service, unless it's got a 24x7 uptime it starts revealing metadata on when you're online. This could potentially also be used maliciously, drop/delay traffic to your IP and see what TOR service stops/responds slowly. And then there's the whole announcement mechanism to say here I am, which they recently upgraded from v2 to v3. There's a lot of effort made on trying to unmask hidden services. A client polling a server would be more like using TorBrowser, if you can compromise that you've essentially broken all of Tor, while hidden services is just one little bit that many people don't use and most certainly don't run.

Instant messaging is dead.

[Rexdude]

Whatsapp and FB Messenger killed it. You can scream about XMPP and secure apps like this or Signal all you want, they are utterly useless unless the people you communicate with also switch to them. Network effect's a party pooper. Unless you exclusively hang out with security researchers, no one's going to bother.