TorChat

Last updated
TorChat
Torchat screenshot.png
Screenshot TorChat 0.9.9.530
Developer(s) TorChat Developers
Initial releaseNovember 2007
Final release 0.9.9.553 (15 September 2012;8 years ago (2012-09-15)) [±]
Preview release
2.0-alpha-14 / 22nd of July, 2012
Repository OOjs UI icon edit-ltr-progressive.svg
Written in Object Pascal
Operating system Linux, Microsoft Windows
Available inMultilingual
Type Instant messaging client
License GPL v3
Website github.com/prof7bit/TorChat

TorChat was a centralized client-server [1] quasi-anonymous instant messenger based on Instantbird, [1] that used Tor onion services as its underlying network. It provides cryptographically secure text messaging and file transfers. [2] The characteristics of Tor's onion services ensure that all traffic between the clients is encrypted and that it is very difficult to tell who is communicating with whom and where a given client is physically located, but suffers from metadata leaks. [1]

Contents

TorChat is free software licensed under the terms of the GNU General Public License (GPL).

Features

In TorChat every user has a unique alphanumeric ID consisting of 16 characters. This ID will be randomly created by Tor when the client is started the first time, it is basically the .onion address of an onion service. TorChat clients communicate with each other by using Tor to contact the other's onion service (derived from their ID) and exchanging status information, chat messages and other data over this connection. Since onion services can receive incoming connections even if they are behind a router doing network address translation (NAT), TorChat does not need any port forwarding to work.

History

The first public version of TorChat was released in November 2007 [3] [4] by Bernd Kreuss (prof7bit). [5] [2] [6] It is written in Python and used the cross-platform widget toolkit wxPython which made it possible to support a wide range of platforms and operating systems.

The older Windows versions of TorChat were built with py2exe (since 0.9.9.292 replaced with pyinstaller) and came bundled with a copy of Tor readily configured so that it could be run as a portable application right off a USB flash drive without any installation, configuration or account creation.

Between 2008 and 2010 weren't any updated packages, resulting in the bundled version of Tor becoming obsolete and unable to connect to the Tor network, [7] which was the reason for the appearance of forks that basically just replaced the bundled Tor.exe with a current one.[ citation needed ] In December 2010, an official update finally became available that, among some minor bugfixes, also again included an up-to-date Tor.exe.[ citation needed ]

Six years after last release, TorChat was officially discontinued in 2018. [8]

Forks

A fork was released for OS X in the summer of 2010 by a French developer. The binary (a Cocoa application) and source-code (Objective-C) bundled in a Xcode 7 project can be downloaded on SourceMac.

A rewrite of the TorChat protocol in Java was created in the beginning of 2012, called jTorChat on Google Code. Containing the latest Tor.exe, it is meant to emulate all the features of the original TorChat protocol, as well as extending the protocols for jTorChat-specific features. Filesharing, while implemented in the original TorChat, is not yet implemented in jTorChat. A new capability in jTorChat is the broadcast mode, which allows a user to send messages to everybody in the network, even if they are not in their buddylist. Also buddy request mode is implemented, which allows a user to request a random user in the jTorChat network to add them. At this stage jTorChat is designed to work effectively on Windows without any configuration, however since its written in Java, it can run on any platform supported by both, Tor and Java itself, making it very portable. The project is actively seeking Java contributors, especially to help debug the GUI interface.

As of 5 February 2013, developer Prof7bit moved TorChat to GitHub, [9] as a protest against Google selectively censoring access to TorChat download to certain countries.[ citation needed ] Prof7bit has switched to working on torchat2, which is a rewrite from scratch, using Lazarus and Free Pascal.[ citation needed ]

Security

In 2015 security analysis [10] of TorChat protocol and its Python implementation was conducted. It was found that although the design of TorChat is sound, its implementation has several flaws, which make TorChat users vulnerable to impersonation, communication confirmation and denial-of-service attacks. Despite the flaws found, the use of TorChat might still be secure in a scenario where the peer's onion address does not become known to an adversary interested in attacking the person behind the TorChat address.

See also

Related Research Articles

Bonjour is Apple's implementation of zero-configuration networking (zeroconf), a group of technologies that includes service discovery, address assignment, and hostname resolution. Bonjour locates devices such as printers, other computers, and the services that those devices offer on a local network using multicast Domain Name System (mDNS) service records.

An anonymous P2P communication system is a peer-to-peer distributed application in which the nodes, which are used to share resources, or participants are anonymous or pseudonymous. Anonymity of participants is usually achieved by special routing overlay networks that hide the physical location of each node from other participants.

The Invisible Internet Project (I2P) is an anonymous network layer that allows for censorship resistant, peer to peer communication. Anonymous connections are achieved by encrypting the user's traffic, and sending it through a volunteer-run network of roughly 55,000 computers distributed around the world. Given the high number of possible paths the traffic can transit, a third party watching a full connection is unlikely. The software that implements this layer is called an "I2P router", and a computer running I2P is called an "I2P node". I2P is free and open source, and is published under multiple licenses.

Datagram Transport Layer Security (DTLS) is a communications protocol that provides security for datagram-based applications by allowing them to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport—the application does not suffer from the delays associated with stream protocols, but because it uses UDP, the application has to deal with packet reordering, loss of datagram and data larger than the size of a datagram network packet. Because DTLS uses UDP rather than TCP, it avoids the "TCP meltdown problem", when being used to create a VPN tunnel.

BitlBee

BitlBee is a cross-platform IRC instant messaging gateway, licensed under the terms of the GNU General Public License.

Twisted (software)

Twisted is an event-driven network programming framework written in Python and licensed under the MIT License.

This is a comparison of voice over IP (VoIP) software used to conduct telephone-like voice conversations across Internet Protocol (IP) based networks. For residential markets, voice over IP phone service is often cheaper than traditional public switched telephone network (PSTN) service and can remove geographic restrictions to telephone numbers, e.g., have a PSTN phone number in a New York area code ring in Tokyo.

Tribler Peer-to-peer filesharing software and protocol

Tribler is an open source decentralized BitTorrent client which allows anonymous peer-to-peer by default. Tribler is based on the BitTorrent protocol and uses an overlay network for content searching. Due to this overlay network, Tribler does not require an external website or indexing service to discover content. The user interface of Tribler is very basic and focused on ease of use instead of diversity of features. Tribler is available for Linux, Windows, and OS X.

Jitsi Videoconferencing and messaging software

Jitsi is a collection of free and open-source multiplatform voice (VoIP), video conferencing and instant messaging applications for the web platform, Windows, Linux, macOS, iOS and Android. The Jitsi project began with the Jitsi Desktop. With the growth of WebRTC, the project team focus shifted to the Jitsi Videobridge for allowing web-based multi-party video calling. Later the team added Jitsi Meet, a full video conferencing application that includes web, Android, and iOS clients. Jitsi also operates meet.jit.si, a version of Jitsi Meet hosted by Jitsi for free community use. Other projects include: Jigasi, lib-jitsi-meet, Jidesha, and Jitsi.

Tor (anonymity network) Free and open-source anonymity network based on onion routing

Tor is free and open-source software for enabling anonymous communication by directing Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays in order to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace the Internet activity to the user: this includes "visits to Web sites, online posts, instant messages, and other communication forms". Tor's intended use is to protect the personal privacy of its users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities unmonitored.

Instantbird Cross-platform instant messaging client

Instantbird is a cross-platform instant messaging client based on Mozilla's XULRunner and the open-source library libpurple used in Pidgin. Instantbird is free software available under the GNU General Public License. Over 250 add-ons allow user customization of, and addition of, features. On October 18, 2017 Florian Quèze announced that "... we are stopping development of Instantbird as a standalone product."

Tox (protocol) Distributed protocol for telephony and instant messaging

Tox is a peer-to-peer instant-messaging and video-calling protocol that offers end-to-end encryption. The stated goal of the project is to provide secure yet easily accessible communication for everyone. A reference implementation of the protocol is published as free and open-source software under the terms of the GNU General Public License (GPL) version 3 or later.

Open Whisper Systems Open source software organization

Open Whisper Systems was a software development group that was founded by Moxie Marlinspike in 2013. The group picked up the open source development of TextSecure and RedPhone, and was later responsible for starting the development of the Signal Protocol and the Signal messaging app. In 2018, Signal Messenger was incorporated as an LLC by Moxie Marlinspike and Brian Acton and then rolled under the independent 501c3 non-profit Signal Technology Foundation. Today, the Signal app is developed by Signal Messenger LLC, which is funded by the Signal Technology Foundation.

Ricochet (software)

Ricochet or Ricochet IM is a free software, multi-platform, instant messaging software project originally developed by John Brooks and later adopted as the official instant messaging client project of the Invisible.im group. A goal of the Invisible.im group is to help people maintain privacy by developing a "metadata free" instant messaging client.

Gitter

Gitter is an open-source instant messaging and chat room system for developers and users of GitLab and GitHub repositories. Gitter is provided as software-as-a-service, with a free option providing all basic features and the ability to create a single private chat room, and paid subscription options for individuals and organisations, which allows them to create arbitrary numbers of private chat rooms.

Matrix (protocol) Networking protocol for real-time communication and data synchronization

Matrix is an open standard and communication protocol for real-time communication. It aims to make real-time communication work seamlessly between different service providers, just like standard Simple Mail Transfer Protocol email does now for store-and-forward email service, by allowing users with accounts at one communications service provider to communicate with users of a different service provider via online chat, voice over IP, and videotelephony. Such protocols have been around before such as XMPP but Matrix is not based on that or another communication protocol.

The Signal Protocol is a non-federated cryptographic protocol that can be used to provide end-to-end encryption for voice calls, video calls, and instant messaging conversations. The protocol was developed by Open Whisper Systems in 2013 and was first introduced in the open-source TextSecure app, which later became Signal. Several closed-source applications have implemented the protocol, such as WhatsApp, which is said to encrypt the conversations of "more than a billion people worldwide". Facebook Messenger also say they offer the protocol for optional Secret Conversations, as does Skype for its Private Conversations.

Wire is an encrypted communication and collaboration app created by Wire Swiss. It is available for iOS, Android, Windows, macOS, Linux, and web browsers such as Firefox. Wire offers a collaboration suite featuring messenger, voice calls, video calls, conference calls, file-sharing, and external collaboration –all protected by a secure end-to-end-encryption. Wire offers three solutions built on its security technology: Wire Pro –which offers Wire's collaboration feature for businesses, Wire Enterprise –includes Wire Pro capabilities with added features for large-scale or regulated organizations, and Wire Red –the on-demand crisis collaboration suite. They also offer Wire Personal, which is a secure messaging app for personal use.

Element (software) Decentralised, encrypted chat and collaboration software powered by the Matrix protocol

Element is a free and open-source software instant messaging client implementing the Matrix protocol.

References

  1. 1 2 3 "Sunsetting Tor Messenger". Tor Blog. Tor project. April 2, 2018. Retrieved 24 February 2021.
  2. 1 2 "Interview with Bernd Kreuss of TorChat". Free Software Foundation . Retrieved 2014-01-28.
  3. Zetter, Kim (2014-09-17). "Middle-School Dropout Codes Clever Chat Program That Foils NSA Spying". Wired. Retrieved 25 February 2021. TorChat, a peer-to-peer instant messaging program released in 2007 that used Tor hidden services to transmit communications. TorChat had a number of implementation problems when it came out, however, and has largely been abandoned by users and its developers.
  4. prof7bit (25 November 2007). "torchat". Google Code. Archived from the original on 25 November 2007. Retrieved 25 February 2021.
  5. "Bernd Kreuss (prof7bit)". Gist. GitHub. Retrieved 25 February 2021.
  6. https://web.archive.org/web/20131009221718/https://directory.fsf.org/wiki/TorChat
  7. "Tor project blog". Blog.torproject.org. Retrieved 2014-01-28.
  8. "Sunsetting Tor Messenger". Tor Blog. Retrieved 2021-01-10.
  9. https://github.com/prof7bit/TorChat
  10. http://kodu.ut.ee/~arnis/torchat_thesis.pdf