First Look

Tor Messenger: Anonymous instant messaging beta released

Want truly private instant messaging? The Tor network now has an IM client.

Computer vision
Credit: Melmak / Pixabay

Anyone who values their privacy will be aware of Tor, the distributed “onion routing” network that makes it possible to avoid surveillance (though it is thought that even the sophistication of the Tor system may not be enough to avoid NSA scrutiny if they really want to get the login for your Ashley Madison account). 

While Tor is great for hiding your browsing until now, it hasn’t been able to anonymize instant messaging. That changed yesterday with the beta release of the open source Tor Messenger. Available for Windows, Linux, and OS X the Tor Messenger:

… supports a wide variety of transport networks, including Jabber (XMPP), IRC, Google Talk, Facebook Chat, Twitter, Yahoo, and others; enables Off-the-Record (OTR) Messaging automatically; and has an easy-to-use graphical user interface localized into multiple languages.

Cypherpunks Canada explains:

Off-the-Record (OTR) Messaging allows you to have private conversations over instant messaging by providing: 

Encryption / No one else can read your instant messages.

Authentication / You are assured the correspondent is who you think it is.

Deniability / The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.

Perfect forward secrecy / If you lose control of your private keys, no previous conversation is compromised.



These attributes are important if you’re trying to avoid censorship or observation for any reason and Tor Messenger is an enhancement of Instabird, one of the most sophisticated instant messaging clients, which was developed by the Mozilla community. The Tor Project explains:

Instantbird was the pragmatic choice -- its transport protocols are written in a memory-safe language (JavaScript); it has a graphical user interface and already supports many natural languages; and it's a XUL application, which means we can leverage both the code (Tor Launcher) and in-house expertise that the Tor Project has developed working on Tor Browser with Firefox. It also has an active and vibrant software developer community that has been very responsive and understanding of our needs.

screen shot 2015 10 30 at 4.25.50 pm

I installed Tor Messenger (under OS X ridiculously fast and straightforward) and discovered that, as of writing, it seems to not work with Google Talk if your account is set up for Google’s Two Factor Authentication. Despite trying several times to create a Google App Password that allows for one factor authentication, Tor Messenger repeatedly failed to log in for no apparent reason.

screen shot 2015 10 30 at 4.27.41 pm

Problem logging in to Google Talk when TFA is enabled

I had more luck with Facebook Chat but only after Tor Messenger tried to log in with my credentials and got kicked off because Facebook complained because I was apparently coming in from Bangladesh which Facebook, not unreasonably, thought to be unusual. Once I confirmed that this was, in fact, me, everything went like clockwork and the performance of Tor Messenger appears to be very good.

Facebook thinks I'm in Bangladesh

Facebook thinks I'm in Bangladesh

So, if you have any reason to be paranoid or simply nervous about your privacy then Tor Messenger is arguably your your solution for instant messaging. But be careful! This is a beta release and until it's got a few virtual miles under its belt, there could be gotchas.

If you get a chance, try Tor Messenger and let me know what you think. Big kudos to the Tor team, there’s no such thing as too much privacy.

Thoughts? Suggestions? Send me feedback via email or comment below then follow me on Twitter and Facebook. 

Must read: Hidden Cause of Slow Internet and how to fix it
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies