On 29th October 2015, Tor Project, a research-education non-profit organization, launched its first public beta version of Tor Messenger. The Tor Messenger is the first ever instant messaging tool by the organization, and is designed to be both simplistic but private by default. Here is what we know about the new Tor Messenger:
- If you are looking for an instant messaging tool designed with privacy in mind, Tor Messenger will not only help to encrypt communications, but also routes users through the Tor network, made up of different “hops” or relays, to hide any original IP addresses.
- It integrates the “off the record (OTC)” protocol to encrypt your messages and routes them over Tor just like the Tor Browser does for web data.
- Logging is disabled by default too, so there should not be a record of private conversations and logging of chats using the messenger.
- The Tor Messenger application can be installed on all operating systems (eg: linux, Windows, OS X). A great feature of the messenger is that it imports your contacts from the services you use, so you do not have to re-add your friends again upon installing it on a Linux, a Mac or a Windows computer.
- The chat tool provides support to many renowned chat protocols, which include Google Talk, Twitter, Yahoo, Facebook and any XMPP account (XMPP, formerly known as Jabber, has become a favourite chat protocol these days)
Quick guide to download & use Tor Messenger
- Register an account on your chosen server. Search Google for the server name of your choice and its registration. This XMPP website does provide ratings on the level of server securities by checking the connections between servers and PCs if there are any weak or broken encryption mechanisms in use. It is best to use servers with ‘A’ ratings.
- Sign up using a username and a secure password. (Read our ‘7 Easy Tips to Avoid Getting Hacked’ blog post on how to secure your passwords).
- Download Tor Messenger and verify it. According to the Tor website serving the download (updated as of 6th November 2015), you can download the Tor Messenger for your operating systems here: Linux (32-bit), Linux (64-bit), Windows, and OS X.
- Once your Tor Messenger is up and running, you will be asked to add an account. If you are using Jabber, select XMPP. Fill in your username, chosen domain, password and click through. For Google account users, use your credentials that you have registered with. Any Google users who have opted for two-factor authentications on their accounts can follow this support guide to learn the process of authorising specific apps and Google will send you a one-time password to login.
- Once all that is done, hooray! You should now be online. Invite your friends to sign up so you guys can start chatting. After initiating a conversation, click the padlock toggle on the Tor Messenger to send a request for a private chat. Your next step would be to verify your contact which can be done either by: a private question only answerable by your contact, a shared secret, or cryptographically-generated ‘fingerprints’ which are unique identifiers for the encryption keys you are using.
- If you would like an extra layer of security and decide to use the Tor Messenger through our BolehVPN servers to get double encryption, this has great advantages, such as being able to hide your use of Tor from your Internet service provider. Choosing to route Tor Messenger through our BolehVPN servers will also avoid corrupted Tor nodes as it will only see the IP address of our VPN and not your personal one.
- Our BolehVPN servers routes your traffic through Tor net using random Tor nodes to provide optimal security. So the encrypted channel would be: You > BolehVPN’s servers > Tor’s servers. To do this, just set it to use a manual proxy and configure it as follows:
- You should now be able to successfully chat securely and privately with the Tor Messenger’s encrypted messaging through our BolehVPN servers.
“Please note that this release is for users who would like to help us with testing the product but at the same time who also understand the risks involved in using beta software. As such, don’t rely on this product for strong anonymity just yet.” – Sukhbir Singh, one of the Tor Messenger developers.
Bear in mind Tor’s app is still in beta and therefore might not be as stable or as secure as one would hope. Hence, its developers are welcoming early users to pore over any software bugs to improve the messenger before its finalisation. After some auditing and bug fixes, the program is believed to become a highly powerful and popular tool for instant and surveillance-resistant communications.
 Tor Project Blog
 BBC News