The Tor Project announced that it was shutting down the development of the Tor Messenger, an application on which the group has been working for the past two-and-a-half years.
A Tor-Based Chat Application
Back in 2015, the Tor team started building the Tor Messenger because it wanted a cross-platform application that was encrypted by default (using the Off-The-Record [OTR] protocol) and anonymous (by sending all chats through the Tor network). In other words, spies wouldn’t be able to see what was inside the messages because they were encrypted, but they also wouldn’t be able to identify the parties who were communicating with each other.
Beyond security and anonymity, the developers also aimed to integrate a variety of transport networks, such as the federated Jabber (XMPP) network, IRC, Google Talk, Facebook, and Twitter. Of course, they also wanted to build a satisfying user experience for it.
Why Tor Messenger Is Shutting Down
The Tor Messenger was built using Instabird chat software, but since the development of the Tor Messenger began, the developers of Instabird discontinued support for their own software.
The team built the Tor Messenger over existing social networks, which meant that your metadata would be recorded by the social networks’ servers, but your route to the server would not be disclosed because it would be sent over Tor. In retrospect, the team seems to have realized that this was ultimately doomed to fail because of metadata leaks to the social networks’ servers.
The Tor Project has limited resources as it is, and the Tor Messenger had the same problem. The team couldn’t even respond to bug reports, let alone requests for more features, which is why it stopped developing it altogether.
Choosing A Secure Messenger
The Tor Project recommended users to check out EFF’s new blog post series on secure messengers, so you can decide for yourself which is the most secure messenger for you. Alternatively, for those who want to continue using the Jabber network, the team recommended CoyIM.
Other recommendations that you may want to consider include Riot, which uses Signal-like end-to-end encryption (not by default, though) over the Matrix federated network, which is a more modern alternative to Jabber/XMPP. Retroshare is an old decentralized messenger that seems to continue receiving support from the developers, and it recently got support for Tor, too.
Finally, there’s Signal; although it doesn’t support Tor, we know that the the developers reduce the metadata collection and logs to the absolute minimum, and it uses a well-reviewed encryption protocol.