Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×

Tor Is Building an Anonymous Instant Messenger 109

An anonymous reader writes in with news about a new anonymous instant messenger client on the way from Tor. "Forget the $16 billion romance between Facebook and WhatsApp. There's a new messaging tool worth watching. Tor, the team behind the world's leading online anonymity service, is developing a new anonymous instant messenger client, according to documents produced at the Tor 2014 Winter Developers Meeting in Reykjavik, Iceland."
This discussion has been archived. No new comments can be posted.

Tor Is Building an Anonymous Instant Messenger

Comments Filter:
  • Joy of joys! (Score:5, Insightful)

    by msauve ( 701917 ) on Thursday February 27, 2014 @07:43PM (#46364189)
    Now I'll be able to communicate with some random, anonymous Internet person.

    Slashdot is doomed.
    • Re: (Score:1, Insightful)

      by Anonymous Coward
      I'm having a hard time understanding how a first post can be modded "redundant."
    • That might be the case, but it might also not be the case.

    • More appropriately, some random, anonymous Internet entity will be able to communicate with you. Of course, the NSA will know who that entity is, so they are really only keeping their identity secret from you. Pretty much like all that spam email that you receive now.
    • by grcumb ( 781340 )

      Now I'll be able to communicate with some random, anonymous Internet person.

      Yeah, first thing I thought was chats like this:

      SPARTACUS19982: YO!

      SPARTACUS4x9: 'Sup?

      SPARTACUS12: U rite?

      SPARTACUS19982: Wait, who said that?

      SPARTACUS4x9: Said what?

      SPARTACUS12: What?

      SPARTACUS19982: That!

      SPARTACUS12: What?

      SPARTACUS19982: Yeah, what!

      SPARTACUS12: Wait - which what?

      SPARTACUS4x9: Dude, being Spartacus is starting to suck, ya know..?

      SPARTACUS4x9: I mean, I don't even know who I am any more...

      SPARTACUS@X0®: DISREGARD THAT I SUCK C0CKS!!!!

    • It looks like they will be re-inventing Sloshdat Beta!
  • Tor? (Score:1, Interesting)

    by HornWumpus ( 783565 )

    Tor? The 'dark net' who's largest nodes are run by the NSA doing traffic analysis? That Tor?

    The one that brought down silkroad?

    • yep that's the one. I wouldn't trust Tor network as an anonymity service for anything, let alone something I really wanted to keep secret.
      • Re:Tor? (Score:5, Funny)

        by ifiwereasculptor ( 1870574 ) on Thursday February 27, 2014 @08:05PM (#46364335)

        If I want to keep something secret from the US, I'll just use ICQ, since it's owned by russians. Of course, the downside of using ICQ in 2014 is that my messages will stay too confidential for the purposes of communicating.

        • by Anonymous Coward

          Are you kidding me? You don't think the US and Russia share intelligence? (And that's assuming the US hasn't hacked ICQ.)

          International espionage isn't like a child's playground, where you're either friends or foes. You cooperate when it's in your interest, and you don't when it's not. Why would it not be in the FSB's best interest to allow the NSA to tap ICQ, particularly for identified individuals, and especially if the NSA reciprocates in kind.

          You don't think the FSB calls up the CIA or NSA every once in

      • by jafac ( 1449 )

        ppp chat. It's the only way to be sure. Unless. . . TEMPEST. . . .

      • Re: (Score:3, Insightful)

        yep that's the one. I wouldn't trust Tor network as an anonymity service for anything, let alone something I really wanted to keep secret.

        Tor is solid, are you and the GP trying to deceive, or have you been decieved?

        Would you like to know more? "How Covert Agents Infiltrate the Internet to Manipulate, Deceive, and Destroy Reputations"

        https://firstlook.org/theinter... [firstlook.org]

    • Re:Tor? (Score:5, Informative)

      by lister king of smeg ( 2481612 ) on Thursday February 27, 2014 @08:22PM (#46364463)

      Tor? The 'dark net' who's largest nodes are run by the NSA doing traffic analysis? That Tor?

      The one that brought down silkroad?

      Nope wrong wrong and wrong.

      Tor is has had about very few highly throttled node running on amazon cloud for a couple of weeks run by the NSA according to head TOR developer Jacob Applebaum at 30c3 about a month ago. Additionally the NSA's own documents released by Edward Snowden showed that the NSA can't break current TOR releases.

      Secondly silkroad was brought down by Dread Pirate Roberts mixing his darknet identity and his clearnet identity by using the same email address and handles. Another break in the case was when a package with fake ID's was intercepted at a Canadian border check.

      • by Anonymous Coward

        Parent evidently hasn't heard of parallel construction...

      • by Anonymous Coward

        "Secondly silkroad was brought down by Dread Pirate Roberts mixing his darknet identity and his clearnet identity by using the same email address and handles. Another break in the case was when a package with fake ID's was intercepted at a Canadian border check."

        Maybe. It's also possible that those pieces of evidence were discovered _after_ some other, illegal methods were used. It's called parallel construction, and it's regularly employed to launder chains of evidence for trial.

        • It's also possible that those pieces of evidence were discovered _after_ some other, illegal methods were used.

          Except that, in this case it wouldn't have required any *illegal* method (1) (2).
          It would have required method which go against anything that is currently known in cryptography.

          The cryptographic methods which form the basis of Tor are sound and unbroken as of yet.
          Tor is sufficiently well designed to avoid bugs and exploits that might lead to leaks (Side-channels, etc.)
          To actual crack Tor open, you need to beat modern cryptography.
          And the NSA doesn't have a monopoly on brains, and modern research is (as alwa

      • I wish I could mod you up to 1000.
        Tor is solid.
        The feds ability to connect the dots of people too dumb to cover their tracks != Tor insecurity.
      • Re:Tor? (Score:4, Insightful)

        by fulldecent ( 598482 ) on Friday February 28, 2014 @08:55AM (#46366855) Homepage

        >> Additionally the NSA's own documents released by Edward Snowden showed that the NSA can't break current TOR releases.

        That was 2007.

        Other things you couldn't do in 2007:
          * Use an iPhone
          * Use a Samsung Galaxy
          * Use What's App
          * Read anything except "this housing boom will go on forever!" in the news

        In other words, that was forever ago.

        Where is a more recent credible assessment of adversary capabilities specifically to the TOR network?

        • Where is a more recent credible assessment of adversary capabilities specifically to the TOR network?

          The fact that NSA dosn't have a monopoly on brains. The fact that research is done by advancing previous research (and rarely appearing out of the blue), and universities have access to the same historical previous research that secret researcher hidden in the NSA do.

          And despite this, none of the academics working on it has been able to demonstrate any actual failure of principles behind Tor.
          There *is* a prestige incentive to be the first research group to demonstrate an actual good failure. But until now,

          • The most obvious attack is control of a majority of the network, and of course correlations attacks which require access to many ISPs.

            These, in addition "ownership" of VPNs, are feasibly within the capabilities of intelligence agencies.

            • The most obvious attack is control of a majority of the network, and of course correlations attacks which require access to many ISPs.

              The *owning* itself might be achievable (and even that is going to be complicated because you need to own significantly more than other governments trying to achieve the same and non-governmental legitimate users)

              *BUT* even then extracting any meanfingful data is complicated. The more people use tor for anything else beside what you're targetting, the higher the noise level among which you're searching for signal, and thus the lower significance of anything you might try to analyse.
              Beyond some point

    • Let me remind you that the Silk Road mantainer was tracked by an inpected postal package, not through tor.

  • As seen spammed in every other story posted today...

  • Will need that too, to compete. Plus a useful directory.. And most average people want to talk to people they know, sort of blows staying anonymous on a large scale.

  • Is this to replace Facebook's?

  • Tor users are being attacked by government agencies and those whom haven't followed the advice of the project are becoming victims of there own stupidity. It has nothing to do with Tor having backdoors in it. Neither the Tor Browser Bundle nor Tails were vulnerable to the attacks by governments agents for users who maintained there system and updated daily.

    Now the freedom hosting bust may have been different. I don't think we know in regards to that bust how the guy in charge of freedom hosting got caught.

    • Tor isn't the NSA.

      But some Tor nodes have six figure monthly bandwidth bills, and the feds have used traffic analysis to bust some Tor users.

      Nobody can prove the Tor nodes are operated by the NSA, but the NSA would need such nodes to do the traffic analysis they have been doing.

  • by Voyager529 ( 1363959 ) <voyager529@@@yahoo...com> on Thursday February 27, 2014 @08:44PM (#46364605)

    Okay, first off, the nature of instant messaging is such that you can't truly have an anonymous system. After all, while "the network" may not know Alice, Bob, and Carole, the three of them must know each other and be able to distinguish between them...otherwise you've simply got ChatRoulette and the purpose of IM is largely moot.

    Retroshare provides fully decentralized IM, pseudo-email, and file transfers. It's a wonderful tool in this regard. It solves the problem of $IM_SERVICE keeping a record of your chats, because there isn't one. It solves the problem of packet sniffing, because it's all PGP based and thus there is no such thing as an unencrypted packet that enters or leaves the software. It solves the problem of needing a server, because everyone is a peer. All of the things that this Tor program seems to solve, has already been solved, and then some. "Well then,why doesn't everyone use it?" Well, the nature of Retroshare makes it difficult to gain critical mass. You have to understand, at some level, how PGP works - instead of a 'friend request' with that person's actual name, you get to share public keys to 'add' them. This is fine and dandy, but opens up a few new problems. First, even cutting-and-pasting something the size of a PGP key and then reciprocating it to the other person is going to cause the eyes of most people to glaze over. Second, you'll need to exchange keys somehow; if you're e-mailing keys back and forth, most people would say "...so just e-mail the damn message". This is where the file sharing half comes into play, since users can trade files directly without having to do much else. However, with Dropbox/Gdrive/1Drive/etc making transfers stupid simple, the practical application for Retroshare in the eyes of Facebook Chat and Whatsapp users starts to wane significantly when put up against "use an already-functional communication medium to do a PGP exchange that will facilitate another communication medium." Bonus points for Retroshare being a smidge petulant when it comes to port forwarding, and not having a mobile version for any platform.

    Conversely, we have IRC. it's ancient, and the UI of mIRC doesn't jive well with the Instagram crowd, but anyone with some semblance of tech skills can run an IRC server. Set that up with SSL and your communications are encrypted, with nothing more than a generic handle to identify you with. The problem is that you'll need someone who can set up such a protected server, and by definition, you have a single point of failure. IRC's other failure (which may apply to Retroshare as well) vs Tor is that IRC does involve IP addresses, so you'll still need a proxy of some kind (or Tor itself) to obfuscate that little nugget.

    Tor routing communications through other users as a part of the protocol is the one problem it solves. Secure transmission of text-based messages has been solved pretty well already, "Anonymous IM" is an oxymoron based on the fact that IM in itself usually assumes a prior relationship of some kind between the two parties, and even if it didn't, each user will need *some* sort of unique identifier to ensure that Alice gets messages meant for her, Bob gets his, and Carole gets hers.

    • by Kjella ( 173770 )

      Retroshare's problem is that it sucks donkey balls. I tried setting it up with a friend swapping PGP keys - that part wasn't so hard, but setting up a private share my friend he couldn't download at 1/10th the speed I can through HTTPS/SFTP/FTPS/any other secure file transfer mechanism. I don't know what they're doing wrong but it just seemed utterly amateurish so I uninstalled it and hasn't given it a second look since.

  • TOR not only attract the watchers with black helicopters and black vans, it's said to be vulnerable to timing attacks esp. by those same entities with extremely large means. So why isn't this news about anonymous IM on a garlic routing network or something?, either switch to a new network or upgrade TOR and call it TOR 2.0 or TOR 1.1 or something but please, something has to be done.

    • by Anonymous Coward

      TOR not only attract the watchers with black helicopters and black vans, it's said to be vulnerable to timing attacks esp. by those same entities with extremely large means. So why isn't this news about anonymous IM on a garlic routing network or something?, either switch to a new network or upgrade TOR and call it TOR 2.0 or TOR 1.1 or something but please, something has to be done.

      Why the hell you feel your software could ever protect you from the NSA is beyond me. We used to be worried about script kiddies and malware delivered via spam. Now, all we worry about is if our software is unbreakable by a State-sponsored agency with billions of dollars, hundreds of personnel, millions in computing resources, and no laws to follow. Even if someone claimed it was unbreakable, I'd love to know how the hell they're going to prove it.

      Just stop with the new fucking golden metric of software

    • it's said to be vulnerable to timing attacks esp. by those same entities with extremely large means. So why isn't this news about anonymous IM on a garlic routing network or something?, either switch to a new network or upgrade TOR and call it TOR 2.0 or TOR 1.1 or something but please, something has to be done.

      There are networks that protect against timing attacks, but the nature of the protection makes them unsuitable for IM or other near-realtime communication. Basically, they operate by having nodes s

      • Thanks. That feels severe, and I find it funny. It has built-in flooding, but can you even flood it furthermore with crap so it becomes damn near unusable to your unlucky "peers"?

    • by Burz ( 138833 )

      LOL! I2P literally calls their protocol "garlic routing".

      You could certainly call it "TOR 2.0" IF you assume a general trend to using darknets for most networking. This is because even while I2P can handle full bittorrent and comes with a decentralized messenger, exit nodes (outproxies) are the exception... I2P is designed to be used mainly between I2P users.

      • I should have been clearer in my wording - I wished for TOR to evolve, or for attention to shift to another network e.g. the network you're speaking of. I thought that maybe that new IM client should have been announced for I2P.
        Then again TOR has the users and I suppose speed and latency for it.
        Can I just run TOR without ever leaving TOR?

  • You're friends with some dude and some dude. Some dude's pretty cool, but some dude keeps posting goats.cx pictures on your news page. You keep trying to unfriend him, but you keep accidentally unfriending some dude instead. Some dude offered to sell you weed but when you tried to take him up on it and asked him where to send your money, he accused you of being a cop and unfriended you. You put up with it because it's still less annoying than Facebook.
  • This is similar to vole:

    http://vole.cc/ [vole.cc]

    https://github.com/vole/vole [github.com]

  • Its called I2P-Bote, a messaging system based on DHT. Its a part of I2P which is included in the TAILS distro along with Tor.

    Once the I2P bittorrent clients experimented with DHT and succeeded, some people figured they could pull off a messenger that was truly decentralized.

    And speaking of decentralization, Tor's underlying protocol and topology may not have enough of it to remain viable for too long. OTOH, I2P users contribute to routing bandwidth by default, and nodes recognize each others' contribution t

  • by Tom ( 822 ) on Friday February 28, 2014 @04:36AM (#46366023) Homepage Journal

    More than anywhere else, this is not a problem geeks alone can solve. The perfect chat client is worthless if none of your friends use it. WhatsApp was huge because everyone used it - network effect.

    So Tor - yes, definitely a good step. But you need a good client, ease-of-use is as important as cryptography, and details such as automatically finding your friends who also use it. Threema has a nice solution for that with their hashed address books.

    So please look beyond the backend code.

  • by GeekWithAKnife ( 2717871 ) on Friday February 28, 2014 @04:53AM (#46366075)

    You want security at the expense of usability? build layers!

    A single system can be hacked, a single OS has bugs, a single app has backdoors, a single protocol has explots etc etc

    Use LESS popular services in combination with layers of security. For instance; You can use the Tor Network to SSH into a proxy to tunnel chat with pidgin & OTR plugin. If you're even more paranoid assume your OS is already hacked, use some exotic image like Qubes, create temporary destructible VMs to carry information...there are options and many of them make basic functionality a nightmare.

    If you really care that much about having your idle chitchat being "secure" you can always assume everything is being listened to. Good old fashion message encryption is probably much better than a special app.

    I am quite happy there's more focus on security but let's be serious here, Tor is a target for snoops. they will find a way in because they already proved they can.
    • I think the idea here is to be able to say "hello world" to your Tor proxy, and have it communicate with the network such that "n" recipients get the message, but no one knows that you just did that, and definitely don't know what you just said. You don't know who or where those recipients are, you don't know anything about them, other than you're communicating with them.

      If you imagine a way where I can tell you I'm on the Tor Chat Net - I don't tell you anything about myself, but instead I generate some so

  • Honestly, unless you build it yourself, how do you know it's doing what it says it's doing? The client is on iOS or Android? Wasn't there a story this week about about a key logging exploit for iOS? It may not matter that it's secure if there's a better attack vector on a device. Personally, I would never take a claim for security seriously, you're better off using whatever flawed IM service is out there already and just treat every message as a public broadcast.

He keeps differentiating, flying off on a tangent.

Working...