TorChat was a peer-to-peer anonymous instant messenger that used Tor onion services as its underlying network. It provided cryptographically secure text messaging and file transfers.[1] The characteristics of Tor's onion services ensure that all traffic between the clients is encrypted and that it is very difficult to tell who is communicating with whom and where a given client is physically located.

TorChat
Developer(s)TorChat Developers
Initial releaseNovember 2007
Final release0.9.9.553 (15 September 2012; 12 years ago (2012-09-15)) [±]
Preview release
2.0-alpha-14 / 22nd of July, 2012
Repository
Written inObject Pascal
Operating systemLinux, Microsoft Windows
Available inMultilingual
TypeInstant messaging client
LicenseGPL v3
Websitegithub.com/prof7bit/TorChat

TorChat is free software licensed under the terms of the GNU General Public License (GPL).

Features

edit

In TorChat every user has a unique alphanumeric ID consisting of 16 characters. This ID will be randomly created by Tor when the client is started the first time, it is basically the .onion address of an onion service. TorChat clients communicate with each other by using Tor to contact the other's onion service (derived from their ID) and exchanging status information, chat messages and other data over this connection. Since onion services can receive incoming connections even if they are behind a router doing network address translation (NAT), TorChat does not need any port forwarding to work.

History

edit

The first public version of TorChat was released in November 2007[2][3] by Bernd Kreuss (prof7bit).[4][1][5] It is written in Python and used the cross-platform widget toolkit wxPython which made it possible to support a wide range of platforms and operating systems.

The older Windows versions of TorChat were built with py2exe (since 0.9.9.292 replaced with pyinstaller) and came bundled with a copy of Tor readily configured so that it could be run as a portable application right off a USB flash drive without any installation, configuration or account creation.

Between 2008 and 2010 weren't any updated packages, resulting in the bundled version of Tor becoming obsolete and unable to connect to the Tor network,[6] which was the reason for the appearance of forks that basically just replaced the bundled Tor.exe with a current one.[citation needed] In December 2010, an official update finally became available that, among some minor bugfixes, also again included an up-to-date Tor.exe.[citation needed]

After 2014, all development activity stopped and TorChat has not received any further updates.[7]

Forks

edit

A fork was released for OS X in the summer of 2010 by a French developer. The binary (a Cocoa application) and source-code (Objective-C) bundled in a Xcode 7 project can be downloaded on SourceMac.

A rewrite of the TorChat protocol in Java was created in the beginning of 2012, called jTorChat on Google Code. Containing the latest Tor.exe, it is meant to emulate all the features of the original TorChat protocol, as well as extending the protocols for jTorChat-specific features. Filesharing, while implemented in the original TorChat, is not yet implemented in jTorChat. A new capability in jTorChat is the broadcast mode, which allows a user to send messages to everybody in the network, even if they are not in their buddylist. Also buddy request mode is implemented, which allows a user to request a random user in the jTorChat network to add them. At this stage jTorChat is designed to work effectively on Windows without any configuration, however since its written in Java, it can run on any platform supported by both, Tor and Java itself, making it very portable. The project is actively seeking Java contributors, especially to help debug the GUI interface.

In February 2012, developer Prof7bit moved TorChat to GitHub,[7] as a protest against Google selectively censoring access to TorChat download to certain countries.[citation needed] Prof7bit has switched to working on torchat2, which is a rewrite from scratch, using Lazarus and Free Pascal.[8][citation needed]

Security

edit

In 2015 security analysis[9] of TorChat protocol and its Python implementation was conducted. It was found that although the design of TorChat is sound, its implementation has several flaws, which make TorChat users vulnerable to impersonation, communication confirmation and denial-of-service attacks. Despite the flaws found, the use of TorChat might still be secure in a scenario where the peer's onion address does not become known to an adversary interested in attacking the person behind the TorChat address.

See also

edit

References

edit
  1. ^ a b "Interview with Bernd Kreuss of TorChat". Free Software Foundation. Archived from the original on 2014-02-02. Retrieved 2014-01-28.
  2. ^ Zetter, Kim (2014-09-17). "Middle-School Dropout Codes Clever Chat Program That Foils NSA Spying". Wired. Retrieved 25 February 2021. TorChat, a peer-to-peer instant messaging program released in 2007 that used Tor hidden services to transmit communications. TorChat had a number of implementation problems when it came out, however, and has largely been abandoned by users and its developers.
  3. ^ prof7bit (25 November 2007). "torchat". Google Code. Archived from the original on 25 November 2007. Retrieved 25 February 2021.{{cite web}}: CS1 maint: numeric names: authors list (link)
  4. ^ "Bernd Kreuss (prof7bit)". Gist. GitHub. Archived from the original on 17 January 2018. Retrieved 25 February 2021.
  5. ^ "TorChat - Free Software Directory". Archived from the original on 2013-10-09.
  6. ^ "Tor project blog". Blog.torproject.org. Archived from the original on 2014-02-02. Retrieved 2014-01-28.
  7. ^ a b "TorChat2". GitHub. 8 December 2021. Archived from the original on 8 December 2013. Retrieved 6 February 2012.
  8. ^ K, Bernd (2022-08-21), TorChat2, archived from the original on 2022-08-31, retrieved 2022-08-31
  9. ^ Viigipuu, Rain (2015). Security Analysis of Instant Messenger TorChat (PDF) (Master's Thesis). Tallinn University of Technology. Archived (PDF) from the original on 20 August 2022. Retrieved 24 August 2022.
edit