Table of Contents
- Removing Tor Messenger/Uninstalling
- Where are my OTR keys stored? / How can I preserve them across updates?
- Logging Disabled
- Windows XP
- Google Talk
- Cryptographic Protocols
- Mobile (Android, iOS)
- Using Tor Messenger with Tor Browser
- How do I auto-join encrypted XMPP chats?
- How do I connect to my XMPP server with its onion address?
- How to verify the signature of Tor Messenger
Tor Messenger FAQ
Please note that Tor Messenger is still in beta. The purpose of this release is to help test the application and provide feedback. At-risk users should not be depending on it for their privacy and safety.
- Extract the bundle (tar xf tor-messenger-linux*) and then run ./start-tor-messenger.desktop
- Some other script options:
Tor Messenger Script Options --verbose Display Tor and Instantbird output in the terminal --log [file] Record Tor and Instantbird output in file (default: tor-messenger.log) --detach Detach from terminal and run Tor Messenger in the background. --register-app Register Tor Messenger as a desktop app for this user --unregister-app Unregister Tor Messenger as a desktop app for this user
- OS X
- Copy the Tor Messenger application from the disk image to your local disk before running it.
- Install Tor Messenger as you would install any other application.
Removing Tor Messenger/Uninstalling
On all platforms (Windows, OS X, Linux), removing the Tor Messenger directory/application will uninstall Tor Messenger. (Windows users: we do not modify the Registry.)
As of v0.2.0b2, OS X users will also need to remove the profile folder (TorMessenger-Data), which is either found next to application bundle, or in ~/Library/Application\ Support/, depending on where the application bundle is located.
Where are my OTR keys stored? / How can I preserve them across updates?
Note that, as of v0.2.0b2, Tor Messenger contains a secure updater, and the following steps are no longer necessary moving forward. However, if you're migrating from a previous release, they are still relevant.
- The two files you want to look for are otr.private_key and otr.fingerprints (leave the otr.instance_tags file alone). They are found in the profile directory. See the table below for the profile location for your version / platform.
- Move the aforementioned files (otr.private_key and otr.fingerprints) to a temporary location
- Remove the main Tor Messenger directory (or the application on OS X)
- Extract the latest beta
- Open the beta folder and copy the files you moved earlier to the path corresponding to your platform for the new version (again, consult the table below)
Note that this only preserves your OTR keys, and authenticated fingerprints. You will still need to recreate your accounts with the account wizard.
|v0.1.x||Tor Messenger.app/Contents/TorMessenger/Data/Browser/[profile].default/ Note that if you're doing this in Finder, you'll need to open the context menu and choose Show Package Contents to access directories nested under the app.|
|v0.2.x||TorMessenger-Data/Browser/[profile].default/ The root folder (TorMessenger-Data), is either found next to application bundle, or in ~/Library/Application\ Support/, depending on where the application bundle is located.|
OTR is automatically enabled for one-to-one conversations (single contact) and the contact you are talking with should also have an OTR-enabled client. This is regardless of the protocol you use (IRC, XMPP, Google Talk, etc.)
There seems to be confusion over our decision to disable logging and what it actually means. We disable logging by default in Tor Messenger and no conversations are logged, encrypted or otherwise. Note that this does not mean that the other person cannot log your conversations; there is no way we can detect or prevent them from doing so and users should always be mindful of that.
In future releases, we will allow users to easily turn on logging if they desire since it seems to be a commonly requested feature.
We are aware of Tor Messenger not working on Windows XP. This is most likely an issue with the Windows cross-compilation. (We build Tor Messenger for Windows and OS X on Linux.) We are tracking this issue in bug #17469.
Facebook's XMPP gateway was deprecated in April 2015 and, as of February 2016, does not appear to work anymore. Support for Facebook was dropped starting in Tor Messenger 0.1.0b5.
Many Google Talk users are reporting issues connecting to their account with Tor Messenger. Using Tor with Google accounts has always been problematic and Tor Messenger is no exception. However, Google does address the issue head on (see How can I access my account from this computer?):
Summarizing the above link, here are the steps you need to undertake:
- Enable two-factor authentication (2FA) on your Google account. This step unfortunately requires a phone number that can receive a voice call or text (SMS).
- Generate an app password (see How to generate an App password on https://support.google.com/accounts/answer/185833)
- Now use the app password you generated in step 2 to connect Tor Messenger to your Google Talk account
Google Talk users should note that they can only talk to their contacts over OTR (encrypted chat) if the person they are talking with has an OTR-enabled client like Tor Messenger (or Pidgin, Adium). This is because OTR only works if the other person is also using it.
Tor Messenger 0.1.0b5 and up supports OTR conversations over Twitter DMs (direct messages). Simply configure your Twitter account with Tor Messenger and add the Twitter account you want as a contact. Any (direct) message you send to another Twitter contact will be over OTR provided both contacts are running Tor Messenger (or another client that supports Twitter DMs and OTR).
On August 5, 2016, legacy versions of Yahoo! Messenger were discontinued. Support for Yahoo! was dropped starting in Tor Messenger 0.3.0b1.
As a start, we put effort into implementing OTR because it's a widely deployed protocol. However, we do recognize its shortcomings. After our 1.0, we will be exploring other protocols, including those that support the group setting, like np1sec, and those that support more modern use cases, like async, offline messaging, and multiple devices, such as OMEMO.
Mobile (Android, iOS)
We do not have plans for Tor Messenger for mobile currently but we recommend ChatSecure by the Guardian Project or Signal by Open Whisper Systems.
Using Tor Messenger with Tor Browser
Tor Messenger ships with its own instance of the Tor daemon (running on SOCKSPort 9152; ControlPort 9153) so it does not depend on Tor Browser. Since we are using different ports, you can run both applications together but do note that this starts two Tor processes (one per application). We have plans to fix this in the future, please see the discussion on Tor Process Sharing.
How do I auto-join encrypted XMPP chats?
Setting this up is not very intuitive in Tor Messenger. It works just like in Instantbird:
- click Tools > Accounts > choose your XMPP account Properties > Auto-Joined Channels
That should have a list of the rooms. The format should be,
conference.server/resource PASSWORD, conference.otherserver/resource
- Add the password after the server (where it says "PASSWORD" in the example above).
How do I connect to my XMPP server with its onion address?
When creating the XMPP account for domain clearweb with onion dotonion, input,
Username: username Domain: clearweb
Then on the third screen (Advanced Options),
Click XMPP options, and scroll down a bit,
If you've already created the account, click
Properties > Advanced options
from the account menu.
How to verify the signature of Tor Messenger
For Tor Messenger releases, we do not sign all the individual files, but rather just one file which has the sha256sum checksums. This file is called sha256sums-signed-build.txt (starting with version 0.3.0b2).
To verify the integrity of the package(s) you download, start by downloading this file sha256sums-signed-build.txt and its signature sha256sums-signed-build.txt.asc. (You can find these files along with the other files on https://dist.torproject.org/tormessenger/.)
Now start by verifying this file first:
gpg --verify sha256sums-signed-build.txt.asc sha256sums-signed-build.txt
This should say:
... gpg: Good signature from "Sukhbir Singh ..." ...
Next, run sha256sum $FILE, replacing $FILE with the file you are verifying the signature for. Assume $FILE to be tor-messenger-linux64-0.3.0b2_en-US.tar.xz in the example below:
The output of this should match the corresponding output of the file in sha256sums-signed-build.txt.