part uno
The session focused on discussing the end-to-end encrypted messaging space and understanding how each of the solutions integrate in the Tor ecosystem.
Tor Messenger
Tor Messenger supports multiple transport protocols. Server-client architecture. Alternative to Pidgin/Adium. Goal: wrap such a client into Tor. No audits yet. Secure update mechanism. Investigating n+1Sec for group messaging. Summer of Code work on CONIKS integration. Goal of CONIKS: Key Transparency. Automating public key distribution. Uses the same Tor controller that Tor Browser, enables the use of bridges.
Tor Messenger vs Ricochet
Solving different problems. Ricochet tries to address the metadata-free problem. Tor Messenger relies on other services.
Despite Ricochet’s appeal, there are still many open questions around that type of architecture:
- No end-to-end encryption in Ricochet except the transport layer.
- Presence detection can not be revoked
- No store and forward architecture means no support for asynchronous conversations
Future of Tor Messenger
Tor Messenger has a good user experience. It now features an updater. It might be time to bring it out of “beta” and start encouraging the larger community to use it and provide more feedback.
Tor Messenger has not been funded for some time and we have had a discussion about how Tor Messenger can differentiate itself from other messaging clients by taking advantage of the Tor expertise in reducing metadata.Funders want to associate a Tor-related project with anonymity.
Additional UX work has to be done on Tor Messenger to convey security properties.
Some focus areas
- Standard Onion Messaging Protocol with e-2-e encryption
- Group chat: Group-chat is fundraiser-friendly because it’s crucial for groups to organize.
part deux
What makes a Tor-enabled Messenger Today?
- Does it support proxying over Tor?
- Does it embed a Tor binary/daemon?
- Does it support communicating via or connecting to Onion addresses?
- Does it support Onion only, serverless, p2p communication?
- Does it support an open, interop, standard protocol (XMPP, IRC)?
- Does it support additional content / messaging encryption (OTR, OMEMO, OpenPGP)?
- Is there a desktop app?
- Is there a mobile app?
- Does it support secure auto updating?
| App Name | Tor Proxying | Tor bundled | Onion Servers | Onion P2P | Interop Protocol | Content Encryption | Desktop | Mobile | Secure Updater |
|---|---|---|---|---|---|---|---|---|---|
| Tor Messenger | X | X | X | X | X | X | X | ||
| Ricochet | X | X | X | X | |||||
| Coy.im | X | X | X | X | |||||
| ChatSecure | X | X | X | X | X | X | |||
| Conversations | X | X | X | X | X | X | X | ||
| Briar | X | X | X | X | X | ||||
| Cryptocat | X | ||||||||
| Signal | X | X | X | ||||||
| X | X | X |
What are future, aspirational goals for "Onion Messengers"?
- Does it support group messaging? Encrypted group messaging?
- Is there seamless support for both mobile and desktop use?
- Does it support voice, photo or other media/file sharing?
- Does it support async, offline messaging?
- Does it support volatile, temporary "burner" identities? #16606 (closed)
- Does it leverage existing social networks/graphs to more easily bootstrap new users and communities? (e.g., working with existing email addresses, or twitter handles)
Metadata Reduction Possibilities
- Don't publish buddy list "Rosterless Communication" #20293 (closed)
- Don't publish real names, vcards for yourself or others to servers; Only send encrypted #20294 (closed)
- Use Keys as identities, and not "real names" or nicknames (aka ABC123@foo.com instead of IAmNathan@foo.com)
- Support portable identities that are not tied to specific servers