Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Tor Is Building an Anonymous Instant Messenger

samzenpus posted about 5 months ago | from the most-private-of-messages dept.

Privacy 109

An anonymous reader writes in with news about a new anonymous instant messenger client on the way from Tor. "Forget the $16 billion romance between Facebook and WhatsApp. There's a new messaging tool worth watching. Tor, the team behind the world's leading online anonymity service, is developing a new anonymous instant messenger client, according to documents produced at the Tor 2014 Winter Developers Meeting in Reykjavik, Iceland."

cancel ×

109 comments

Sorry! There are no comments related to the filter you selected.

Joy of joys! (4, Insightful)

msauve (701917) | about 5 months ago | (#46364189)

Now I'll be able to communicate with some random, anonymous Internet person.

Slashdot is doomed.

Re:Joy of joys! (1, Insightful)

Anonymous Coward | about 5 months ago | (#46364365)

I'm having a hard time understanding how a first post can be modded "redundant."

Re:Joy of joys! (1)

frovingslosh (582462) | about 5 months ago | (#46364589)

Wouldn't any first post that says "first post" in it be redundant?

Re:Joy of joys! (0)

Anonymous Coward | about 5 months ago | (#46369355)

No, it is the only accurate post on the story.

Re:Joy of joys! (0)

Anonymous Coward | about 5 months ago | (#46365837)

I'm having a hard time understanding how a first post can be modded "redundant."

It's already been said in the comment field of a gazillion other stories.

Re:Joy of joys! (1)

gIobaljustin (3526197) | about 5 months ago | (#46364369)

That might be the case, but it might also not be the case.

Re:Joy of joys! (0)

Anonymous Coward | about 5 months ago | (#46364447)

I'm having a hard time understanding how an anonymous instant messenger can be useful.
One of the main things when using one of these is that you know who you're talking to isn't it?
Wouldn't that make it not anonymous?

Re:Joy of joys! (1)

jafac (1449) | about 5 months ago | (#46365779)

yeah. Basically, there are two use-cases. Civil Defense alerts. And spam.

Re:Joy of joys! (1)

nospam007 (722110) | about 5 months ago | (#46366231)

"I'm having a hard time understanding how an anonymous instant messenger can be useful.
One of the main things when using one of these is that you know who you're talking to isn't it?"

If you do it Old-style you have to know the secret string of digits of the person you want to send messages to.
It's called a 'Phone-number'.

There you also don't know if the sexting is done by your girlfriend or her brother who found the phone.

This is similar, just the number will be a bit longer.

"Not traceable" (1)

DrYak (748999) | about 5 months ago | (#46370709)

It would be better to call it "not traceable".
Here the meaning of "anonymous" being that NSA can't tie an actual identity to the peers of a chat (by using the already well tested Tor network), and that they can't eavesdrop into the conversation (by using the already well tested OTR standard).

i.e.: Bob1983 and Alice_696969 happily chat to each other about how much they dislike the current political situation in Kiev or brainstrom about better methods to circumvent the Chinese Great Firewall.

They might know each other on-line since a while, enough to trust each other to talk about such objects freely (they might or might not have already met in real life but at least they are not completely anonymous to each other. At minimum they are pseudonymous. That's important because the "socialist millionaire" protocol to weed out man in the middle attacks requires them to know each other at least a bit)

Thanks to Tor, none of the concerned government (or any of they allies) will be able to know if one of those holding these subversive discussion is actually a citizen inside the country.
Thanks to OTR, nobody beside the two chatter will be able to actually know the content of the chat.

mmmmmm, spam! (1)

frovingslosh (582462) | about 5 months ago | (#46364571)

More appropriately, some random, anonymous Internet entity will be able to communicate with you. Of course, the NSA will know who that entity is, so they are really only keeping their identity secret from you. Pretty much like all that spam email that you receive now.

Re:Joy of joys! (2)

grcumb (781340) | about 5 months ago | (#46365181)

Now I'll be able to communicate with some random, anonymous Internet person.

Yeah, first thing I thought was chats like this:

SPARTACUS19982: YO!

SPARTACUS4x9: 'Sup?

SPARTACUS12: U rite?

SPARTACUS19982: Wait, who said that?

SPARTACUS4x9: Said what?

SPARTACUS12: What?

SPARTACUS19982: That!

SPARTACUS12: What?

SPARTACUS19982: Yeah, what!

SPARTACUS12: Wait - which what?

SPARTACUS4x9: Dude, being Spartacus is starting to suck, ya know..?

SPARTACUS4x9: I mean, I don't even know who I am any more...

SPARTACUS@X0®: DISREGARD THAT I SUCK C0CKS!!!!

Re:Joy of joys! (0)

flyingfsck (986395) | about 5 months ago | (#46365281)

It looks like they will be re-inventing Sloshdat Beta!

Tor? (1, Interesting)

HornWumpus (783565) | about 5 months ago | (#46364201)

Tor? The 'dark net' who's largest nodes are run by the NSA doing traffic analysis? That Tor?

The one that brought down silkroad?

Re:Tor? (2)

bloodhawk (813939) | about 5 months ago | (#46364249)

yep that's the one. I wouldn't trust Tor network as an anonymity service for anything, let alone something I really wanted to keep secret.

Re:Tor? (5, Funny)

ifiwereasculptor (1870574) | about 5 months ago | (#46364335)

If I want to keep something secret from the US, I'll just use ICQ, since it's owned by russians. Of course, the downside of using ICQ in 2014 is that my messages will stay too confidential for the purposes of communicating.

Re:Tor? (1)

Anonymous Coward | about 5 months ago | (#46364731)

Are you kidding me? You don't think the US and Russia share intelligence? (And that's assuming the US hasn't hacked ICQ.)

International espionage isn't like a child's playground, where you're either friends or foes. You cooperate when it's in your interest, and you don't when it's not. Why would it not be in the FSB's best interest to allow the NSA to tap ICQ, particularly for identified individuals, and especially if the NSA reciprocates in kind.

You don't think the FSB calls up the CIA or NSA every once in awhile (and vice-versa) and says, "We believe so-and-so is a real threat. There's no political angle here. Care to check up on this person and let us know what you find? You owe us one, anyhow, for the last time we helped you."

Remember, the FSB was telling us about the Boston Marathon Bombers totally unsolicited! At least, that's what it looked superficially. More likely there's a standing agreement to exchange intelligence about suspects; we swap lists and then channel surveillance data to each other. And I can't imagine those lists are small.

Re:Tor? (0)

Anonymous Coward | about 5 months ago | (#46365049)

Whoosh

Re:Tor? (0)

Anonymous Coward | about 5 months ago | (#46365809)

Since when was AOL Russian?

Re:Tor? (1)

jafac (1449) | about 5 months ago | (#46365789)

ppp chat. It's the only way to be sure. Unless. . . TEMPEST. . . .

Re:Tor? (2, Insightful)

FriendlyLurker (50431) | about 5 months ago | (#46365905)

yep that's the one. I wouldn't trust Tor network as an anonymity service for anything, let alone something I really wanted to keep secret.

Tor is solid, are you and the GP trying to deceive, or have you been decieved?

Would you like to know more? "How Covert Agents Infiltrate the Internet to Manipulate, Deceive, and Destroy Reputations"

https://firstlook.org/theinter... [firstlook.org]

Re:Tor? (0)

Anonymous Coward | about 5 months ago | (#46364281)

Use Bittorrent Chat instead.

Re:Tor? (5, Informative)

lister king of smeg (2481612) | about 5 months ago | (#46364463)

Tor? The 'dark net' who's largest nodes are run by the NSA doing traffic analysis? That Tor?

The one that brought down silkroad?

Nope wrong wrong and wrong.

Tor is has had about very few highly throttled node running on amazon cloud for a couple of weeks run by the NSA according to head TOR developer Jacob Applebaum at 30c3 about a month ago. Additionally the NSA's own documents released by Edward Snowden showed that the NSA can't break current TOR releases.

Secondly silkroad was brought down by Dread Pirate Roberts mixing his darknet identity and his clearnet identity by using the same email address and handles. Another break in the case was when a package with fake ID's was intercepted at a Canadian border check.

Re:Tor? (1)

Anonymous Coward | about 5 months ago | (#46364639)

Parent evidently hasn't heard of parallel construction...

Re:Tor? (1)

Anonymous Coward | about 5 months ago | (#46364743)

"Secondly silkroad was brought down by Dread Pirate Roberts mixing his darknet identity and his clearnet identity by using the same email address and handles. Another break in the case was when a package with fake ID's was intercepted at a Canadian border check."

Maybe. It's also possible that those pieces of evidence were discovered _after_ some other, illegal methods were used. It's called parallel construction, and it's regularly employed to launder chains of evidence for trial.

Re:Tor? (0)

Anonymous Coward | about 5 months ago | (#46366469)

Applebaum is a liar. Not to be trusted.

Re:Tor? (0)

Anonymous Coward | about 5 months ago | (#46366769)

Look, a shill! Isn't it cute?

Re:Tor? (0)

Anonymous Coward | about 5 months ago | (#46367465)

How did you reach this conclusion? The guy has been a lying "me-too" since at least 14. Anyone who grew up with him knows how full of shit he is. He also is just a fucking cheerleader, can't code for shit. Look at his commits.

Re:Tor? (0)

Anonymous Coward | about 5 months ago | (#46366499)

I can't understand how it would be a problem for groups like NSA and GCHQ to spy on Tor.
You'd think it would be easy enough for them to just hijack IPs by the thousands and let ISPs deal with it. (and, you know, those government-sponsored spyware projects that would turn any random persons computer in to a botnet node for their nefarious--- FREEDOM DEFENDING uses, surely that is even easier since it usually cannot be traced back?)

Oh well, assuming the worst is still better if you do absolutely need such security.
Assuming the worst is what the security business is about.

Re:Tor? (2)

i_want_you_to_throw_ (559379) | about 5 months ago | (#46366751)

I wish I could mod you up to 1000.
Tor is solid.
The feds ability to connect the dots of people too dumb to cover their tracks != Tor insecurity.

Re:Tor? (3, Insightful)

fulldecent (598482) | about 5 months ago | (#46366855)

>> Additionally the NSA's own documents released by Edward Snowden showed that the NSA can't break current TOR releases.

That was 2007.

Other things you couldn't do in 2007:
  * Use an iPhone
  * Use a Samsung Galaxy
  * Use What's App
  * Read anything except "this housing boom will go on forever!" in the news

In other words, that was forever ago.

Where is a more recent credible assessment of adversary capabilities specifically to the TOR network?

it's a known fact (0)

Anonymous Coward | about 5 months ago | (#46365283)

the CIA runs Tor

Re:it's a known fact (2)

lister king of smeg (2481612) | about 5 months ago | (#46365851)

No Navy intelligence wrote the original tor software they then open sourced it and gave it to the community. It is now run by the TOR project most of the members of which are regularly harassed and spied on by the US government. Jaccob Applebaum head developer had is flat broken into and computers tampered, another tor developer, Andrea Shepard, have had her computer she ordered via amazon "redirected" mid shipment to NSA facilities in Alexandria Virginia. TOR devs have been pressured by homeland and have told them to F*** off consistently. The there was the TORStinks ppt from the NSA that Ed Snowden releasedvshowing they cant crack TOR.

Re:it's a known fact (0)

Anonymous Coward | about 5 months ago | (#46366581)

Applebaum could not code his way out of a wet paper bag. He is the inside snitch.

Re:it's a known fact (0)

Anonymous Coward | about 5 months ago | (#46367185)

says the anonymous coward working for the NSA...

Re:it's a known fact (0)

Anonymous Coward | about 5 months ago | (#46368021)

bullshit.

Doesn't anyone here... (0)

Anonymous Coward | about 5 months ago | (#46368341)

know how to use punctuation anymore?

Re:it's a known fact (0)

Anonymous Coward | about 5 months ago | (#46366515)

Does the sector supervisor know what you with your nose and finger while at your desk posting the standard disinformation on internet forums? Does he know you eat it?

Please stop. It's disgusting, unsanitary, and endangers the health of others.

~Your co-workers.

Re:Tor? (1)

hobarrera (2008506) | about 5 months ago | (#46366203)

Let me remind you that the Silk Road mantainer was tracked by an inpected postal package, not through tor.

Re:Tor? (1)

Urza9814 (883915) | about 5 months ago | (#46366619)

Let me remind you that the Silk Road mantainer was tracked by an inpected postal package, not through tor.

...as far as we know...

http://en.wikipedia.org/wiki/P... [wikipedia.org]

Re:Tor? (0)

Anonymous Coward | about 5 months ago | (#46367589)

Tor? The 'dark net' who's largest nodes are run by the NSA doing traffic analysis? That Tor?

The one that brought down silkroad?

You're either ignorant or spreading FUD deliberately.

Re:Tor? (1)

HornWumpus (783565) | about 5 months ago | (#46368917)

Apparently, nobody on this thread understands what 'traffic analysis' means. Nor how it was used to track dread pirate roberts location (also the Chester that was busted a week or so prior to DPR).

Tor is still secure, provided you don't send or receive a lot of data. If you send or receive a lot of data, traffic analysis will lead the feds to your physical location, they will own your server. After that you are as good as busted.

OTR (0)

Anonymous Coward | about 5 months ago | (#46364231)

Now, stick end-to-end encryption with OTR authentication and that's it. Truly secure communications!

Re:OTR (4, Insightful)

stoborrobots (577882) | about 5 months ago | (#46364275)

That hides the content of your communication, but it still shows that you're communicating, and with whom. So the "metadata" that the NSA and/or FB are interested in is still available...

Ostensibly using TOR hides the fact that you're the one communicating, and who you're communicating with... (Whether that's still true in practice is another question...)

Re:OTR (1)

stoborrobots (577882) | about 5 months ago | (#46364361)

(By which I mean: you need both... OTR and TOR aim to protect you from different threats.)

Re:OTR (1)

AHuxley (892839) | about 5 months ago | (#46364709)

Thinking back to the way the UK looked at all calls into Ireland, the private US telephone services kept call data for generations... to Snowdens GCHQ's Tempora http://en.wikipedia.org/wiki/T... [wikipedia.org] news... if your message exits the UK, goes on a global trip and re enters the UK, putting the start and end ip together would not be hard work :)

Re:OTR (3, Funny)

FictionPimp (712802) | about 5 months ago | (#46364999)

This is why I encrypt all my conversations and embed the message in the background noise of cat videos.

Re:OTR (1)

wonkey_monkey (2592601) | about 5 months ago | (#46365831)

So that's why I want to kill all humans.

Re:OTR (0)

Anonymous Coward | about 5 months ago | (#46364279)

Accept no substitute. Make the GO's actually have to try to break your crypto.

Re:OTR (1)

Mister Liberty (769145) | about 5 months ago | (#46364473)

Better yet: make them not recognize the crypto as crypto.

Re:OTR (1, Funny)

Anonymous Coward | about 5 months ago | (#46364599)

Thats why I send all my communications in binary as a box of donuts. To confuse people even more the donuts are 1s and the holes are 0s.

Re:OTR (1)

lgw (121541) | about 5 months ago | (#46364987)

There is no "strong steganography", but if "not drawing attention" is the goal, that's probably your best bet.

Re:OTR (0)

Anonymous Coward | about 5 months ago | (#46365495)

You don't mean - gasp! - ROT-39???

-- gr33nLed

As seen on.. (0)

mythosaz (572040) | about 5 months ago | (#46364235)

As seen spammed in every other story posted today...

I Pooped My Pants (-1, Offtopic)

sexconker (1179573) | about 5 months ago | (#46364267)

I'm at work, in my office. It's almost 5 and there are only a few people left here.
I leaned over in my chair to fart but I pooped my pants. I'm not talking about a shart. I'm talking about a Chicken McNugget sized turd.

What do I do, Slashdot?

Re:I Pooped My Pants (0)

Anonymous Coward | about 5 months ago | (#46364295)

Leave it on Deborah's desk?

Re: I Pooped My Pants (0)

Anonymous Coward | about 5 months ago | (#46364367)

Deborah's still angry over the fish you left in her pencil sharpener last week.

Try Katherine this time. . She's always a good sport

Re: I Pooped My Pants (0)

Anonymous Coward | about 5 months ago | (#46364299)

Got any barbecue sauce?

Tahrir (0)

Anonymous Coward | about 5 months ago | (#46364345)

Did Ian Clarke's similar project Tahrir ever make it out of the planning stages?

The problem with IM services... (0)

Anonymous Coward | about 5 months ago | (#46364363)

IM services were set up in conjunction with Intelligence agencies as a specific way to gather communication with the least amount of effort. Did you know EVERY IM service commonly in use requires your text messages to pass through their servers, before they reach the recipient? Now why do you think that is? Today, the 'excuse' given to the sheeple is so that your text can be data-mined for targeted advertising, but this excuse was thought up many many years after IM services first became commonplace.

The real question, however, is why every user effectively engaged in P2P communication (like webchat, IM, or Skype), allows a man-in-the-middle attack to collect and process their personal data, when the ONLY useful aspect of the service is connecting the users together in the first place.

Internet users have been GROOMED to conflate 'directory' and 'connection' services with the method used to handle and move the data from user to user, and yet their is no possible logical reason why, once connected, fully end-point encrypted P2P techniques cannot be used to make the user data fully private to the communicating parties alone.

So, why haven't services appeared on the Internet that focus purely on allowing users to 'find' one another, but then expect client-side applications with encryption to handle the actually communication, P2P? TOR is no answer. Most sane Humans across the world won't touch TOR with a barge-pole, because their law enforcement automatically assumes anyone using TOR is a suspect for very serious investigation.

Re:The problem with IM services... (1)

nurb432 (527695) | about 5 months ago | (#46364393)

Did you know EVERY IM service commonly in use requires your text messages to pass through their servers, before they reach the recipient?

One can debate 'commonly used', but regardless there are options to either avoid that, or endpoint encryption so it wont really matter if you do pass thru a 3rd party server along the way. One option is Jabber.

Re:The problem with IM services... (1)

click2005 (921437) | about 5 months ago | (#46364631)

I've often wondered why there aren't more apps that can encrypt your voice during a call.

Re:The problem with IM services... (1)

AHuxley (892839) | about 5 months ago | (#46364765)

The big software and telco firms seem to offer decrypt as a default to their own security services via a simple 'letter'.
The small .com/open source efforts might work for keeping your message safe but the surrounding ip would stand out as to 'why'.
Re why there aren't more apps that can encrypt your voice during a call?
Why where so few encryption machines offered with hardware safe from the NSA and GCHQ in the 1950-80's?
Standards and price.
So in 2014 using a big software or telco firms offerings or been tracked by the use of other open source applications.. is back to standards and price.
One time pad and "number stations" seem to be the only neat way around illegal domestic spying programs.

Re:The problem with IM services... (1)

nurb432 (527695) | about 5 months ago | (#46366589)

I was using red-phone on the Android for 'special' conversations. I am pretty sure you can encrypt XMPP voice chats too.

Of course that doesn't address both ends if you want to call another cell phone user that has nothing special installed.

Re:The problem with IM services... (0)

Anonymous Coward | about 5 months ago | (#46369405)

Jabber runs through a server although you could operate your own. End to end encryption will secure the content but the meta data is exposed. There IS a way to hide the metadata but it would require trusting the server. The problem is no different than the problem of securing email and the goal is both encrypting the content and the metadata.

Re:The problem with IM services... (2)

NoKaOi (1415755) | about 5 months ago | (#46364785)

The real question, however, is why every user effectively engaged in P2P communication (like webchat, IM, or Skype), allows a man-in-the-middle attack to collect and process their personal data, when the ONLY useful aspect of the service is connecting the users together in the first place.

Apparently, because doing that is patented. No, really! Apple tried it with Facetime, and got sued by a troll*, VirnetX. Initially that's how Facetime worked, Apple's servers authenticated you and connecting you together, but then the 2 devices connected directly for the content of the video/call, not through Apple's servers. They lost a $368million verdict and they were forced to change it so everything has to get relayed through their servers.

*I don't know much else about the company, but in this case I call VirnetX a troll because a) they didn't invent it themselves, b) they don't practice the invention, and c) it's so fucking obvious even a Slashdot Anonymous Coward came up with it independently.

Re: The problem with IM services... (0)

Anonymous Coward | about 5 months ago | (#46365083)

VirnetX, a wholly owned subsidiary of the NSA.

Re:The problem with IM services... (1)

BitZtream (692029) | about 5 months ago | (#46367271)

Its really hard to see how Apple lost when you have FTP as prior art, as just one example of doing it over the Internet.

Really its mind numbing that you can basically add 'on the Internet' and get a patent for something someone ELSE has already done.

They didn't event switched virtual circuits.

Voice? (1)

nurb432 (527695) | about 5 months ago | (#46364381)

Will need that too, to compete. Plus a useful directory.. And most average people want to talk to people they know, sort of blows staying anonymous on a large scale.

Re:Voice? (0)

Anonymous Coward | about 5 months ago | (#46364707)

Will need that too, to compete. Plus a useful directory.. And most average people want to talk to people they know, sort of blows staying anonymous on a large scale.

Please let us know what year you think it is. The world doesn't communicate by voice anymore, as millions of teenagers with Hulk thumb strength and shitty shorthand skills can attest.

You apparently still use that thing we ironically call a "phone" to speak. There's an app for that now...

A new instant messanger from Tor? (1)

jez9999 (618189) | about 5 months ago | (#46364403)

Is this to replace Facebook's?

Re:A new instant messanger from Tor? (0)

Anonymous Coward | about 5 months ago | (#46364725)

Is this to replace Facebook's?

A stupid question that only popularity can answer.

Nothing replaces anything these days unless the masses say so. Even Flappy Bird was resurrected from the dead.

Tor isn't the NSA despite stupid people's claims (1)

Anonymous Coward | about 5 months ago | (#46364565)

Tor users are being attacked by government agencies and those whom haven't followed the advice of the project are becoming victims of there own stupidity. It has nothing to do with Tor having backdoors in it. Neither the Tor Browser Bundle nor Tails were vulnerable to the attacks by governments agents for users who maintained there system and updated daily.

Now the freedom hosting bust may have been different. I don't think we know in regards to that bust how the guy in charge of freedom hosting got caught. What we do know in the case of freedom hosting is they were able to gain access to freedom hosting's servers and infect them with malicious code that targeted a vulnerability in firefox. That vulnerability was patched in the Tor browser bundle and the only reason some end-users of these hidden services may have been caught up in that is because they failed to follow the directions. They failed to maintain there security updates and specifically the Tor Browser Bundle. The most critical component.

Retroshare solved this half, IRC the other (5, Informative)

Voyager529 (1363959) | about 5 months ago | (#46364605)

Okay, first off, the nature of instant messaging is such that you can't truly have an anonymous system. After all, while "the network" may not know Alice, Bob, and Carole, the three of them must know each other and be able to distinguish between them...otherwise you've simply got ChatRoulette and the purpose of IM is largely moot.

Retroshare provides fully decentralized IM, pseudo-email, and file transfers. It's a wonderful tool in this regard. It solves the problem of $IM_SERVICE keeping a record of your chats, because there isn't one. It solves the problem of packet sniffing, because it's all PGP based and thus there is no such thing as an unencrypted packet that enters or leaves the software. It solves the problem of needing a server, because everyone is a peer. All of the things that this Tor program seems to solve, has already been solved, and then some. "Well then,why doesn't everyone use it?" Well, the nature of Retroshare makes it difficult to gain critical mass. You have to understand, at some level, how PGP works - instead of a 'friend request' with that person's actual name, you get to share public keys to 'add' them. This is fine and dandy, but opens up a few new problems. First, even cutting-and-pasting something the size of a PGP key and then reciprocating it to the other person is going to cause the eyes of most people to glaze over. Second, you'll need to exchange keys somehow; if you're e-mailing keys back and forth, most people would say "...so just e-mail the damn message". This is where the file sharing half comes into play, since users can trade files directly without having to do much else. However, with Dropbox/Gdrive/1Drive/etc making transfers stupid simple, the practical application for Retroshare in the eyes of Facebook Chat and Whatsapp users starts to wane significantly when put up against "use an already-functional communication medium to do a PGP exchange that will facilitate another communication medium." Bonus points for Retroshare being a smidge petulant when it comes to port forwarding, and not having a mobile version for any platform.

Conversely, we have IRC. it's ancient, and the UI of mIRC doesn't jive well with the Instagram crowd, but anyone with some semblance of tech skills can run an IRC server. Set that up with SSL and your communications are encrypted, with nothing more than a generic handle to identify you with. The problem is that you'll need someone who can set up such a protected server, and by definition, you have a single point of failure. IRC's other failure (which may apply to Retroshare as well) vs Tor is that IRC does involve IP addresses, so you'll still need a proxy of some kind (or Tor itself) to obfuscate that little nugget.

Tor routing communications through other users as a part of the protocol is the one problem it solves. Secure transmission of text-based messages has been solved pretty well already, "Anonymous IM" is an oxymoron based on the fact that IM in itself usually assumes a prior relationship of some kind between the two parties, and even if it didn't, each user will need *some* sort of unique identifier to ensure that Alice gets messages meant for her, Bob gets his, and Carole gets hers.

Re:Retroshare solved this half, IRC the other (0)

Anonymous Coward | about 5 months ago | (#46364945)

"Anonymous IM" is an oxymoron

They won't know your real name, though. This is what anonymity is.

Re:Retroshare solved this half, IRC the other (0)

Anonymous Coward | about 5 months ago | (#46366401)

This is what pseudononymity is.

FTFY.

Re:Retroshare solved this half, IRC the other (0)

Anonymous Coward | about 5 months ago | (#46365387)

I see what you did there, Agent Smith.

Re:Retroshare solved this half, IRC the other (-1)

Anonymous Coward | about 5 months ago | (#46366711)

Okay, first off, the nature of instant messaging is such that you can't truly have an anonymous system. After all, while "the network" may not know Alice, Bob, and Carole, the three of them must know each other and be able to distinguish between them...otherwise you've simply got ChatRoulette and the purpose of IM is largely moot.

So fucking what? Why is it that pedantic dipshits like yourself have to keep harping on the difference between anonymity and pseudonymity like this is some huge fucking revelation. He's a new flash: people don't give a shit about anonymity because most of the time they just want pseudonymity. I don't give a fuck if the government knows Captain Crunch is talking to ZeroCool as long as they don't know that *I* am ZeroCool. I'm sure you get a 1 inch hard-on with your little rant but really, who gives a fuck? That's not rhetorical.

Re:Retroshare solved this half, IRC the other (2)

Kjella (173770) | about 5 months ago | (#46366811)

Retroshare's problem is that it sucks donkey balls. I tried setting it up with a friend swapping PGP keys - that part wasn't so hard, but setting up a private share my friend he couldn't download at 1/10th the speed I can through HTTPS/SFTP/FTPS/any other secure file transfer mechanism. I don't know what they're doing wrong but it just seemed utterly amateurish so I uninstalled it and hasn't given it a second look since.

Isn't TOR outdated? (1)

Blaskowicz (634489) | about 5 months ago | (#46364615)

TOR not only attract the watchers with black helicopters and black vans, it's said to be vulnerable to timing attacks esp. by those same entities with extremely large means. So why isn't this news about anonymous IM on a garlic routing network or something?, either switch to a new network or upgrade TOR and call it TOR 2.0 or TOR 1.1 or something but please, something has to be done.

Re:Isn't TOR outdated? (1)

Anonymous Coward | about 5 months ago | (#46364813)

TOR not only attract the watchers with black helicopters and black vans, it's said to be vulnerable to timing attacks esp. by those same entities with extremely large means. So why isn't this news about anonymous IM on a garlic routing network or something?, either switch to a new network or upgrade TOR and call it TOR 2.0 or TOR 1.1 or something but please, something has to be done.

Why the hell you feel your software could ever protect you from the NSA is beyond me. We used to be worried about script kiddies and malware delivered via spam. Now, all we worry about is if our software is unbreakable by a State-sponsored agency with billions of dollars, hundreds of personnel, millions in computing resources, and no laws to follow. Even if someone claimed it was unbreakable, I'd love to know how the hell they're going to prove it.

Just stop with the new fucking golden metric of software security being "NSA-proof" already. No one knows what that would truly entail, and it sure as hell isn't wrapped up in a tidy app when they have eyes and ears across almost every network in existence.

Re:Isn't TOR outdated? (2)

Carnildo (712617) | about 5 months ago | (#46365039)

it's said to be vulnerable to timing attacks esp. by those same entities with extremely large means. So why isn't this news about anonymous IM on a garlic routing network or something?, either switch to a new network or upgrade TOR and call it TOR 2.0 or TOR 1.1 or something but please, something has to be done.

There are networks that protect against timing attacks, but the nature of the protection makes them unsuitable for IM or other near-realtime communication. Basically, they operate by having nodes send constant-size data blocks on a regular schedule regardless of how much data needs to be transmitted. This increases latency -- sometimes to hours or days -- and puts a cap on the amount of data the network can transfer. It also wastes bandwidth when the network is operating at less than full capacity, since blocks with random noise need to be transfered to keep lulls in activity from being visible.

Re:Isn't TOR outdated? (1)

Blaskowicz (634489) | about 5 months ago | (#46365417)

Thanks. That feels severe, and I find it funny. It has built-in flooding, but can you even flood it furthermore with crap so it becomes damn near unusable to your unlucky "peers"?

Re:Isn't TOR outdated? (1)

Burz (138833) | about 5 months ago | (#46365953)

LOL! I2P literally calls their protocol "garlic routing".

You could certainly call it "TOR 2.0" IF you assume a general trend to using darknets for most networking. This is because even while I2P can handle full bittorrent and comes with a decentralized messenger, exit nodes (outproxies) are the exception... I2P is designed to be used mainly between I2P users.

Re:Isn't TOR outdated? (1)

Blaskowicz (634489) | about 5 months ago | (#46366121)

I should have been clearer in my wording - I wished for TOR to evolve, or for attention to shift to another network e.g. the network you're speaking of. I thought that maybe that new IM client should have been announced for I2P.
Then again TOR has the users and I suppose speed and latency for it.
Can I just run TOR without ever leaving TOR?

Mmm Anonymous Social Network (0)

Greyfox (87712) | about 5 months ago | (#46364665)

You're friends with some dude and some dude. Some dude's pretty cool, but some dude keeps posting goats.cx pictures on your news page. You keep trying to unfriend him, but you keep accidentally unfriending some dude instead. Some dude offered to sell you weed but when you tried to take him up on it and asked him where to send your money, he accused you of being a cop and unfriended you. You put up with it because it's still less annoying than Facebook.

Dood, this was a troll submission (0)

Anonymous Coward | about 5 months ago | (#46364733)

This has been a troll message in the other article threads for some time. Verbatim. Even thinking about it for a second, "anonymous instant messenger" is ridiculous.

By Neruos (-1)

Anonymous Coward | about 5 months ago | (#46364965)

There is no and never will be "online anonymity", ever.

Re:By Neruos (0)

Anonymous Coward | about 5 months ago | (#46365065)

That's like saying that there's no such thing as privacy. After all, the government could break into your house and install surveillance equipment!

But the reality is, the mere fact that someone with enough resources could find out your name doesn't mean that anonymity doesn't exist all. You can make it fairly difficult by not giving away a bunch of your information.

Tor is a tool used by Intelligence agencies (1)

Hey_Jude_Jesus (3442653) | about 5 months ago | (#46365685)

Anonymity on the Internet is an illusion.

Re:Tor is a tool used by Intelligence agencies (-1)

Anonymous Coward | about 5 months ago | (#46367265)

Without proof, your 'truth' is an illusion.

TAILS 'other' anon network already has this! (1)

Burz (138833) | about 5 months ago | (#46365973)

Its called I2P-Bote, a messaging system based on DHT. Its a part of I2P which is included in the TAILS distro along with Tor.

Once the I2P bittorrent clients experimented with DHT and succeeded, some people figured they could pull off a messenger that was truly decentralized.

And speaking of decentralization, Tor's underlying protocol and topology may not have enough of it to remain viable for too long. OTOH, I2P users contribute to routing bandwidth by default, and nodes recognize each others' contribution to bandwidth... Its a general-purpose P2P networking protocol for real.

clients matter (2)

Tom (822) | about 5 months ago | (#46366023)

More than anywhere else, this is not a problem geeks alone can solve. The perfect chat client is worthless if none of your friends use it. WhatsApp was huge because everyone used it - network effect.

So Tor - yes, definitely a good step. But you need a good client, ease-of-use is as important as cryptography, and details such as automatically finding your friends who also use it. Threema has a nice solution for that with their hashed address books.

So please look beyond the backend code.

Layers (2)

GeekWithAKnife (2717871) | about 5 months ago | (#46366075)


You want security at the expense of usability? build layers!

A single system can be hacked, a single OS has bugs, a single app has backdoors, a single protocol has explots etc etc

Use LESS popular services in combination with layers of security. For instance; You can use the Tor Network to SSH into a proxy to tunnel chat with pidgin & OTR plugin. If you're even more paranoid assume your OS is already hacked, use some exotic image like Qubes, create temporary destructible VMs to carry information...there are options and many of them make basic functionality a nightmare.

If you really care that much about having your idle chitchat being "secure" you can always assume everything is being listened to. Good old fashion message encryption is probably much better than a special app.

I am quite happy there's more focus on security but let's be serious here, Tor is a target for snoops. they will find a way in because they already proved they can.

Re:Layers (1)

coofercat (719737) | about 5 months ago | (#46366637)

I think the idea here is to be able to say "hello world" to your Tor proxy, and have it communicate with the network such that "n" recipients get the message, but no one knows that you just did that, and definitely don't know what you just said. You don't know who or where those recipients are, you don't know anything about them, other than you're communicating with them.

If you imagine a way where I can tell you I'm on the Tor Chat Net - I don't tell you anything about myself, but instead I generate some sort of identifier that's unique between us - some sort of key that is only useful for the two of us. You do the same for me - now we have two different, linked and unique keys. This key is used to authenticate with the network, along with a password that's unique to each of us. The network then magically connects us together and we can communicate. You can't communicate with anyone except me using they key I generated for us.

The important thing here is that I don't actually know anything about you - I don't know your name, your location or your inside leg measurement or whatever. All I have is a "key" that I communicate with. Let's say we have a mutual friend - even they can't confirm that I'm talking to you, even if I give them everything I have because the keys they use to talk to you are different from the ones I use. Sure, if it turns out that you always sign off saying "ttfn - banana gribble aardark", then we could probably say with some certainty we were talking to the same person, but that's behavioural matching, as opposed to technical matching.

Since I'm very popular, I have a dozen people in my contacts list. I have to authenticate separately to talk to each one, and so I need a way to differentiate between them. Since you've never told me your name, I'm going to just assign the human-readable name " Slashdot Friday" to you. If you ever reveal that you like to be called GeekWithAKnife, or Derrek or whatever, then I could update my nickname for you, but otherwise, all I have is some made-up name that bears no resemblance to reality.

If the NSA get the magic key that you use to talk to me, then they need to authenticate to the network with it to use it. They'd have to rubber-hose your password out of you to be able to do that, but otherwise the key is useless. Assuming they get your password, they can of course impersonate you, and arguably get me to reveal that I live at 123 Fake Street. If they then break in and make a copy of my contacts list, they can't actually be certain that you and I communicate with each other - it's not like they can just match up the keys. They'd have to rubber-hose my password out of me and then authenticate and actually see the communication working between us to be able to prove we're able to talk to each other - all that still doesn't prove we actually have been chatting though (much less what we've been talking about).

This honestly does sound like it's very cool indeed. It opens up a whole world of questions and new challenges to get over though - not least because bot nets will use this to communicate rather than anything more traceable. Making sure you're talking to the person you think you are is going to be the biggest hurdle. Arguably this has always been the case, but until this we've always been able to skip over a lot of the details and go on trust for a large part of that identification step. Not so when it's as anonymous as this would be.

PS. I thought the Snowden leaks showed that the NSA couldn't break Tor per-se. There have been cases of people being identified even though they're using Tor, but not because they were able to trace the communications to them, but rather that they gave themselves away in some other form.

Not interested . . . (1)

Kimomaru (2579489) | about 5 months ago | (#46368435)

Honestly, unless you build it yourself, how do you know it's doing what it says it's doing? The client is on iOS or Android? Wasn't there a story this week about about a key logging exploit for iOS? It may not matter that it's secure if there's a better attack vector on a device. Personally, I would never take a claim for security seriously, you're better off using whatever flawed IM service is out there already and just treat every message as a public broadcast.

Bitmessage (0)

Anonymous Coward | about 5 months ago | (#46368539)

Bitmessage already does this.

instant? (0)

Anonymous Coward | about 5 months ago | (#46368701)

never had much of an instant experience with Tor

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>