The Tor Project announced the discontinuation of Tor Messenger, a messaging platform that incorporated Tor and OTR by default. In a blog post about the end of Tor Messenger support, the Tor Project gave three reasons for the decision.
One of the more pressing reasons for ending Tor Messenger support, the blog post explained, was Florian Quèze’s discontinuation of Instantbird development. Tor Messenger developers based the encrypted cross-platform IM client on a similar messaging client called Instantbird. The developer of Instantbird, Florian Quèze, announced that he had stopped all development in October 2017. This, according to the blog post, gave the Tor Messenger developers a chance to look at the project from a different perspective. Tor Messenger effectively ‘cost’ more than it was worth. It did not even solve one of the primary issues with client-server messaging services.
That issue, the Tor Project’s post explained, is that Tor Messenger (and other messaging systems) failed to hide metadata from chat servers. This is not the issue the Tor Project had intended to fix with Tor Messenger. They created a messenger that provided as much privacy as possible while working with existing messaging systems such as Jabber or Google Talk. The servers could not read the contents of a message, but they could see the time of day a user sent messages, the number of messages sent to a contact, and other social graph information. Tor Messenger most notably hid client IP addresses by forcing connections over Tor. It also forced OTR conversations by default.
In their own words, “metadata (specifically the relationships between contacts) can be logged by the server. However, your route to the server will be hidden because you are communicating over Tor.”
Lastly, the Tor Project’s blog post explained that the organization lacked the resources to actively develop Tor Messenger. The messenger’s adoption was low. It had never gone through an external audit. Developers had to ignore user requests for features due to the limited resources allocated to the project. On top of all of that, the real issue is still the collection of metadata by the various messaging servers used by basically anyone who uses online messaging services. Why spend precious (or non-existent) resources on a project that very few people used and only solved part of a much larger problem? “Given these circumstances, we decided it’s best to discontinue rather than ship an incomplete product,” they wrote.
For those in need of alternative cross-platform messengers, several programs exist. Pidgin, one of the programs the Tor Messenger developers had considered using as a base for Tor Messenger, is one of the more popular clients. DeepDotWeb has instructions on using Pidgin with Tor and OTR messaging.