Click Here To Hide Tor

TOR CHAT

By now if you have been following this thread, you should know that any type of messaging system is likely compromised or storing your data for an unknown period of time, and if you ever become a person of interest can be looked back upon for 5+ years.

This means things like Gmail, Hotmail, Yahoo Mail, Skype Messaging, Facebook Instant/Private Message, Text Messages, and other forms of communication are all likely being monitored to some degree, at the very least logging the meta data. But you should always treat everything as if those who are monitoring it can read the content of the email as well.

We have talked about communicating with PGP, we have talked about using TOR and hidden services, and we have talked about good practices of OpSec. But some of us want to be able to instant message somebody else. The good news is, you can do this with something called TorChat.

TorChat is a decentralized anonymous instant messenger that uses Tor hidden services as its underlying Network, in other words it communicates over the Tor network through the .onion URL protocol. This provides end to end encryption that we talked about in previous posts. It provides cryptographically secure text messaging and file transfers for business dealings, and confidential communication between two people. The best news, is that you can use TorChat on your Windows, Linux and your smart phones. A French developer released a version for MAC users, but it still in beta and should be used at your own risk. You can get TorChat for the iPhone in the Apple store, you can get TorChat in the Android Market as well, so you can even use it as a means of text messaging somebody else who also has TorChat.

In TorChat, every user has a unique alphanumeric ID consisting of 16 characters. This ID will be randomly created by Tor when the client is started the first time, it is basically the .onion address of a hidden service. TorChat clients communicate with each other by using Tor to contact the other’s hidden service. For example, the first time you open TorChat your computer might generate d0dj309jfj94jfgf.onion and from here on out, d0dj309jfj94jfgf will be your TorChat ID that you give out to people that you want to be able to message you. Here is the home page of TorChat.

https://github.com/prof7bit/TorChat
http://www.sourcemac.com/?page=torchat – MAC users

Unfortunately at this time, TorChat does not run properly in Tails, so you will either need to run it on your Windows, Linux or MAC system. It is pretty straight forward, download it, unpack it and run it and everything else should happen automatically for you. Once the avatar beside your TorChat ID turns green, you are online and same with your contacts. You can add contains by right clicking and choosing Add Contact and just enter their TorChat ID.

At this time there is some people debate as to whether or not TorChat is completely safe, and I would say that TorChat is about as safe as Tor is, just make sure you practice the same good practices you are used to. Do not give out personal information, if you are sending sensitive information use PGP encryption and so forth.

Here is another article on how TorChat works going into a little bit more detail. You can access it over the onion network.

http://kpvz7ki2v5agwt35.onion/wiki/index.php/Hacking_TorChat

UPDATE
Another user had some additional input that I overlooked when writing this post that you should be aware of.

Torchat’s security is unknown. It has not undergone a proper security audit, professional or otherwise, that I know of. It creates a hidden service on your computer leaving you vulnerable to deanonymization attacks that apply to all hidden services. It also seems to be a very basic protocol that looks like netcat over Tor. There is no way to decline a file transfer. It automatically starts the transfer, writing the file to /tmp which is a RAM-mounted tmpfs on Linux. Then you are supposed to save the file somewhere. Theoretically an attacker could transfer /dev/urandom while you are away from your computer until it fills up your RAM and crashes your computer. This would be great for inducing intersection attacks. Not sure though. If the kernel is managing the system correctly, it may just stop the transfer when you run out of RAM.

Another thing is that once someone learns your Torchat ID there is no way to prevent them from knowing you are online, even if you remove them from your buddy list. The reason is because your Torchat instance is a hidden service that publishes a normal hidden service descriptor which anyone can download. There’s no way to stop that. If you want to cut off contact with someone, you have to get a new Torchat ID. So you should be very conservative about handing out your Torchat ID and only give it to extremely trusted associates.

25 comments

  1. Hey You mention torchat is available on andAndroid. I have been looking for this and I can’t find anything about it other than here. I have found a page on gorging planning to make torchat for android but I can’t find anything on the play store, please can you tell me where I can find this.
    Thanks

  2. does not work for me on ubuntu 12.04 and cant for the life of me figure out why (used to work)

    spent 2 days trying.

    ive tried it on 2 different machines, kx studio 64 bit desktop, lubuntu 32 bit laptop both with same results.

    tor however works (i have it installed and browsing works through tor)

  3. it is possible to find out other person IP

    USING NETSTAT -A while transfering a file]?

    thanks

  4. Hey Fredo, in regards to your reply. As you say can you use a netstat to determine the IP. It would be chat over a tor service so in theory, haven’t looked, but it must show a address but that of the TOR exit node in use.

  5. how safe is using claw mail on tails?should i even use it to access my yahoo acc.?is it trackable?there is really little info available relating claw mail in tails

  6. is it safe to use clawmail client in tails to open you gmail,hotmail,yahoo mails?if u use it to open you emails in claw client how safe is that ?

    • If it’s an account you made without using Tor, then Yahoo/gmail/hotmail will still have your real IP because that’s how you created the account. If you’re going to be doing anything shady, don’t use them; Use Sigaint (sigaintevyh2rzvw.onion). If you aren’t doing anything shady and just want to check your personal email through Tor for whatever reason then you should be fine.

  7. I looking for interesting SBb people

  8. How can I speak there in Russian

  9. Dude, here somewhere on the Russian communicate?

  10. Somone use this escrow serviss ou5pdf7bxz7vtxlg.onion/
    they dont answer in email

  11. Jarret J. Lenett

    hello Justsmuggled n please please help me I have place an order and FE d early I have not heard form you and it says payed for but not shipped JArretJ..Lenett323wells Road Becket MA, 01223 USA GOD BLESS YOU !

  12. how do i access the shadow web

  13. my icon does not turn green however others say im online, also i can not add contacts when i right click the add contacts isn’t ever an option. anybody have any idea how to fix this. running on windows 7 also tried running as an admin.

  14. can you tell me some interresting site i can find in tor. i’m newbie here ^^

  15. hello anyone can help to get more sites

  16. hello, i dont understand pages, anyone explain me?

  17. hello word my .. “bypass icloud iphone..” thank you for wa..

  18. Hi guys i,m Muzaffer

  19. I want to meet anonymous

  20. #iamwhale… jajajja

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Captcha: *