This article needs additional citations for verification. (January 2016) (Learn how and when to remove this template message)
|Initial release||November 2007|
|Final release||0.9.9.553 (15 September 2012)|
2.0-alpha-14 / 22nd of July, 2012
|Written in||Object Pascal|
|Operating system||Linux, Microsoft Windows|
|Type||Instant messaging client|
TorChat was a centralized client-server quasi-anonymous instant messenger based on Instantbird, that used Tor onion services as its underlying network. It provides cryptographically secure text messaging and file transfers. The characteristics of Tor's onion services ensure that all traffic between the clients is encrypted and that it is very difficult to tell who is communicating with whom and where a given client is physically located, but suffers from metadata leaks.
TorChat is free software licensed under the terms of the GNU General Public License (GPL).
In TorChat every user has a unique alphanumeric ID consisting of 16 characters. This ID will be randomly created by Tor when the client is started the first time, it is basically the .onion address of an onion service. TorChat clients communicate with each other by using Tor to contact the other's onion service (derived from their ID) and exchanging status information, chat messages and other data over this connection. Since onion services can receive incoming connections even if they are behind a router doing network address translation (NAT), TorChat does not need any port forwarding to work.
The first public version of TorChat was released in November 2007 by Bernd Kreuss (prof7bit). It is written in Python and used the cross-platform widget toolkit wxPython which made it possible to support a wide range of platforms and operating systems.
The older Windows versions of TorChat were built with py2exe (since 0.9.9.292 replaced with pyinstaller) and came bundled with a copy of Tor readily configured so that it could be run as a portable application right off a USB flash drive without any installation, configuration or account creation.
Between 2008 and 2010 weren't any updated packages, resulting in the bundled version of Tor becoming obsolete and unable to connect to the Tor network, which was the reason for the appearance of forks that basically just replaced the bundled Tor.exe with a current one. In December 2010, an official update finally became available that, among some minor bugfixes, also again included an up-to-date Tor.exe.
Six years after last release, TorChat was officially discontinued in 2018.
A fork was released for OS X in the summer of 2010 by a French developer. The binary (a Cocoa application) and source-code (Objective-C) bundled in a Xcode 7 project can be downloaded on SourceMac.
A rewrite of the TorChat protocol in Java was created in the beginning of 2012, called jTorChat on Google Code. Containing the latest Tor.exe, it is meant to emulate all the features of the original TorChat protocol, as well as extending the protocols for jTorChat-specific features. Filesharing, while implemented in the original TorChat, is not yet implemented in jTorChat. A new capability in jTorChat is the broadcast mode, which allows a user to send messages to everybody in the network, even if they are not in their buddylist. Also buddy request mode is implemented, which allows a user to request a random user in the jTorChat network to add them. At this stage jTorChat is designed to work effectively on Windows without any configuration, however since its written in Java, it can run on any platform supported by both, Tor and Java itself, making it very portable. The project is actively seeking Java contributors, especially to help debug the GUI interface.
As of 5 February 2013, developer Prof7bit moved TorChat to GitHub, as a protest against Google selectively censoring access to TorChat download to certain countries. Prof7bit has switched to working on torchat2, which is a rewrite from scratch, using Lazarus and Free Pascal.
In 2015 security analysis of TorChat protocol and its Python implementation was conducted. It was found that although the design of TorChat is sound, its implementation has several flaws, which make TorChat users vulnerable to impersonation, communication confirmation and denial-of-service attacks. Despite the flaws found, the use of TorChat might still be secure in a scenario where the peer's onion address does not become known to an adversary interested in attacking the person behind the TorChat address.
- "Sunsetting Tor Messenger". Tor Blog. Tor project. April 2, 2018. Retrieved 24 February 2021.
- "Interview with Bernd Kreuss of TorChat". Free Software Foundation. Retrieved 2014-01-28. CS1 maint: discouraged parameter (link)
- Zetter, Kim (2014-09-17). "Middle-School Dropout Codes Clever Chat Program That Foils NSA Spying". Wired. Retrieved 25 February 2021.
TorChat, a peer-to-peer instant messaging program released in 2007 that used Tor hidden services to transmit communications. TorChat had a number of implementation problems when it came out, however, and has largely been abandoned by users and its developers.
- prof7bit (25 November 2007). "torchat". Google Code. Retrieved 25 February 2021. Check
- "Bernd Kreuss (prof7bit)". Gist. GitHub. Retrieved 25 February 2021.
- "Tor project blog". Blog.torproject.org. Retrieved 2014-01-28. CS1 maint: discouraged parameter (link)
- "Sunsetting Tor Messenger". Tor Blog. Retrieved 2021-01-10.
|Wikimedia Commons has media related to TorChat.|