Developers from the Tor Project announced plans to cease working on the Tor Messenger after two and a half years of failed attempts to create a stable version.
Tor Messenger failed to meet the expectations of its users, most of whom thought it would perform a lot better than it did.
In hindsight, it was a project that was destined to fail especially after Mozilla withdrew their support for Instantbird in favor of Thunderbird.
The development team admitted to a lack of resources working against their favor after this significant hurdle.
Even without the limited resources, Tor Messenger was irreparably plagued with a major issue, one that persisted through all 11 beta releases that were rolled out before development ultimately ground to a halt.
Tor Messenger and OTR Messaging
Tor Messenger was first introduced to an IM-saturated market in October 2015. Unlike the majority of IM clients available at the time, the security-focused IM app offered a unique draw: it would utilize Off-The-Record (OTR) Messaging out of the box and by default.
OTR Messaging would apply automatic encryption to the messages, then allowing them to be relayed only via the Tor network. This would make the messages virtually impossible to intercept or even decrypt.
In theory, this encryption approach held water, but the development team soon realized that the instant messaging application had a fatal flaw.
Since the application was based on client-server infrastructure, servers could automatically log metadata even if they were unable to decrypt message contents or reveal sender and recipient information.
These metadata leaks weren’t harmless though; messaging patterns could still be derived from whatever little information was logged by these servers.
Although the development team was aware of this issue from the launch of the application, there was little done to address it throughout the following beta releases. As a result, Tor Messenger never made it out of the development stage.
The Mozilla Hurdle
Tor Messenger was also hugely affected by the withdrawal of Instantbird, the IM client it was based on, after Mozilla decided to integrate its chat features into their more recent iteration, Thunderbird.
The Tor development team was at a loss since they could not find an alternative to rebase Tor Messenger. The lack of resources meant they were also in no position to develop a separate IM client base.
The development team now had to deal with two problems—a lack of funds to continue working on the application and the ongoing metadata leaks that greatly compromised the security of the instant messenger.
Hopes of any form of revival were bleak, and so the Tor Messenger was discontinued after 11 beta releases failed to address its most critical flaw.
Limited Resources the Biggest Hurdle
In their announcement, Tor developers admitted that a lack of resources was one of the major reasons why there was nothing they could do to bring the project back to life. Even while they had Instantbird as the client base, the team was still too cash-strapped to address some requested bug fixes.
The developers initially had high hopes for the instant messenger. They had planned to build a comprehensive user experience by integrating it with platforms and transport networks such as Google Talk, Jabber (XMMP), Facebook, Twitter and IRC.
Evidently, the unresolved server logging issue cost them valuable resources, depriving them the opportunity to apply any of the promised integrations.
Still, Tor Messenger functioned as advertised and gradually gained several users, most of whom will now be forced to look into other alternative XMMP networks despite the evident risks.
Recommendations from the Tor Development Team
Users who needed an alternative security-focused instant messaging application were advised to read the Electronic Frontier Foundation’s latest series of blog posts which cover some of the best secure messengers in the market.
The team also directed those wishing to continue using an XMMP network to try out CoyIM if they preferred a more modern alternative to XMMP networks since the platform relays messages via the Matrix Federated network.
The development team finished off with an apology to the users of Tor Messenger but explained that their lack of funds did not work in favor of the application’s continuity.
Latest posts by Richard (see all)
- Exclusive Interview with Commander X - September 22, 2018
- Further Tor Vulnerabilities Discovered: Public IP Address of Tor Hidden Sites Identified via SSL Certificates - September 7, 2018
- What is SADD.IO and How Does It Work? - September 3, 2018