Stories
Slash Boxes
Comments

SoylentNews is people

posted by Dopefish on Sunday March 02 2014, @04:00PM   Printer-friendly
from the hide-away dept.

AnonTechie writes "The Tor Foundation is moving forward with a plan to provide its own instant messaging service called the Tor Instant Messaging Bundle". The tool will allow people to communicate in real time while preserving anonymity by using chat servers concealed within Tor's hidden network. In planning since last July as news of the National Security Agency's broad surveillance of instant messaging traffic emerged the Tor Instant Messaging Bundle (TIMB) should be available in experimental builds by the end of March, based on a roadmap published in conjunction with the Tor Project's Winter Dev meeting in Iceland.

TIMB will connect to instant messaging servers configured as Tor "hidden services" as well as to commercial IM services on the open Internet."

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Interesting) by epitaxial on Sunday March 02 2014, @04:12PM

    by epitaxial (3165) on Sunday March 02 2014, @04:12PM (#9635)

    I don't trust TOR because firstly it was funded by the US government. Secondly a version with a vulnerable version of Firefox was released to bust that kiddie porn ring. Was that build of Firefox bundled intentionally by someone?

    • (Score: 2, Informative) by e on Sunday March 02 2014, @05:07PM

      by e (2923) on Sunday March 02 2014, @05:07PM (#9657)

      What? No. Nothing about "Secondly a version with a vulnerable version of Firefox was released to bust that kiddie porn ring. Was that build of Firefox bundled intentionally by someone?" makes any sense. There was at one point a version of the Tor Browser Bundle that people downloaded. Then it was updated, because a vulnerability was found in Firefox. Some people didn't upgrade their browser bundle (even though it warns every time you use it, when it's out of date), and those non-upgraded versions were exploited some time (over a month) after the update became available.

      • (Score: 1) by epitaxial on Sunday March 02 2014, @09:29PM

        by epitaxial (3165) on Sunday March 02 2014, @09:29PM (#9748)

        Wasn't the build of Firefox included in the Tor bundle already old when it was released?

        • (Score: 2) by Angry Jesus on Sunday March 02 2014, @10:36PM

          by Angry Jesus (182) on Sunday March 02 2014, @10:36PM (#9789)

          Wasn't the build of Firefox included in the Tor bundle already old when it was released?

          It was an extended support release [mozilla.org] as would be appropriate for an embedded application like the Tor bundle.

  • (Score: 1) by GmanTerry on Sunday March 02 2014, @04:12PM

    by GmanTerry (829) on Sunday March 02 2014, @04:12PM (#9636)

    This is good. Anything that can be done to slow down our overlords is good.

    --
    Since when is "public safety" the root password to the Constitution?
  • (Score: 4, Insightful) by DarkMorph on Sunday March 02 2014, @04:13PM

    by DarkMorph (674) on Sunday March 02 2014, @04:13PM (#9637)
    Unless I missed something, this is about protecting anonymity, which means it helps disguise who you are. This has nothing to do with disguising what's being said. The infamous dilemma to find an encryption scheme to solve the other half of this problem strikes again...

    This reminds me of the idea, "How do you reveal a secret without telling the wrong person? Tell everyone at once." Between the two it's probably better to have the message in the clear but the author remains unknown.
  • (Score: 5, Funny) by martyb on Sunday March 02 2014, @05:58PM

    by martyb (76) Subscriber Badge on Sunday March 02 2014, @05:58PM (#9681) Journal

    I hear this is the alpha version of the release, or as they'd put it an "experimental release". So that makes it: Tor Instant Messaging Bundle - Experimental Release. (aka TIMBER!)

    It's only for lumberjacks. ;^)

    --
    Wit is intellect, dancing.
  • (Score: 2, Insightful) by Anonymous Coward on Sunday March 02 2014, @08:28PM

    by Anonymous Coward on Sunday March 02 2014, @08:28PM (#9721)

    why in gods name does everything have to go through a 3d party?
    email? you need gmail, hotmail, ymail?
    file storage? you need dropbox?
    IM? you need to connect to a server first.
    need a unique name (domain)? get ready to be fleeced?
    BUT!
    you have internet.
    your friend has internet.
    connect directly already.
    as for "resource location" ... well tor provides so called onion domains.
    problem solved.
    anything using tor and NOT going direct is again somebody who is trying
    to get in the way .. again.

    • (Score: 2) by maxwell demon on Sunday March 02 2014, @10:35PM

      by maxwell demon (1608) on Sunday March 02 2014, @10:35PM (#9788) Journal

      email? you need gmail, hotmail, ymail?

      Most people don't have their computer running 24/7. But if you're sending mail, then the receiving computer must be running in the next few days, or the mail delivery fails. Therefore there are mail servers: Computers which are running 24/7, and where the sender can sent the mail whenever he wants, and the receiver can download it whenever he wants.

      file storage? you need dropbox?

      Dropbox is not about file storage, but about file distribution. It basically serves the same purpose as a mail server: As a sort of buffer between the sending and the receiving computer. Of course you could also use mail for the same purpose; dropbox just makes it easier.

      Anyway, if you are using Tor, it also goes through a third party. Several of them, indeed.

      --
      The Tao of math: The numbers you can count are not the real numbers.
      • (Score: 3, Insightful) by maxwell demon on Sunday March 02 2014, @10:41PM

        by maxwell demon (1608) on Sunday March 02 2014, @10:41PM (#9794) Journal

        A slight correction: The "in the next few days" only applies if you use the relay functionality of SMTP, which also needs third-party servers. If you want to really pass the mail directly to the recipient, the recipient's computer must be running at the exact time when the mail is sent.

        --
        The Tao of math: The numbers you can count are not the real numbers.
        • (Score: 1) by monster on Monday March 03 2014, @09:02AM

          by monster (1260) on Monday March 03 2014, @09:02AM (#9955) Journal

          A slight correction over the correction: Non-instant delivery of SMTP doesn't require third party servers, it just requires both computers to be online at the same time when a retry occurs, not when the mail is sent.

    • (Score: 1) by NovelUserName on Sunday March 02 2014, @11:18PM

      by NovelUserName (768) on Sunday March 02 2014, @11:18PM (#9816)

      My understanding is that the middleman problem is to deal with the non-static IP problem. If every user has a static IP, then great, you can connect directly, otherwise you will need some method of identifying the current ip of the person you want to talk to. The traditional solution is to have both parties connect to a server, which then assigns connections based on their login credentials. I suppose you could have the server just pass the correct IP to each party, thus facilitating a direct connection, however, a record of the communication still exists. I suppose you could have each party periodically download a full list of the current IP addresses known to the server, thus obscuring the specific connection made to everyone except the ISP. This, however, seems data intensive, and since most people care more about their bandwidth cap than privacy, you and I aren't going to get a solution like that.

      • (Score: 1) by monster on Monday March 03 2014, @09:06AM

        by monster (1260) on Monday March 03 2014, @09:06AM (#9956) Journal

        That is precisely what DNS is for. Too bad so many PCs on dynamic IP connections are infected with SPAM-sending trojans that most big email providers require also inverse DNS to accept email from those IPs, which is a lot harder to get (you need to convince your ISP to set it for you, and update it whenever your IP changes).

    • (Score: 0) by Anonymous Coward on Monday March 03 2014, @02:34AM

      by Anonymous Coward on Monday March 03 2014, @02:34AM (#9878)

      One word: IPv6. The limitations in the 32-bit address space of IPv4 ensure that the Internet continues to be divided into those who have a publicly routable static IP address, and those who can only be clients because their IP keeps changing, or worse yet, live behind one or more NATs. All of this goes away with IPv6, and it really is the only way to go forward.

  • (Score: 0) by Anonymous Coward on Sunday March 02 2014, @10:02PM

    by Anonymous Coward on Sunday March 02 2014, @10:02PM (#9764)

    Servers can be compromised. In this case, without OTR initially the cleartext of your messages will be sentto unknown servers. Not a good design!

    The community needs a design that keeps both the data (your messages) and metadata (your identity) a secret.

    • (Score: 1) by _NSAKEY on Tuesday March 04 2014, @02:48AM

      by _NSAKEY (16) on Tuesday March 04 2014, @02:48AM (#10408)

      They're bundling OTR with it, and anyone who is talking about anything worth hiding from prying eyes is going to assume that the servers are compromised anyway. If the origin of the messages from both parties is anonymized (This includes not recycling the same username), and the messages themselves are encrypted, then it can be argued that it doesn't matter as long as the OTR keys are properly verified.

      Unless there's a backdoor in OTR...