Slash Boxes

SoylentNews is people

posted by Dopefish on Sunday March 02 2014, @04:00PM   Printer-friendly
from the hide-away dept.

AnonTechie writes "The Tor Foundation is moving forward with a plan to provide its own instant messaging service called the Tor Instant Messaging Bundle". The tool will allow people to communicate in real time while preserving anonymity by using chat servers concealed within Tor's hidden network. In planning since last July as news of the National Security Agency's broad surveillance of instant messaging traffic emerged the Tor Instant Messaging Bundle (TIMB) should be available in experimental builds by the end of March, based on a roadmap published in conjunction with the Tor Project's Winter Dev meeting in Iceland.

TIMB will connect to instant messaging servers configured as Tor "hidden services" as well as to commercial IM services on the open Internet."

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Sunday March 02 2014, @10:02PM

    by Anonymous Coward on Sunday March 02 2014, @10:02PM (#9764)

    Servers can be compromised. In this case, without OTR initially the cleartext of your messages will be sentto unknown servers. Not a good design!

    The community needs a design that keeps both the data (your messages) and metadata (your identity) a secret.

  • (Score: 1) by _NSAKEY on Tuesday March 04 2014, @02:48AM

    by _NSAKEY (16) on Tuesday March 04 2014, @02:48AM (#10408)

    They're bundling OTR with it, and anyone who is talking about anything worth hiding from prying eyes is going to assume that the servers are compromised anyway. If the origin of the messages from both parties is anonymized (This includes not recycling the same username), and the messages themselves are encrypted, then it can be argued that it doesn't matter as long as the OTR keys are properly verified.

    Unless there's a backdoor in OTR...