Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Trac Trac
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Service Desk
    • Milestones
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar
  • Legacy
  • TracTrac
  • Wiki
  • Doc
  • Tormessenger
  • DesignDoc

DesignDoc · Changes

Page history
Apply conversion script to all *.md files. authored Jun 15, 2020 by Alexander Færøy's avatar Alexander Færøy
Hide whitespace changes
Inline Side-by-side
doc/TorMessenger/DesignDoc.md
View page @ 87e762ce
= Tor Messenger Design Document (Beta) =
# Tor Messenger Design Document (Beta)
[[TOC]]
Tor Messenger is an instant messaging client that is designed to make connections over the Tor anonymity network. Based on the Instantbird IM client, Tor Messenger:
......@@ -9,44 +9,44 @@ Tor Messenger is an instant messaging client that is designed to make connection
* can be used with a wide variety of chat networks (including IRC, Jabber/XMPP, Google Talk, Twitter),
* has an easy-to-use graphical user interface localized in multiple languages.
=== Logging ===
### Logging
Logging of all conversations is disabled by setting `purple.logging.log_chats`,`purple.logging.log_ims`, `purple.logging.log_system` to `false`.
=== Network ===
### Network
Tor Messenger sends all traffic over Tor. We set the following preferences: `network.proxy.socks_remote_dns` (true), `network.dns.disablePrefetch` (true), `network.proxy.socks_version` (SOCKS5), `network.proxy.socks_port` (9152).
=== Messaging Window ===
### Messaging Window
Hyperlinks are removed and converted to plain text. (Future work: we should ask the users for the desired action when they click a link.) Caching is disabled.
=== Security ===
### Security
We disable SSL and set the minimum supported protocol to TLS. (`security.tls.version.min` is set to 1). Strict certificate pinning is enforced.
=== Media ===
### Media
Access to the webcam (for setting account profile pictures) is disabled from source.
=== Messenger ===
### Messenger
Tor Messenger does not automatically connect accounts to prevent automatic login. Reporting of idle status or away messages is also disabled to help users preserve their privacy.
Tor Messenger sets the user-agent to Instantbird stable on Windows for all platforms: "Mozilla/5.0 (Windows NT 6.1; !rv:25.0) Gecko/20100101 Instantbird/1.5".
=== Updates ===
### Updates
Starting with version 0.2.0b2, Tor Messenger will automatically update on all platforms, similar to Tor Browser. When a new update is available, users will get a notification to install the update.
=== IRC ===
### IRC
The recommended IRC server is OFTC (there is no default server). OFTC blocks Tor occasionally so if you can't connect to OFTC over Tor/Tor Messenger, there isn't much you can do except wait for the ban to go away.
`CTCP PING` is disabled from source. `CTCP TIME` returns the time in UTC
=== XMPP (Jabber) ===
### XMPP (Jabber)
To enable users to connect to the popular Jabber servers (like `jabber.ccc.de`) without the scary certificate warnings, we bundle a custom `cert_override.txt` for them. The servers and their fingerprints can be found in `projects/instantbird/cert_override.txt`.
=== Builds ===
### Builds
We perform automated builds of Tor Messenger for Linux, Windows and OS X using Nicolas Vigier's `rbm` (Reproducible Builds Manager). Linux (32- and 64-bit) builds are reproducible, and Windows and OS X builds will be reproducible in the future. The current builds are signed with the `0xB01C8B006DA77FAA` key.
=== Plugins ===
### Plugins
Tor Messenger does not allow plugins to be loaded in the process space. We borrow the patch for this from Tor Browser, but additionally, we also block Flash.
=== Protocols ===
### Protocols
Instantbird includes `libpurple` to support a wider range of transport protocols. This is opt-in behaviour in the build system which we omit. All transport protocols included in Tor Messenger are written in a memory safe language, namely JavaScript. The bundled protocols include:
* Google Talk
......@@ -55,7 +55,7 @@ Instantbird includes `libpurple` to support a wider range of transport protocols
* Twitter
* XMPP (Jabber)
=== OTR ===
### OTR
However, we compile and ship `libotr` in Tor Messenger, and use `js-ctypes` bindings to interface with it. This is so that cryptographic operations are known to be done in constant time and we have a reliable implementation of the protocol.
For the moment, we're building `libotr` linking to `libgcrypt`. However, when the extension gets upstreamed, in order to avoid having two cryptography libraries to maintain, we're going to shim the necessary symbols with `libnss`.
......
Clone repository
  • AnonOnWikiFavs
  • AppArmorForTBB
  • AutomationInventory
  • BlockingBittorrent
  • CI
  • CamelCase
  • CrowdfundingHS2015
  • FlashProxyFAQ
  • FlashProxyHowto
  • FlashProxyUsability
  • HTTPSEverywhere
    • SSLObservatorySubmission
  • ImportantGoogleChromeBugs
  • InterMapTxt
  • InterTrac
  • InterWiki
View All Pages