Tor Messenger is a cross-platform chat program that aims to be secure by default and sends all of its traffic over Tor. It supports a wide variety of transport networks, including XMPP, IRC, Twitter, and others; enables ​Off-the-Record (OTR) Messaging automatically; has an easy-to-use graphical user interface; and a secure automatic updater.

We are pleased to announce another public beta release of Tor Messenger that features important improvements to its stability and security. All users are encouraged to upgrade.

Mozilla ESR52

This release of Tor Messenger is based on Firefox ESR52, specifically tor-browser-52.3.0esr-7.0-1-build1 and THUNDERBIRD_52_3_0_RELEASE on comm-central .

Deterministic Builds

Tor Messenger builds are now reproducible for Windows and macOS as well; earlier, only Linux builds were reproducible (#10942). This means that anyone building Tor Messenger from source should end up with identical byte-for-byte binaries to the ones we release. To get started with building Tor Messenger (something we encourage!), please refer to the instructions in the README.md file. Since this is a fairly involved process, talk to us on IRC or the comments section below if you need help.

XMPP Improvements

This version of Tor Messenger introduces temporary XMPP accounts (a feature inspired by ChatSecure) that creates an XMPP account automatically with a random username and password (#16606). This helps you to quickly set up an account and get a conversation started without requiring you to bother with the registration or account details. These accounts don't expire automatically but the intent is that you can use them as throwaway accounts and quickly create new ones when required. (Note: Currently, some data remains after deleting an account. See #23675)

Starting with this release, Tor Messenger will attempt to automatically use the onion service for known XMPP servers which helps improve the security of your connection (#13855). The current list includes onion addresses for riseup.net, jabber.ccc.de, jabber.otr.im, and jabber.calyxinstitute.org. We plan to add more servers in the subsequent releases. (Note: Existing accounts remain unchanged. This setting is only applied during new account setup.)

Other Notable Changes

Tor Messenger for Linux is now built with Selfrando for hardened builds (#22229). For more information on Selfrando, please refer to the Q and A with Georg.

This release also fixes the Tor Messenger crash on Windows XP that prevented it from starting (#17469).

Downloads

Please note that Tor Messenger is still in beta. The purpose of this release is to help test the application and provide feedback. At-risk users should not depend on it for their privacy and safety.

Linux (32-bit)

Linux (64-bit)

Windows

macOS

sha256sums-signed-build.txt

sha256sums-signed-build.txt.asc

The sha256sums-signed-build.txt file containing hashes of the bundles is signed with the key 0xB01C8B006DA77FAA (fingerprint: E4AC D397 5427 A5BA 8450 A1BE B01C 8B00 6DA7 7FAA ). Please verify the fingerprint from the signing keys page on Tor Project's website.

Changelog

Tor Messenger 0.5.0b1 -- September 28, 2017