The Tor Foundation is moving forward with a plan to provide its own instant messaging service. Called the Tor Instant Messaging Bundle, the tool will allow people to communicate in real time while preserving anonymity by using chat servers concealed within Tor’s hidden network.

In planning since last July—as news of the National Security Agency’s broad surveillance of instant messaging traffic emerged—the Tor Instant Messaging Bundle (TIMB) should be available in experimental builds by the end of March, based on a roadmap published in conjunction with the Tor Project’s Winter Dev meeting in Iceland.

TIMB will connect to instant messaging servers configured as Tor “hidden services” as well as to commercial IM services on the open Internet.

The effort, which is funded by an anonymous donor organization, was originally called Attentive Otter. To ensure the anonymity of the user, TIMB will force all instant messaging traffic through the Tor network, regardless of whether it’s aimed at a server on the Tor network or not. TIMB will be based on Instantbird, an open source instant messaging tool which is itself based on Mozilla’s XULrunner cross-platform runtime environment.

Instantbird was chosen after the TIMB team decided against using Pidgin or libpurple, the GPL open-source instant messaging library used by Pidgin and Adium, mostly because of the amount of effort that would have been required to audit and maintain the library, and also because of some concerns about how seriously Pidgin’s developers took security concerns. The TIMB project will remove libpurple from Instantbird, a task that the Mozilla and Instantbird team were already working toward as they move the software to a pure JavaScript implementation.

The first experimental release of TIMB won’t include “off the record” (OTR) capability. OTR mode encrypts traffic further and uses an exchange of digital signatures to verify the identity of each party. But the signatures can’t be checked by anyone outside the instant messaging session and can’t be used to prove identity outside the session. The Tor team is hoping to develop OTR components for Instantbird and get them merged into future versions of the main Instantbird code line.