Privacy of information is as important of an issue in libraries as access to information. TOR Messenger can be used just as any other instant messaging client can be used in the curriculum, with the added benefit of the purpose of TOR Messenger highlighting privacy issues for Library and Information Science students. They can use the application with their current accounts for chat services such as Google, Facebook, Twitter, Yahoo, Jabber and IRC but with the knowledge that their path to the chat server is hidden and that their messages are encrypted and do not contain a digital signature ( “Tor Messenger Beta”, 2015). TOR Messenger is a cross-platform chat program that was released in October 2015 and students can install it on computers running Linux, Windows and OSx. TOR Messenger is one of a growing number of tools emerging from the TOR Project. This creates what is known as "onion routing" where hundreds of nodes process traffic from users to keep their identity and activities anonymous. This anonymity is important to anyone that does not want their data collected by corporations and the government, to journalists who may need to communicate privately with informants and to any activist or even for the military to surveil sites without giving away their identity ( TOR Project, n.d. Once verified with Tor Messenger, you don’t need to do it a second time.The TOR Project is a network that consists of servers that have been volunteered to connect through a series of virtual private networks. When your contact is then prompted to verify the fingerprint, they use the shared secret. The shared secret might be something as simple as: "trickortreat"-it just has to be something that you and your contact will easily remember. (Options include: Twitter DM, Signal/TextSecure, iMessage, PGP, and more.) To verify an OTR fingerprint over Tor Messenger using this method, you need to come up with some commonly understood word or phrase and send it to your contact via another secure and private means. In addition to the manual key verification option, Tor Messenger has added a new "shared secret" option. Humans are not good at comparing random long strings of numbers and letters, so Tor Messenger has come up with a good way of solving this problem. This method of key verification is tedious, and it requires examining each purported number and letter "4311D38B…" to the known authentic one. If they match, you’re almost certainly talking to me. For example, if you’re chatting with me, my chat app will broadcast my fingerprint, which should match my known one. In other chat apps (like Adium), key verification is usually done manually, simply by comparing the purported fingerprint to one that you know is authentic. When Washington Post reporter Barton Gellman was chatting with Ed Snowden in Hong Kong, he almost missed him after initially sending the wrong fingerprint-Snowden briefly thought Gellman was an impostor. In other words, it mitigates man-in-the-middle attacks. An OTR fingerprint, which can and should be public (I've tweeted mine and posted them in multiple places online), is a way to make 100 percent sure that the right account matches the right person on the right machine. Need some practice?You can test your setup by chatting with me (seriously!) :Īdd my username to your contact list: OTR fingerprint is: 4311DE8B 2192705B 0B0BCF5D 04C447EE D8A43804This is crucial to making sure that someone isn’t impersonating you or your contact, and it's important that both parties verify each other. (If you use Google/GChat with two-factor authentication, know that you’ll need to set up an app-specific password for use within Tor Messenger.) Notably, if you’re still using an AOL Instant Messenger account, you’re out of luck. Tor Messenger supports a lot of your favorite chat protocols, including Google (GChat), Yahoo, Facebook, and any XMPP (formerly Jabber) account. After starting it up, the opening screen will ask you to set up your accounts. It's easy to download and install Tor Messenger on your platform of choice. Second, unlike Pidgin or Adium, Tor Messenger cannot log chats, which is handy if you’re privacy-minded. For anyone who has used a similar app (like Pidgin or Adium), Tor Messenger’s interface will be fairly self-explanatory, but there are two notable quirks.įirst, by default, it will not allow you to send messages to someone who doesn’t support OTR-but there is an option to disable that feature. The app is specifically designed to protect location and routing information ( by using Tor) and chat data in transit (by using the open source Off-The-Record, or OTR, protocol). If you care about digital security, you should ditch whatever chat program you're using and switch to it right now. On Thursday, the Tor Project released its first public beta of Tor Messenger, an easy-to-use, unified chat app that has security and cryptography baked in.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |