The NSA's worst enemy plans to release a secure messaging tool
Tor, a privacy tool-maker, plans to create a secure messaging service that encrypts all user communications by default. The service will be bundled with the default Tor package, which includes a variety of programs and services meant to preserve their users' online anonymity.
Those tools are often used by journalists, activists, and other individuals to communicate without fear of surveillance. They also allow their users to anonymously access the so-called dark Web, which plays host to sites like the now-defunct Silk Road marketplace. Tor is often entrusted with these tasks because its system has successfully confounded the National Security Agency, according to a report published by the Guardian in October 2013.
Considering the NSA's attempts to monitor everything from emails to instant messages, Tor's promise to keep users' communications secure is becoming increasingly important to privacy-minded individuals. The project was started by the US Naval Research Laboratory, which means the government has been bested by tools it helped create. Introducing an instant messaging tool with the same promise will likely please Tor's users.
Tor isn't the only group working to secure communications. Silent Circle, a software provider that offers secure phone and messaging services, is also trying to protect consumer privacy. Its projects include the Dark Mail Technical Alliance; a variety of mobile apps; and Blackphone, a smartphone that will be sold with privacy software pre-installed. But Tor is perhaps the most widely-known privacy tool around and, unlike Silent Circle's products, is available for free.
Besides, Internet users are trying to protect themselves from intelligence agencies willing to sift through massive amounts of cam porn just to test a facial recognition system that might or might not work. That kind of dedication can't be fought by a single entity, so Internet users worried about preserving their anonymity will probably take all the help they can get.
Reactions from around the Web
The Daily Dot reports that Tor plans to use independent auditors to confirm the tool's security:
Tor still plans to hire independent security contractors to audit the new software and test its mettle so that 'people in countries where communication for the purpose of activism is met with intimidation, violence, and prosecution will be able to avoid the scrutiny of criminal cartels, corrupt officials, and authoritarian governments.'The Verge notes the effect this tool could have on some of Tor's users:
There have been plenty of chat apps promising security before — and even a messenger that works over Tor — but having one bundled with the biggest name in online anonymity could be a huge addition for people trying to communicate around oppressive regimes.Re/code's Mike Isaac points out that Tor has been demonized by mainstream Internet users and the media:
Tor’s browsing software has been somewhat stigmatized, however, for its use by some to carry out illegal or illicit activities on the Deep Web — essentially, the areas of the Internet not indexed by search engines and not typically accessed by the general, non-computer-savvy public.Ars Technica writes that the tool won't include important security features in its first experimental release:
The first experimental release of TIMB won’t include “off the record” (OTR) capability. OTR mode encrypts traffic further and uses an exchange of digital signatures to verify the identity of each party. But the signatures can’t be checked by anyone outside the instant messaging session and can’t be used to prove identity outside the session. The Tor team is hoping to develop OTR components for Instantbird and get them merged into future versions of the main Instantbird code line.[Illustration by Brad Jonas for Pando]