

TorChat: p2p instant messenger with a completely decentralized design. - jperras
https://code.google.com/p/torchat/

======
adulau
Why not running TorChat over OTR? or multi-party OTR?

<http://www.cypherpunks.ca/otr/>

It would limit some kind of traffic analysis.

------
JoachimSchipper
Cute, but I'm not so sure that using the same ID for all people you want to
talk with is all that clever.

It's also vulnerable to traffic analysis, but then so all are all real-time
mix networks like Tor.

~~~
cosgroveb
This uses Tor's hidden services. The project page says each client makes 3
"random hops" and meet in the middle to create a secure tunnel. The
communications never leave the Tor network so, I could be wrong, but I don't
think traffic analysis applies here.

~~~
evgen
Tor has random hops, but no cover traffic, so black-box traffic analysis is
trivial if you cast a wide-enough net.

~~~
RickRoll
Tor has cover traffic.

~~~
evgen
If by "cover traffic" you mean there are other users on the system then you
are correct. If by "cover traffic" you mean internally generated traffic that
can be used to obscure traffic between any two links (e.g. keep a fixed size
bandwidth pipe full even when not in use) then you are incorrect. The former
is of little value in thwarting traffic analysis and the latter is costly in
terms of already limited system performance and imposes costs on participants
that few are willing to bear.

------
forgotusername
"completely decentralized" is a strong claim when depending on a network that
relies on a canonical directory of relays (at least during client bootstrap?),
unless I'm missing something.

~~~
stipes
Well, as true decentralized bootstrapping is still an open problem (as far as
I know), I'll give them a bit of a pass on that.

It's an interesting idea, but I'd agree that there are possible ramifications
of repeated pseudonymous communication over Tor.

------
schindyguy
While I think tor and something like torchat is good in theory, its big
negative in reality is that the speed makes it unusable most of the time. Not
to mention if you are altruistic and plan to run a node, you also run the risk
of the FBI knocking on your door for someone who used your (exit) node to
upload their kitty porn (the exit is not encrypted).

And if you do run that exit node, you can sniff what people are doing (so
there goes the anon part).

~~~
gwern
Tor was pretty bad for web browsing - latency and pages requiring multiple
resources meant that pages took forever to render _. But how much is being
transfered or rendered with chat? Not very much. IRC is usable even over
atrocious connections. I rather imagine that textual chat over Tor would work
fine.

_ and I say this as someone who ran a Tor relay on his Xbox to get 1 hop out
of the way

------
va_coder
This would make an awesome android app

~~~
doron
I believe <https://guardianproject.info/apps/gibber/> does exactly this, in
conjunction with Orbot

~~~
va_coder
Thanks for the link

