he Tor Project launched Tor Messenger back in 2015 as a beta with the aim to improve the security of instant messaging communication services and user privacy.

Based on Instantbird, an instant messenger that relied on code and technologies developed by Mozilla, Tor Messenger allowed users to use various protocols supported by Instantbird including Facebook Chat, Google Talk, XMPP, IRC or Jabber.

Tor Messenger sent data over the Tor network and enforced one-on-one conversation encryption using Off-the-Record messaging.

The project tried to introduce support for multiple chat and messaging protocols in a client that came with security and privacy presets to improve both with minimal user configuration.

It was clear even back then that the solution had limitations. One of the core issues of Tor Messenger was that communication was built on existing networks which meant that servers could log metadata.

Tor Messenger was not the first chat client that relied on Tor to improve security and privacy. TorChat, released back in 2011, was probably the first attempt to bring instant messaging and Tor together.

The Tor Project announced today that it will discontinue support for Tor Messenger after the release of eleven beta versions.

Three reasons are provided:

  • Development of Instantbird has halted and while the chat functionality is available in Thunderbird or will be ported to Thunderbird, its user interface won't.
  • Metadata leaks because of the reliance on third-party protocols and networks. Metadata could reveal patterns of communication and information about participants such as communication preferences, friends, when and who people are contacted and more.
  • Tor Messenger never left beta status because of limited resources. Limited resources prevented the introduction of new features, resolving bugs more efficiently, or even managing to get Tor Messenger audited externally.

The Tor Project felt that the best course of action was to sunset Tor Messenger. The team suggests that users who rely on Tor Messenger check out the EFF's "Building a secure messenger" article or check out CoyIM if support for XMPP is required.