Archive for November, 2015

Recently some folks with Tor, the open source project behind the global decentralized anonymizing network, released a beta version of a new chat client. It’s designed to be secure by default, but usable by normal people. This is something that has escaped many previous efforts, so it’s a welcome development

It encrypts messages with OTR (so only you and the person you are chatting with can see them) and sends them via the Tor network (to hide where you are on the Internet.) These are very, very good things and I’m happy to see user-friendly applications building on the excellent work Tor has been doing.

The difficulty for me is how it fits into the way I use chat, specifically that it’s impossible to save chat transcripts. While that has a benefit for the purest of high-impact security, what doesn’t exist can’t be compromised, it is exactly the opposite of how I use chat.

It seems that many people use instant messaging only for one-off communications. I treat it like email and constantly go back to reference something I’ve sent or information I received. This is a major reason I’m still using Apple’s Messages client, because it makes searching chats trivially easy.

But despite Messages allowing you to use a whole collection of different chat services, it doesn’t provide encryption for anything other than Apple’s own service. (Which I don’t use for reasons too long to go into right now.) I’ve tried other clients, but haven’t been thrilled. Even without getting into if or how they use encryption, I’ve found them clunky. And, most importantly, hard to reference old messages. The best of them, Adium, has a custom viewer only usable from inside the app but the archive chats use a tiny fixed size font that can’t be changed. That makes it useless for me.

Between encryption by default and using the Tor network, I really really want to like Tor Messenger. I dug around and with some help from the Tor folks figured out how to re-enable chat logs, but the results were not usable for several reasons:

First, it creates files in JSON format, something designed to be easily readable by computers. While it’s true that JSON contains text, it isn’t in a human-readable format by any rational definition because it contains a bunch of required formatting and other control structures that get in the way of human understanding.

Next, that file is overwritten every time the program starts. Unless you have your own way to save the contents automatically (and this is a far more difficult problem than it sounds) you lose your history anyway.

Finally, it’s located deep inside the app’s install directory. This is not a problem for me, but would certainly be an issue for anyone not very familiar with technical aspects of OS X. And that also means it’s excluded from Spotlight, Apple’s disk searching tool.

I still have hope, because it’s early and also because it’s open source. When they are able to release the Mac build instructions, I can just go change what’s annoying myself. (And if I’m going to choose an open source project to work on, I’m thinking I might prefer the more security-focused Tor over Adium. Sorry Adium friends.)

But for the moment, unless I’m willing to forge onward into the wilderness of creating my own custom version of something, I’m still stuck with the choice between secure and annoying, or insecure but fits into how I work.