Torchat is a peer-to-peer anonymous instant messenger that uses Tor onion services as its underlying network. It provides cryptographically secure text messaging and file transfers. The characteristics of Tor's onion services ensure that all traffic between the clients is encrypted and that it is very difficult to tell who is communicating with whom and where a given client is physically located. [^1^]
Torchat was created in 2007 by Bernd Kreuss (prof7bit) and is written in Python. It is free software licensed under the terms of the GNU General Public License (GPL). Torchat can run on Linux, Windows and Mac OS X platforms. [^1^] [^2^]
In Torchat, every user has a unique alphanumeric ID consisting of 16 characters. This ID will be randomly created by Tor when the client is started the first time, it is basically the .onion address of an onion service. Torchat clients communicate with each other by using Tor to contact the other's onion service (derived from their ID) and exchanging status information, chat messages and other data over this connection. Since onion services can receive incoming connections even if they are behind a router doing network address translation (NAT), Torchat does not need any port forwarding to work. [^1^]
One example of a Torchat ID is Ie7h37c4qmu5ccza. This ID belongs to a user who goes by the name of Won Falkovideo. He has uploaded some audio tracks on SoundCloud using this ID as his username. [^3^] It is not possible to know his real identity or location unless he reveals it himself or he makes a mistake that exposes him.
Torchat is a useful tool for people who want to communicate privately and securely without being tracked or censored by third parties. However, it also poses some risks and challenges, such as malware, scams, illegal content and law enforcement surveillance. Users should be careful about who they trust and what they share on Torchat, as well as keeping their software updated and their devices protected.
Security risks of using Torchat
While Torchat offers a high level of anonymity and privacy, it also comes with some security risks that users should be aware of. Some of these risks are inherent to the Tor network, such as traffic analysis, exit node compromise, malicious relays and hidden service deanonymization. Others are specific to the Torchat protocol or implementation, such as impersonation, communication confirmation and denial-of-service attacks.
Traffic analysis is a technique that tries to infer information about the communication partners, such as their identities, locations or activities, by observing the patterns and timings of the encrypted traffic. Tor tries to prevent traffic analysis by routing the traffic through multiple relays and adding padding and delays. However, some advanced adversaries may be able to perform traffic analysis by controlling or observing a large fraction of the Tor network or by exploiting timing leaks or side channels.
Exit node compromise is a risk that occurs when the last relay in the Tor circuit (the exit node) is malicious or compromised by an attacker. The exit node can see the plaintext traffic that leaves the Tor network and may modify, intercept or redirect it. This risk does not affect Torchat directly, since Torchat does not use exit nodes (it only communicates with onion services). However, it may affect Torchat indirectly, if the user also uses the Tor browser to access regular websites and downloads malicious files or visits phishing sites.
Malicious relays are relays that behave dishonestly or maliciously in order to disrupt the Tor network or harm its users. For example, they may drop packets, delay traffic, modify headers, inject fake data or collude with other relays. Malicious relays may affect the performance, reliability and security of the Tor network and its users. Tor tries to detect and exclude malicious relays by using a distributed reputation system and a consensus protocol among trusted directory authorities. However, some malicious relays may evade detection or operate for a short time before being discovered.
Hidden service deanonymization is a risk that occurs when an attacker is able to reveal the real IP address or location of an onion service (such as a Torchat client). This may happen by exploiting vulnerabilities in the Tor protocol or software, by compromising or coercing the hidden service operator or hosting provider, by performing traffic analysis or correlation attacks, by inducing the hidden service to reveal its IP address (for example, by sending it a link to an external resource), or by using social engineering or legal means. Hidden service deanonymization may result in loss of anonymity, privacy and security for the hidden service operator and its users.
Impersonation is a risk that occurs when an attacker is able to pretend to be another Torchat user by using their ID or nickname. This may happen by stealing or guessing their ID or nickname, by intercepting their messages or files, by compromising their device or account, by exploiting vulnerabilities in the Torchat protocol or software, or by using social engineering or legal means. Impersonation may result in loss of confidentiality, integrity and authenticity for the communication partners.
Communication confirmation is a risk that occurs when an attacker is able to confirm that two Torchat users are communicating with each other at a given time. This may happen by observing their online status changes, by intercepting their messages or files, by compromising their devices or accounts, by exploiting vulnerabilities in the Torchat protocol or software, or by using traffic analysis or correlation attacks. Communication confirmation may result in loss of anonymity and privacy for the communication partners.
Denial-of-service (DoS) attack is a risk that occurs when an attacker is able to prevent or disrupt the communication between two Torchat users by consuming their resources (such as bandwidth, CPU, memory or disk space), by flooding them with junk data or requests, by crashing their devices or applications, by exploiting vulnerabilities in the Torchat protocol or software, or by using legal means (such as censorship or blocking). DoS attack may result in loss of availability and reliability for the communication partners. 0efd9a6b88