Home

TorChat

TorChat is a peer to peer instant messenger with a completely decentralized design, built on top of Tor's location hidden services, giving you extremely strong anonymity while being very easy to use without the need to install or configure anything.

TorChat just runs from an USB drive on any Windows PC. (It can run on Linux and Mac too, in fact it was developed on Linux with cross platform usability in mind from the very first moment on, but the installation on other platforms than Windows is a bit more complicated at the moment)

Tor location hidden services basically means:

Nobody will be able to find out where you are.
If they are already observing you and sniff your internet connection they will not be able to find out
    what you send or receive (everything is end-to-end encrypted)
    to whom you are sending or receiving from
    where your contacts are located

General information about Tor

official site of the Tor project
Tor Hidden Services
Tor at Wikipedia

The Tor binary which is bundled with TorChat is taken from the official Tor-0.2.2.34 installer. You can binary compare the tor.exe with the official one to verify this or replace it with your own version of tor.exe if you like.
Encryption

All TorChat traffic is encrypted end-to-end.

There are some misunderstandings floating around regarding Tor and encryption. Whenever I mention Tor and encryption in the same sentence the immediate reflex response of many people is: "But Tor provides no encryption!" This statement is true for most applications but not for all. The most commonly known usage of Tor is to use it as an anonymizer for traffic between the anonymous user and a publicly available service in the Internet and while the traffic will travel encrypted through the Tor network it MUST at some point leave the Tor network and enter the unencrypted internet to reach its final destination. This is the origin of the above mentioned "Tor provides no encryption" and it is undoubtedly true for this most widely known and practiced application of Tor and users should understand it.

However, there exists another and less commonly known mode of operation in which two Tor clients can initiate a fully encrypted peer-to-peer connection between each other that will not leave the Tor network at any point! This is what TorChat is using. Both clients build a normal 3 node circuit from each end to some random tor node in the middle to "meet" there and connect their circuits with each other. Upon connection another layer of encryption is established reaching through from one client to the other, building one uninterrupted encrypted tunnel through all 6 nodes between the two end points. This means all TorChat traffic is end2end encrypted. There are no exit nodes involved in this mode, at no point other than your and your buddies own computer will the traffic ever leave the Tor network.

This less known Tor mode is called Tor hidden services, you can read more about it on the above link. It effectively allows true hidden peer-to-peer networks, there are just not many softwares that make any use of its peer-to-peer capability, most use it more in a traditional client-server manner, TorChat is one of the few (and at the moment I don't know of any other).
Authentication

TorChat buddies authenticate themselves by proving that they are reachable though their .onion address.

The Tor hidden service protocol by itself has no built-in authentication mechanism for incoming connections but it can guarantee that when you initiate an outgoing connection to a given .onion address you can never end up at the wrong counterpart, the one who answers the connection is the one who is in possession of the private key belonging to this address (the private_key file in the hidden_service folder).

Therefore TorChat will not trust any incoming connection and instead immediately try to open an outgoing connection to call back any incoming buddy on the address he pretends to be. A random cookie will then be sent out by both clients on their (trusted) outgoing connection that must be correctly answered on the incoming connection. Only after the answer is found to be correct the incoming connection can be trusted, the status of the buddy will be displayed as on-line and incoming messages from this buddy will be accepted.

It is essential that you don't lose the private_key file belonging to your ID because the one who finds it will be able to pretend to be you. Using a tool like TrueCrypt is a good idea when you intend to use TorChat on a portable USB drive as these devices can easily be lost or stolen.
Installation
Windows

There basically is no need for any installation or configuration. It just runs out of the box, all batteries are included. Download and unzip the complete archive to somewhere on your harddisk or USB-Drive. The program is inside the folder "bin". Just doubleclick the blue earth symbol named "torchat" or "torchat.exe" to start the application and you should be online soon. See below for more detailed instructions on the usage.

If you update from an older version then do the following: Make sure both versions are not running and then copy the following three files from your old version over to the new version into the exact same locations:

bin\buddy-list.txt
bin\Tor\hidden_service\hostname
bin\Tor\hidden_service\private_key

Now start the new version, make sure it is running and if everything is OK you should completely delete the old version.

buddy-list.txt contains the buddy list (obviously) and the two hidden service files are your TorChat ID (don't ever let these files come into the hands of anybody else, whoever owns these files would be able to pretend to be you!)
Linux

The .deb package depends on python (>= 2.5, << 3.0) and python-wxgtk2.8 (aka wxPython) and tor. These should be easily satisfiable by any standard Debian or Ubuntu distribution, even older ones. Just make sure you have the latest official python from the 2.x branch installed, torchat will then find the correct version.

Download the torchat-x.x.x.x.deb package and do

sudo dpkg -i torchat-x.x.x.x.deb

where x.x.x.x should be replaced by the current version number. After that you can start it from the commandline with the command torchat or from the start menu of your desktop environment.

On non Debian based distributions make sure you have the above mentioned dependencies installed, then download the source distribution of TorChat, unzip it somewhere into your home folder and just execute it from within the src directory with the command

python2 torchat.py

or on older systems:

python2.7 torchat.py

or

python2.6 torchat.py

but do not try to run it with python 3.x, I have not yet made it compatible and Python 2.7 will still be around for a long time.

you can also try to use the tool alien to convert the .deb into an .rpm package and install it on a RedHad based system (untested, but I don't see why this should not work).

A package for Arch Linux has been made available here: http://aur.archlinux.org/packages.php?ID=23814
It doesn't work?

Please let me know about every unexpected behaviour, but first check the following list of things that are often done wrong:

Your firewall is blocking connections of tor.exe and torchat.exe: You must allow these two applications to open listening sockets and connect each other on 127.0.0.1 and also allow tor.exe to open outgoing connections to the internet.
You somehow managed to crash it and somehow an instance of tor.exe is still running. Kill it all with the task manager and try again. Normal is: two processes of torchat.exe (a very small one and a bigger one) and one process of tor.exe, everything else is not normal.
You are trying to run two copies of it on the same computer at the same time. This will not work! (It can be made to work but it needs some advanced configuration tweaks)
You started a copy of it with the same ID on a different computer at the same time. This cannot work. Never! You can use each ID only once at the same time, its strictly one-to-one connections, not one-to-many. To get a fresh ID you can either unzip a fresh copy from the download archive or delete the contents of the hidden_service folder.

You can reach me via E-Mail or of course via TorChat, just use the "Ask Bernd" menu option and I will be added to your buddy list. My native language is German, but you can also talk to me in English.