So despite their omissions, Speek.App is based off of Ricochet-Refresh as best as I can figure commit 56b33faa70337a812b57f8f19f8475af282eb6c0 from October 21: Github: web: AppImageHub: MacStore: WinStore: We want to create the best privacy messenger out there!įor more information please check out the following links: Please check it out and send us your feedback. So, the normal way of going about this is to create a clone of a git repo, and start a new branch with your commits on top.
Torchat install code#
Instead, the Speek.App team essentially copy+pasted the code into a new git repo, and made a v large 'initial commit'.
I'll leave it to the community to speculate as to whether this is due to maliciousness or incompetence. Side note (you can skip this paragraph if you're not a turbo-nerd): a side effect of this approach is that they have essentially copied all of the source of (a now old) version of tor (which Ricochet-Refresh uses for ed25519 encryption primitives) and the fmt library (which we use for debug logging, only enabled by a compile-time flag not set in our official releases).
Torchat install update#
We include these external dependencies as a git submodule, which is basically a soft-link to an external git repo to make it easy to update versions (for instance if we need a new feature or if there has been a critical bug-fix). Ok, so the other day I rebased Speek.App onto the aforementioned commit and restored the entire git history.Ĭopying and pasting breaks this link so the version of tor in the Speek.App repo is now several months old Torchat unsafe update# I have created a separate branch with additional (increasingly snarky) comments in the git commit messages here: You can find this branch in my own github repo with Speek.App's original commit messages here:įor the aforementioned turbo-nerds: I did restore the submodule relationship to libfmt and tor in my branches.įinally, I went through and audited the source (and it did not disappoint). I may make a future post outlining the sketchy things found, but the takeaway is don't use Speek.App if you care about your anonymity and safety. I did not find anything actively malicious (eg backdoors, broken crypto, etc). However, in terms of code-quality, the new features are implemented very amateurishly and almost certainly contain bugs if not outright security and or privacy vulnerabilities. I'm sure an intrepid security researcher with some free time can find some interesting around their RichTextBox usage )Īnyway, it sure would be nice if y'all restored the AUTHORS.This site has not been maintained for a long time now. Torchat runs over the Tor network, without a working Tor network connection, Torchat is dead.Ĭonsequently, as of this date there are now very many thousands of dead Torchat for Windows installs.The Tor binary in the Windows version of Torchat now dowloaded from this site is fatally outdated, so Torchat cannot connect to the Tor network.
Torchat install download#
The solution is to go to and download the latest Torbrowser for your version of Windows and then.
Torchat install install#
(b) Find the file tor.exe in the Torbrowser installation, eg, C:\Tor Browser\Browser\TorBrowser\Tor\tor.exe -your location may vary depending on where you installed it and which install folder name you used. **If your torchat install folder is located somewhere other than C:\torchat, say on a USB stick, adjust the drive letter and folder location accordingly to wherever your torchat is installed, eg, F:\Doris\torchat\tor\ (c) Copy that tor.exe file to the correct location of your torchat's existing tor.exe file, eg: ** C:\torchat\bin\Tor\ Windows should then ask you if you want to overwrite your old tor.exe say YES. Users of the Mac fork of Torchat have a similar problem as that install also contains a tor executable in its installation. It is remedied using the same general principles described above. Linux installs of torchat should not have this problem as they use their Linux system's Tor which users should cause to be upgraded automatically using the Torproject's own repositories. See the Torproject's site for detail: Tor repositories.
0 kommentar(er)
