provides end-to-end encrypted forward-secure
asynchronous messaging that uses Tor
to resist traffic analysis, i.e. metadata collection (threat model
presumably works well under Linux, but I found the CLI
fares better under Mac OS X currently. At present, no Windows version exists.
Pond is afaik the only protocol that offers both forward-security and resistance to traffic-analysis :
layers end-to-end encryption with strong forward-security over existing IM protocols like Jabber/XMPP, GTalk, Facebook chat, AIM, etc., but not Skype. ZRTP
provides similar functionality for VoIP communication. Jitsi
, and other
multi-protocol clients provide mature support for both OtR and ZRTP.
Their forward-security makes OtR and ZRTP preferable to Email with GnuPG or PGP
. Of course, GPG encrypted Email is vulnerable to traffic analysis as well. Yet, they're vulnerable to traffic analysis at either the network or server. Implementation I've used could not provide asynchronous communication, although presumably support could added, albeit perhaps with a warning.
, TorChat resists traffic analysis but cannot provide asynchronous communication and lacks forward-security.
There are several interesting new tools for more public communications too, such as microblogging and group chat, where forward-security is arguably less stringent.
"Bitmessage is a decentralized, end-to-end encrypted, peer-to-peer, trustless communications protocol that can be used by one person to send encrypted messages to another person, or to multiple subscribers."
Bitmessage appears relatively fast and stable, but possess several weaknesses
, including a lack of forward-security
, Email gateway
Similarly, "Twister is a fully decentralized peer-to-peer microblogging platform"
designed to provide censor-resistant public posting. Twister end-to-end encrypts private messages, but offers no forward-security or resistance to traffic-analysis. (wired