TorChat is a decentralized anonymous instant messenger that uses Tor hidden services as its underlying network. It provides cryptographically secure text messaging and file transfers. The characteristics of Tor's hidden services ensure that all traffic between the clients is encrypted and that it is very difficult to tell who is communicating with whom and where a given client is physically located.
TorChat is free software licensed under the terms of the GNU General Public License (GPL).
In TorChat every user has a unique alphanumeric ID consisting of 16 characters. This ID will be randomly created by Tor when the client is started the first time, it is basically the .onion address of a hidden service. TorChat clients communicate with each other by using Tor to contact the other's hidden service (derived from his ID) and exchanging status information, chat messages and other data over this connection. Since Tor hidden services can receive incoming connections even if they are behind a router doing network address translation (NAT), TorChat does not need any port forwarding to work.
The first public version of TorChat was released in November 2007 by Bernd Kreuss. It is written in Python and used the cross-platform widget toolkit wxPython which made it possible to support a wide range of platforms and operating systems.
The older Windows versions of TorChat were built with py2exe (since 0.9.9.292 replaced with pyinstaller) and came bundled with a copy of Tor readily configured so that it could be run as a portable application right off a USB flash drive without any installation, configuration or account creation.
Between 2008 and 2010 weren't any updated packages, resulting in the bundled version of Tor becoming obsolete and unable to connect to the Tor network, which was the reason for the appearance of forks that basically just replaced the bundled Tor.exe with a current one. In December 2010, an official update finally became available that, among some minor bugfixes, also again included an up-to-date Tor.exe.
A fork was released for OS X in the summer of 2010 by a French developer. The binary (a Cocoa application) and source-code (Objective-C) bundled in a Xcode 7 project can be downloaded on SourceMac.
A rewrite of the TorChat protocol in Java was created in the beginning of 2012, called jTorChat on Google Code. Containing the latest Tor.exe, it is meant to emulate all the features of the original TorChat protocol, as well as extending the protocols for jTorChat-specific features. Filesharing, while implemented in the original TorChat, is not yet implemented in jTorChat. A new capability in jTorChat is the broadcast mode, which allows a user to send messages to everybody in the network, even if they are not in their buddylist. Also buddy request mode is implemented, which allows a user to request a random user in the jTorChat network to add them. At this stage jTorChat is designed to work effectively on Windows without any configuration, however since its written in Java, it can run on any platform supported by both, Tor and Java itself, making it very portable. The project is actively seeking Java contributors, especially to help debug the GUI interface.
As of 5 February 2013, developer Prof7bit moved TorChat to GitHub, as a protest against Google selectively censoring access to TorChat download to certain countries. Prof7bit has switched to working on torchat2, which is a rewrite from scratch, using Lazarus and Free Pascal.
In 2015 security analysis of TorChat protocol and its Python implementation was conducted. It was found that although the design of TorChat is sound, its implementation has several flaws, which make TorChat users vulnerable to impersonation, communication confirmation and denial-of-service attacks. Despite the flaws found, the use of TorChat might still be secure in a scenario where the peer’s onion address does not become known to an adversary interested in attacking the person behind the TorChat address.