Why Journalists and Whistleblowers Can Rely on Onymochat

Onymochat is an end-to-end encrypted, decentralized, anonymous chat application for PC.

Source: Pexels

Disclaimer: I will be very biased in this article because I developed Onymochat. But the whole project is open-source, so anyone can check the code themselves. Reviews and suggestions are welcome.

I thought of developing a chat application that is made for privacy only when the Pegasus controversy came forward. Allegedly, a lot of journalists were targeted with the Pegasus spyware by governments (these are the allegations, I don’t know if any of these are proven in the court or not).

So I started developing a simple server-client chat application. This made the chat application decentralized, as anyone can host a server and two people can connect to that server to chat. But that program needed a lot of configurations including port forwarding. Also, even with encryption added, it wasn’t anonymous.

So, I looked into the Tor project and started building the application to use the Tor routing. Plus, I chose a different approach to build the server so that the client can be connected with the server over the Tor network, giving it anonymity.

It eliminates the need to rely upon any third-party app to provide you with a platform/server to anonymously chat with your friend. You can host your own server and if the person you want to chat with has the server’s public key, he/she/they can join the server with his/her/their chat client and chat with you.

Then I built the encryption system, that uses 4096 bit RSA encryption, making it almost unbreakable.

Unfortunately, the program is available for PC only, and the setup process takes a little bit of time because I built it with Python. But don’t worry, the documentation has everything explained in detail and it’s really easy to set up.

Here’s the link to the repository and documentation:

So, let’s see what Onymochat has to offer.

Onymochat

Onymochat is an end-to-end encrypted, decentralized, anonymous chat application. You can also host your anonymous .onion webpage with Onymochat.

  • Onymochat works over the Tor.
  • Anyone can start their own chat server from their own PC.
  • It’s end-to-end encrypted.

Features

  • Start your own chat server for two or more users from your own PC.
  • Users can get connected to a chat server using the public key of the server.
  • You can launch your chat client and chat with anyone who has your public key and server details (after he/she/they joins the server).
  • You can launch your own anonymous .onion webpage with Onymochat. You can use this anonymous website for your journalistic works and whistleblowing.

Security

Let’s see what makes Onyomochat a secure chat application:

  • End-to-end 4096 bit RSA encryption for messages.
  • Version 3 Onion Service for your .onion webpage.
  • Version 3 Onion Service for your chat server.
  • Connection to server over the Tor network.

Things You Can Do

Here are all the things you can do with Onymochat.

  1. Create new hidden service and chat server
  2. Generate encryption keys for chat
  3. Run chat client
  4. Create onion webpage
  5. Generate QR codes for your encryption keys
  6. Generate QR codes for other keys
  7. Delete all saved keys

Installation

Environment Setup

Onymochat requires Python 3.9 or above to run. I have tested it with Python 3.9. Make sure that you have Python added to your PATH. When you install Python in your Windows system, make sure to check ‘Add Python 3.x to PATH’. If you forget to do it, see this tutorial to know how to add Python to your PATH for Windows.

Install Python

For Windows and Mac

Download Python 3.9 from here. Use the installer to install Python in your System. Download ‘macOS 64-bit universal2 installer’ for Mac OS. Download ‘Windows x86–64 executable installer’ for your Windows 64 Bit system and ‘Windows x86 executable installer’ for Windows 32 bit system.

For Linux

Use the following command to install Python 3.9 on your Linux system.

apt-get install python3.9

Check pip

Make sure you have pip installed in your system. Use the following command to check if you have pip installed.

pip --version

If you see a message like ‘pip 21.2.2’ then you have pip installed on your system. Otherwise, follow this tutorial to install pip in your system. Generally, Python comes with an ensurepip module, which can install pip in a Python environment.

python -m ensurepip --upgrade

Download Repository

Go to the GitHub repository of Onymochat: https://github.com/SamratDuttaOfficial/onymochat

Click on the green ‘Code’ button and click on ‘Download ZIP’ and unzip the archive somewhere to use Onymochat.

Or, use the command below if you have git installed in your system.

git clone https://github.com/SamratDuttaOfficial/onymochat

Install Requirements

Open up your terminal (CMD on Windows) and go to the folder where you’ve cloned/unzipped Onymochat. Example:

cd C:\User\Desktop\Onymochat-master

Then install all the requirements from the requirements.txt file.

Windows:

pip install -r requirements.txt

Linux and Mac OS:

pip3 install -r requirements.txt

If you’re on Linux, you might need to install Tkinter separately in the following way:

sudo apt install python3-tk

This will install all of the requirements, except Tor.

Install Tor

Download and install Tor browser from the official Tor Project website: https://www.torproject.org/download/

Take a note of where you’re installing Tor/Tor Browser, it will be required later.

How to Use

After installation, open the ‘onymochat’ subdirectory in your terminal. This directory should have a file like run_onymochat.py. Run this file.

python run_onymochat.py

If you are on Linux, run that file using the following command instead:

python3 run_onymochat.py

This will run the Onymochat program in your terminal. This will greet you with a menu. Just input the number of the option you want to go to, and hit the enter button.

Main Menu

  1. Create new hidden service and chat server
  2. Generate encryption keys for chat
  3. Run chat client
  4. Create onion webpage
  5. Generate QR codes for your encryption keys
  6. Generate QR codes for other keys
  7. Delete all saved keys
  8. Exit

Configure Onymocaht with Tor

First, configure Onymochat with Tor. But you need to perform this step only once.

Run the program and go to option 0 (zero).

Then, on the next prompt, enter the path to tor.exe in the TorBrowser folder. This is important to configure Onymochat with Tor. You have to do this step only once after installation. Paste the path to tor.exe in the TorBrowser (or any similar name) folder.

Example (For Windows): C:\user\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe

Example (For Mac): Applications\TorBrowser.app\Tor\tor.real

Linux users just write 'tor' without the quotations.

Now you are ready to use Onymochat.

How to Chat?

Here are some steps you need to follow to chat with someone through Onymochat.

CAUTION: NEVER SHARE ANY OF YOUR PRIVATE KEYS WITH ANYONE

Step 1

First, select option 1 to create a new hidden service and server and follow the instructions given in your terminal/command window. This will be the server where the chat data will be temporarily saved (all chat data will be lost when the hidden service and server is closed). You can press Ctrl + C to close this hidden service and server when you are done chatting.

Then, share the hidden service public key with someone you want to chat with. You can do it in person by meeting that person, or through any other communication method. You can use the same hidden service (same public key) to chat with multiple persons but this comes with the risk of sharing the same keys with everyone, and someone might use them later to spam you. Or, the other person, with whom you want to chat with, can provide you with his/her/their hidden service public key and you can use it too.

Step 2

Select option 2 to generate encryption keys for your chat. You need to share your public key with any person you want to chat with.

Step 3

Select option 3 to run your chat client. There you won’t need to create any new encryption keys for chatting if you don’t want to. Creating more than one key will be very hard to manage and might be the reason of some problems in future.

You will need to enter your or the other person’s hidden service and server’s public key and also the other person’s public key for encryption to chat with that person.

How to Create an Anonymous (.onion) Webpage

Step 1

In the ‘onymochat’ directory, go to the ‘onion_webpage’ directory. Edit the index.html HTML according to your preference. This will be the page for your anonymous webpage.

Step 2

Select option 4 from the main menu. You can generate a new URL for your .onion webpage and save the private key of that webpage to resume the webpage later with the same URL. Or, you can use a pre-saved private key to resume your website with a particular URL you’ve generated before.

Generate QR Codes for Encryption Keys

Option 5, and 6 is to generate QR codes for different keys used in Onymochat. These QR codes are saved in \files\qr_codes. You can print them and share them with other people you want to communicate with.

Delete all saved keys and QR codes

Use option 7 to delete all saved public and private keys and QR codes from your system. Use this option only when you suspect a security breach.

Exit Program

Exit the program by selecting option 8 from the main menu.

Conclusion

Onymochat is definitely not the best option out there if you are looking for an anonymous chat application when it comes to having a good interface or easy installation. But I kept the security as good as possible. I made the option to create and run chat servers very easy for everyone so that it becomes a truly decentralized chat application. I made the code as much understandable as possible, so if anyone is willing to make any changes, pull requests are welcome. I built the program with the aim to make it as secure and anonymous as possible, while making it super easy to use, once installed.

Please make sure to give the repository a star.

Github: https://github.com/SamratDuttaOfficial

Linkedin: https://www.linkedin.com/in/SamratDuttaOfficial [hire me 🙂]

Buy me a coffee: https://www.buymeacoffee.com/SamratDutta

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store