> Are there any other explanations than MITM?
A software bug. But given that your desired opsec is to be resistant to MitM attacks, you should always perform the required authentication steps regardless. Note that in any reasonable software, you shouldn't have to compare fingerprints every conversation--instead you should only have to do this once and the software should then store some kind of credentials so it can perform automated authentication. If "Tor Messager" makes you check fingerprints every time you start a fresh conversation, you might want to look for another solution. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk