[HN Gopher] Tox: Decentralized and Encrypted Instant Messaging
___________________________________________________________________
Tox: Decentralized and Encrypted Instant Messaging
Author : thepangolino
Score : 110 points
Date : 2021-10-05 12:38 UTC (10 hours ago)
(HTM) web link (tox.chat)
(TXT) w3m dump (tox.chat)
| BiteCode_dev wrote:
| Tox is already a very popular testing tool in python, to the name
| is a bit confusing.
| TonyTrapp wrote:
| Neither of them is particularly new; The testing tool seems to
| be around since 2010 while the chat protocol is around since
| 2013.
| BiteCode_dev wrote:
| 3 years is a lot, and tox the testing tool is much more used
| than tox the chat protocol.
| GoblinSlayer wrote:
| Just like the git name collision. If it's not a guid,
| chances are it's not unique.
| timbit42 wrote:
| I believe Tox is meant to sound like Talks.
| blacksmith_tb wrote:
| That was my assumption too - though if it was my project I'd
| probably have shied away from it since it also suggests
| "toxic"... (that could be a plus, too, depending on your
| tastes, I suppose).
| VikingCoder wrote:
| Android client by "evilcorp.ltd"? Maybe not the most reassuring
| name.
| grayhatter wrote:
| robinli would be hurt that you don't trust his corp. :P They're
| totally not evil... Promise :D
| GoblinSlayer wrote:
| Android users are not afraid of such things.
| oehtXRwMkIs wrote:
| Probably a reference to Mr. Robot
| beebeepka wrote:
| Who is Mr. Robot, Elliot?
| jmakov wrote:
| Shouldn't the first question be who is paying for all this (also
| who's done an audit)? Remember CryptoAG, Potonmail claiming they
| don't log IPs etc.?
| grayhatter wrote:
| Former Tox dev, no one is paying for it. It's home grown FOSS.
| I guess technically, if you're using Tox, _you_ are paying for
| it. There 's no servers, being exclusively P2P so your internet
| bandwidth and participation in the DHT is what allows it to
| function. Anyone who you directly connect to can know your IP,
| but not much else. So your friends could log your IP, and your
| ISP could see you're using Tox, (The traffic doesn't try to
| hide itself.) So there's no way we (the devs) could log your
| IP, we never actually see it. And, as someone else said, you
| can tunnel through Tor if you need to keep your IP secret.
| ajconway wrote:
| Does it mean that an attacker with the ability to monitor
| network connections can see who is talking to whom?
| GoblinSlayer wrote:
| Generally speaking to hide the social graph you will need
| to bury legit traffic in much bigger fake traffic, which
| isn't very efficient. Tor almost gets away from this
| problem by sending everything all the way around the globe.
| grayhatter wrote:
| Yes an no. If you can't trust the network you're running
| on, you could get around this by tunneling via Tor. Tox
| itself makes direct connections to friends, to exchange
| encrypted messages, so while they can see when you send
| packets, and to what IP. They can't know what's in those
| messages. The trade off is, they'd need to be able to MITM
| your network. There's no servers they can capture, to learn
| this information no matter where you are.
| sleepybrett wrote:
| Home grown by a gaggle of FBI agents like Anon?
| grayhatter wrote:
| That's our running joke, that there's at least one of the
| core dev team that's an NSA plant. The trick is, we used to
| demand at least 2 others review code, so in order to be a
| successful plant, you'd have to contribute good code. So if
| the FBI is playing the long con, they'd have to actually
| improve the code base too :D
| bilbo0s wrote:
| Or have a minimum of three plants.
| throwawaymanbot wrote:
| I would throw truecrypt in to this grouping also.
| fwip wrote:
| It's open source and distributed. The only ongoing costs are
| the optional bootstrap DHT nodes, which are pretty cheap.
| paulryanrogers wrote:
| FWIW, website says "Powered by Digital Ocean".
| aasasd wrote:
| If my site is powered by the Nginx server, it doesn't mean
| Nginx the company has anything to do with it.
| grayhatter wrote:
| Our webservers and build/dev servers are graciously donated
| by DO. They're really an awesome company to FOSS projects :D
| hilbert42 wrote:
| Been using Jami because I thought the Tox project dead. Just
| loaded up six profiles from older version 1.16.3 (qtox
| 2019-05-08) on this new version (qtox 1.17.3) and they load OK
| but passwords don't work (except where they were embedded). Have
| good backups of them so they should.
|
| Just wondered if it's just me for some reason (no big deal as I
| wasn't using the program). Will reinstall older .exe and see what
| happens, same with earlier Android version (it uses the same old
| passwords).
| olah_1 wrote:
| I prefer the decentralized messaging protocols that are
| incentivized by tokens. eg. Status / VacP2P (ethereum), Session
| (oxen), Sylo, etc.
|
| I know that a lot of people have opposite preference, but nothing
| is free, and tokens allow projects to _create their own value_ ,
| which I think is a very cool innovation.
|
| Afterall, it seems lack of funding is a main issue with Tox
| (can't afford audit etc). So how else do you avoid being beholden
| to investors while also having resources?
| grayhatter wrote:
| You're in luck https://github.com/irungentoo/toxcoin just don't
| pay attention to the date :P
| olah_1 wrote:
| Amazing haha. If anything, I think this just shows the
| importance of people with real organization and management
| skills.
|
| Institutions are important for sustainability
| verall wrote:
| > The Toxcoin dev team currently consists entirely of ideas
| guys, we need actual developpers to design and implement
| toxcoin properly. The development team will recieve 10% of
| toxcoin profits while 90% will go to the ideas guys who came
| up with the idea.
|
| lmao
| sschueller wrote:
| I think https://jami.net/ is a better solution and has a working
| mobile client.
| csdvrx wrote:
| Do either tox or jami expose the IP address by default?
| timbit42 wrote:
| I believe Tox does but you can run it through Tor.
| oehtXRwMkIs wrote:
| https://github.com/privacytools/privacytools.io/issues/566
| bovermyer wrote:
| While a mildly interesting discussion, it does not appear to
| have any merit with regards to Tox itself.
| hannob wrote:
| It links to a bug report discussion where one of the
| developers states that they don't understand the security
| properties of tox very well[1].
|
| I find that worrying.
|
| [1] https://github.com/TokTok/c-toxcore/issues/426
| grayhatter wrote:
| lol, I think you're probably talking about me. I remember
| that troll, he's what killed a lot of my motivation to work
| on Tox too. He likes stiring up shit on other foss projects
| too :/.
|
| Saying I don't understand the security properties is an
| interesting take. My intended comments meant I
| misunderstood the issue. I was only half paying attention
| at the time; I assumed it was another troll reposting the
| same issue "if someone steals your private keys they can
| steal your identity". Which is true, but an annoying
| complaint, because that's how crypto has to work. To be
| sure, I didn't write base the protocol itself, nor the
| crypto primitives. So while I don't agree with the
| assertion, even if it was true. It wouldn't matter because
| I didn't design the original system :)
| ueueshitashita wrote:
| >I remember that troll
|
| Made me chuckle that you're referring to Jason Donenfeld
| as "that troll"
| GoblinSlayer wrote:
| Isn't it the reason why you do audits?
| aasasd wrote:
| There was also the time when an issue was created to ask for an
| independent audit, and the authors couldn't comprehend why an
| audit would be needed. (If I remember things right.)
|
| Edit: here's the discussion, from seven years ago. The authors
| aren't particularly opposed to an audit, but keep saying "Tox
| is secure, we use Nacl".
| grayhatter wrote:
| You're not remembering things correctly. The core dev team,
| and everyone helping with the project all agreed the whole
| project. Meaning the system, the protocol, and the code.
| Should all be audited by an independent security group. The
| issue we had, was the price tag of such a service.
|
| Every dev wanted a full audit, we just simply couldn't afford
| it.
|
| Separately, why do I get the impression you're trying to
| spread FUD about tox? All your comments seem to be negative
| and misstated :(
| aasasd wrote:
| Still no audit, right? Just "trust us, it's secure". And afaik
| the authors don't have particular expertise in security.
|
| Edit: also, "it's secure, we use Nacl":
| https://github.com/irungentoo/toxcore/issues/121
| grayhatter wrote:
| Nope, we still can't afford the price tag on an audit. Perhaps
| I'm jaded or biased because I'm a former Tox dev, but Tox is
| the only encrypted messenger I'd actually trust. I consider
| myself to be pretty good a security, but that's just me and you
| shouldn't take anyone's word for it themselves. That said if
| you have an _actual_ cause reason to be concerned, I 'd be
| interest in hearing it?
| csoghoian wrote:
| The Open Technology Fund provides free security audits for
| open source projects.
|
| Apply here: https://apply.opentech.fund/red-team-lab/
| tombert wrote:
| This is not meant to be passive aggressive but it's going to
| sound like it is; how much would an audit actually cost? If
| someone set up a GoFundMe for a Tox audit, I would definitely
| contribute ten bucks to make that happen.
| ddtaylor wrote:
| Most of the users of Tox don't want to be identified, so
| it's a bit difficult to crowd fund such a thing.
| grayhatter wrote:
| I don't think it's passive aggressive at all. I'm a bit
| embarrassed to say, but I honestly don't remember. My best
| guess from what I do remember the last time it was
| discussed, was in the 2k to 10k range. But it could expand
| rapidly depending on who, and what level we actually hired
| someone at. The primary reason we didn't set up
| crowdfunding ourselves was there was a few important
| changes we wanted to make a decision on and implement
| first. I still don't think they've been made, but I'm not
| following super close anymore.
| tombert wrote:
| Even if we go on the higher end of that, 10 grand doesn't
| seem that high for an audience of engineers (which I
| think is overrepresented on Hacker News). I know people
| have been complaining about a lack of a security audit
| since 2016; I think at this point it would be worth doing
| an audit now, and potentially another audit when new
| features are added.
|
| If I were in any way involved in the project I would set
| up the campaign myself, but sadly I don't know enough C
| to be useful to a project like this (unless there was a
| plan to rewrite it in some esoteric functional language
| for some reason).
| grayhatter wrote:
| you might want to reach out to zugz (via our IRC, or
| github), He's also a fan of esoteric functional, so you
| might be able to convince him to start one. Iphy has a
| repo with the start of a Haskell implementation as proof
| of the completeness of the spec. No idea what the stat of
| that is, but again, might be worth reaching out :)
| somenewaccount1 wrote:
| I mean, it's open source, so you can audit it.
| https://github.com/qTox/qTox.
|
| Then you can build the client yourself and check the sha sum
| against any downloaded distribution.
| RamRodification wrote:
| > _it 's open source, so you can audit it_
|
| Programming languages exist, so you can make your own
| decentralized encrypted instant messaging app.
|
| There is democracy, so you can be the president.
|
| Everyone in the family has legs, so we won't need a car.
| dicethrowaway1 wrote:
| See also https://en.wikipedia.org/wiki/Real_freedom.
| 0xdeadb00f wrote:
| In regards to the linked issue; I wouldn't trust the security
| of a team that says shit like that.
| myfartsarefoul wrote:
| Tox is a neat idea, but (at least when I tried it) it would
| really kill battery life. I think this is kind of inherent to the
| design.
| snvzz wrote:
| It does the job, and it isn't centralized. It "just works".
| Resource usage is also pretty low.
|
| I can't comprehend why this isn't widely used.
|
| I wish this was a thing _before_ crap like WhatsApp, Skype or
| Discord got so popular.
| NotPractical wrote:
| > crap like WhatsApp, Skype, or Discord
|
| I agree up until you mention Discord. It works really well
| across all platforms (including the browser) and provides a
| very generous suite of features for free, some of which would
| be difficult to implement without centralization.
|
| It also doesn't make money off selling user data; there is no
| actual evidence this has ever or will ever occur. Back when it
| was still floating on venture capital funds, it didn't need to
| make money. When it realized it needed to become profitable,
| instead of introducing invasive tracking and ads like other
| chat apps, it took a different approach: introducing the
| "Nitro" subscription which offers a slightly upgraded Discord
| experience (animated emoji, extra profile customization, etc)
| for $9.99/mo while keeping the core features free. It would be
| more comforting if they published the sales numbers so we could
| verify that Nitro is profitable, but I have no reason to doubt
| this approach is successful -- Nitro may not seem valuable to
| the average HN reader, but many users (including friends of
| mine) do find a lot of value in the features it offers.
|
| By the way, I'm all for decentralized/encrypted chat apps and
| wish Tox success. It definitely irks me that all my Discord
| messages are stored on a corporate server outside my control,
| where Discord employees, the government, or any hacker who
| manages to break in to either my individual account or
| Discord's servers can freely read over them. However, I think
| the approach Discord is taking is different than the one taken
| by most chat apps and it's probably the best among the
| proprietary ones.
| grayhatter wrote:
| >I can't comprehend why this isn't widely used.
|
| Maintaining the DHT connection is "expensive", expensive
| meaning a few packets a minute. That means mobile clients can't
| enter sleep and stay connected, (without corp backed push
| notification services. Which we can't use/trust) So it'll kill
| expected battery life on mobile. Add to that, multidevice isn't
| supported, (I implemented the feature, but it didn't get merged
| before my will to work was killed by trolls) and Tox can be a
| bit frustrating to use. :(
| sleepybrett wrote:
| Because discord has a target market that does not care about
| encryption (gamers) the fact that others are using it as well
| isn't really their fault.
| jqpabc123 wrote:
| _I can 't comprehend why this isn't widely used._
|
| It doesn't have an iOS client.
|
| It's hard to tell your employees to standardize on Tox when a
| good portion of them don't have a working client to install.
|
| I'm no Apple fan but the world does not run on Android alone.
| grayhatter wrote:
| Yeah, this is a big problem as well. There used to be an iOS
| client, but it's developer moved on to other projects. So
| it's woefully unmaintained at this point.
| kwhitefoot wrote:
| If my employer wants me to use a piece of software then they
| have to provide the hardware on which it will run. Then it
| isn't a problem for the employee what hardware it runs on.
| adrusi wrote:
| It wasn't a thing before Skype, but it predates Discord, and
| might predate Whatsapp, or at least predates me hearing about
| Whatsapp in the US.
|
| It was a hobby project originally started by a bunch of anons
| in 4chan, and every time it gets attention, people point out it
| hasn't been audited, and no one has their reputation at stake.
| And it doesn't have any desktop/mobile sync.
| beebmam wrote:
| Not being audited is key here. Would you trust closed source
| software to live up to its security promises without audits?
| I sure wouldn't!
| adrusi wrote:
| Well this is free software, but u less you're competent to
| audit it yourself, it's still unwise to rely on its
| security promises. But for people who don't need the
| guarantees, it would be nice if Tox were more convenient to
| use.
| bilbo0s wrote:
| What are the benefits of Tox without the guarantees?
|
| Not intended as snark. Genuinely interested.
|
| Does it have some features there that are superior to
| other systems? (Outside of the obvious features that are
| not guaranteed via audit.)
| GoblinSlayer wrote:
| Wait, there's a lot in the obvious features.
| bilbo0s wrote:
| But security and privacy are not really guaranteed.
| (Unless you are a person capable of performing an audit
| yourself.) Presumably those who need security and privacy
| would need the guarantee. So I was wondering outside of
| those two, are there other compelling features Tox could
| be marketing?
| GoblinSlayer wrote:
| I understood it that features that are not guaranteed via
| audit are features other than security and privacy. And
| features outside of features that are not guaranteed via
| audit are two features - security and privacy.
| NotPractical wrote:
| Even if the security is half as good as they claim, it's
| still much, much better than proprietary chat apps that do
| no encryption whatsoever and store all your messages on
| their servers in plaintext.
|
| Also, there will only be real incentive to audit it if it
| becomes more popular.
| Klasiaster wrote:
| Afaik it has no support for receiving messages while offline,
| at least this was a blocker for me to consider it. Solutions
| with some mail box protocol on a DHT could work, but maybe it's
| not a hot research topic how to do this anonymously and
| reliable?
| grayhatter wrote:
| Offline messaging is important for a lot of people.
| Previously, my hope was with multidevice support, if you
| could have on device online, it could hold/route messages for
| the rest of your devices. Doesn't really solve all the
| problems, but it's an easy way to get closer. Anonymity and
| reliability isn't the problem. The issue we've always been
| blocked by was abuse. How do you prevent someone from DoS'ing
| the whole network. Evicting valid messages, or exhausting
| space for new ones.
| ashton314 wrote:
| How does this compare with, say, Matrix with P2P support?
| leke wrote:
| Does anyone know if this supports code snippets? We're currently
| using mattermost at work and it has great code and custom command
| support. But for that, we need to have domains, certificates and
| our own servers set up. I'm not the tech guy so I don't know if
| this kind of chat app would be better, but I think it would be
| great to have something that was P2P (no server requirements,
| certificates etc...) while being super secure.
| grayhatter wrote:
| None of the client do at this point, I'm working on adding
| markdown to uTox, and eventually syntax highlighting but I've
| been struggling with pretty severe apathy the past while so I
| can't offer a timeframe. Opening an issue requesting it on the
| github uTox repo, and then pestering me to actually finish it
| has been known to work in the past. :D
___________________________________________________________________
(page generated 2021-10-05 23:02 UTC)